PRIVACY? CHECK: The U.S. Federal Trade Commission is urging makers of Web browsers to include a "do-not-track" feature that would let consumers opt out of having their personal information and preferences sent to online advertisers. Image: COURTESY OF BODHI HILL, VIA ISTOCKPHOTO.COM
The Federal Trade Commission's (FTC) call for a "do not track" mechanism to be created to protect Web users' private information from being exploited by online advertising networks sounds good on paper, but implementing such a technology would be a thorny process. It is not because the technology is so difficult to create, but rather because most of the companies that make Web browsers are supported by or are themselves online advertising networks.
Google, Microsoft and Apple, for example, all have online advertising networks, whereas Mozilla and others get money from Google for search deals, Chris Soghoian, a privacy and security researcher in the School of Informatics and Computing at Indiana University Bloomington, said Wednesday at the "Future of Online Consumer Protections" conference hosted by the Consumer Watchdog advocacy organization in Washington, D.C.
Google, which makes the Chrome Web browser but also bought Internet advertising technology company DoubleClick in March 2008 for $3.1 billion, derives 90 percent of its revenue from advertising, Jamie Court, president of Consumer Watchdog, a Santa Monica, Calif.–based nonprofit formerly known as the Foundation for Taxpayer and Consumer Rights, said during his opening remarks Wednesday.
The FTC later that same day issued a preliminary staff report suggesting that one way to better protect privacy online is for Web browsers to feature a setting that enables consumers to choose whether to allow the collection of data regarding their online searching and browsing activities (ad networks such as DoubleClick and Microsoft's Atlas collect this data in order to provide more targeted advertising services). According to the FTC, the most practical approach would probably involve the placement of a persistent setting, similar to a cookie, on the consumer's browser signaling the consumer's choices about being tracked and receiving targeted ads.
Instead of a cookie plug-ins, however, browsers should come with a check box—perhaps part of the preferences menu—that sends a signal to ad networks that says, "leave me alone," said Soghoian, who until recently worked for the FTC as a technical advisor to the agency's Division of Privacy and Identity Protection. "It would not be difficult to get the browser-builders to build such a mechanism in," he said, adding that last year he helped to write a 20-line prototype program to do this called TACO (for Targeted Advertising Cookie Opt-out). "The difficult part would be to get the ad networks to support it, and I think that's where the FTC is going to need to play hardball."
If the FTC does not have the authority, Soghoian suggested, "I think Congress is going to need to give them that authority. I don't think the ad networks are going to voluntarily agree to support any strong mechanism unless their arms are twisted."
The Web site DoNotTrack.Us, a collaboration of researchers at the Stanford Law School Center for Internet and Society and the Security Laboratory at the Stanford Department of Computer Science, explains how a do-not-track mechanism might work: Whenever a Web browser requests content or sends data using HTTP, the protocol that underlies the Web, it can optionally include extra information, called a "header". Do not track simply adds a header indicating the user wishes to not be tracked.