Over the last few weeks, “Do Not Track” has been getting a lot of attention; Mozilla introduced DNT into FireFox as of January 2011 and has a very good FAQ up on the subject. Last week, the official announcement came from the big browser vendors, including Microsoft and Google, that they’d start incorporating DNT as a browser feature as well, which coincided nicely with the White House announcing a privacy bill of rights.
It’s great to see online data privacy finally being taken seriously, especially after the various shades of gray we have been seeing lately. Some of which are just plain scary.
But sending a “Do Not Track” header in your browser is one thing, having the server on the other side, and perhaps even more importantly, their (advertising) partners honor the request is quite another. And unfortunately, the the current state of affairs isn’t great; taken from Mozillas FAQ as mentioned above:
Companies are starting to support Do Not Track, but you may not notice any changes initially. We are actively working with companies that have started to implement Do Not Track, with others who have committed to doing so soon.
Let’s take a quick look at the current cookie setting practices from the top 500 websites, as counted by alexa. I ran a quick scan against http://www.domain.com, once with and once without a DNT header. Of those 500 sites, 482 gave useful replies; some of the most used domains are CDNs or don’t have top level content, so they are excluded.
From the chart below, you can see that most sites set 1-2 cookies, and that most of those cookies are somehow related to user or session specific data.
I’d have added a third line showing you the delta in cookies set when the DNT header was set, but the sad truth is that only 3 websites changed their cookie behavior based on the DNT header: Kudos to 9gag.com for not setting any cookies and blackhatworld.com & movie2k.com for at least dropping one of their user specific cookies. The outlier with a whopping 18 cookies, 10 of which are personally identifiable, is walmart.com.
Now, setting a user/session cookie is not necessarily a bad thing; for one thing, you can not read the DNT header from JavaScript, so if you’d want to be DNT compliant in JS, you’d have to set a DNT cookie (although not part of the public standard, some newer browsers are starting to support inspecting the DNT setting from the DOM). The industry standard is now to set a cookie matching the string “DNT” or “OPTOUT”. Again, unfortunately, non of the top 500 websites actually do this when the DNT header is set.
The other viable option is to send back the same cookie, but set the expiry time in the past so that it’s removed by the browser. Although this would be silly on a first request (it would be better not to set a cookie at all in that case), and is not as useful in a JavaScript environment, it’d still be making an effort towards DNT compliance. From the top 500, only forbes.com is using this technique currently.
As it stands, only 4 out of 482 measured top 500 sites are actively responding to the DNT header being sent.
The FTC has been calling for a “Do Not Track” implementation and according to Mozilla, now 7% of Desktop Firefox users and 18% of Mobile Firefox users already have DNT enabled. With such a clear call from regulators and end users, why are so few sites actually following up with a solid implementation? And what does that mean for the advertising and widget partners they use, whose whole model is based around being able to use your personal data?
Again the answer is not very encouraging. The Wall Street Journal did a great investigation into this with their “What They Know” series and have found that even websites that you trust and use every day have literally hundreds of trackers ushered in when you visit them:
(full disclosure: I work for Krux, whose findings were featured in the WSJ “What They Know” series and we published a whitepaper on the subject)
If you browse through the above charts, it becomes obvious that your personal data is flying across the web and you have very little control of who takes it, how they use it and who they might be selling it on to.
The folks at PrivacyScore even built an index to show you how much your data is at risk when visiting any particular website. Some of the scores, like the one for Target are quite scary, and is illustrated by this story about how Target found out a girl was pregnant before her dad even did.
Bottom line, the worst offenders tend to be in the online merchant, advertising networks or widget providers space (especially those of the ‘free’ variety – because nothing is every really ‘free’) that play fast and loose with your personal data in order to optimize their own revenue. To illustrate the point, here’s a choice quote from the above article:
“AddThis has its own plans to sell user data, but it’s not looking to publishers as the main buyers. It will sell analytics on user data directly to ad agencies and brands themselves and will get a bigger cut by doing so.”
So, why is it hard for the good eggs to do the right thing, even though it’s making them look like bad eggs in the process? Part of it is awareness I’m sure, but another part of it is simply the challenge of implementing a good “Do Not Track” solution. Implementing DNT at scale is actually not that easy, and we spent a fair amount of time at Krux to get it right.
To further the cause of Data Privacy, we’re open sourcing our solution and it will be the topic of my next blogpost, in the hope that all the good eggs will at least be able to Do The Right thing easily, and making it easier for the rest of us to call the bad eggs on their behavior.
P.S, if you want to see where your personal data is going when you visit a webpage, we released a FireFox browser plugin called Krux Inspector, which you can install directly from our website. It shows you exactly who is bringing in which advertisers and partners on the webpage you’re viewing, and what personal data they’re skimming as well as the beacons they’re dropping.
Can we get the Krux Inspector w/o a krux account?
Hi Eugene,
Absolutely, and my mistake for putting in a top level url. You can download it from here: https://dataconsole.kruxdigital.com/krux-inspector/krux-inspector-ff-latest.xpi
Edited the post to reflect the correct URL.
Hi would you mind letting me know which hosting company you’re working with? I’ve loaded your blog in 3 completely different internet
browsers and I must say this blog loads a lot quicker then most.
Can you suggest a good internet hosting provider at a fair price?
Kudos, I appreciate it!
Your way of explaining the whole thing in this article is genuinely nice, every one be capable of effortlessly understand it, Thanks a lot.
Marvelous, what a webpage it is! This website
provides valuable data to us, keep it up.
Its like you read my mind! You seem to know a lot about
this, like you wrote the book in it or something.
I think that you could do with a few pics to drive the message home a bit, but other than that, this is fantastic blog.
A fantastic read. I will definitely be back.
You really make it appear really easy with your presentation however I
to find this matter to be really one thing which I think
I would never understand. It seems too complicated and
very huge for me. I’m having a look forward on your next publish, I will try to get the dangle of it!
You could definitely see your expertise in the work you write.
The arena hopes for even more passionate writers such as you who are not afraid to say how they believe.
All the time follow your heart.
A variety of techniques and stokes are used. In this they are
unique: no other activity responds as do sports to so many dimensions of one’s person, both emotional, and physical. So, there you have it.
hello there and thank you for your information – I have
definitely picked up anything new from right here.
I did however expertise several technical points using this site, since
I experienced to reload the web site a lot of times
previous to I could get it to load properly. I had been
wondering if your web host is OK? Not that I am complaining, but sluggish
loading instances times will sometimes affect your placement in google and could damage your
high quality score if advertising and marketing with Adwords.
Well I am adding this RSS to my e-mail and can look out for
a lot more of your respective intriguing content.
Make sure you update this again soon.
I have loved reading every last word. Who ever claimed writing was a lost art?
Both tins feature five booster packs and five special foil
variant cards. You should always follow these
rules and tips, to ensure that you are playing the
Yugioh trading card game fairly. Card Text: “Elemental Hero Avian” + “Elemental Hero Sparkman” + “Elemental Hero Bubbleman” This monster is not Special Summoned
except by Fusion Summon.
I love to share knowledge that will I have accrued with the 12 months to help enhance group
functionality.
Excellent blog here! Also your web site loads up very fast!
What host are you using? Can I get your affiliate link to your host?
I wish my website loaded up as fast as yours lol
Hi there! I simply want to give a huge thumbs up for
the good information you may have here on this post.
I might be coming back to your weblog for extra soon.
Excellent enthusiastic analytical attention intended for detail and
may anticipate issues just before these people occur.
You have made some good points there. I checked on the internet for
additional information about the issue and found most people will go along with your views on
this web site.
Great information. Lucky me I came across your website by accident (stumbleupon).
I’ve book marked it for later!
Because the admin of this site is working, no question very soon it will be famous, due to its feature contents.
I’m amazed, I have to admit. Seldom do I encounter a blog that’s equally educative and interesting, and let me tell you, you have hit the nail on
the head. The issue is something which too few men and women are speaking
intelligently about. I am very happy I stumbled across this
in my hunt for something relating to this.
Excellent enthusiastic analytical eye pertaining to details and may anticipate problems just before they will take place.
Excellent excited synthetic attention pertaining to detail
and can foresee problems prior to they happen.
I love to disseminate knowledge that I’ve built up
through the year to assist improve team functionality.
They made use of the exact same innovative science to create Adiphene
as they did Phen375, and this wound up developing a fantastically safe,
unbelievably effective dietary fat burning supplement that other business envy.
This continues to be not 100% confirmed, but keep tuned.
One of the essential explanations why numerous hyper-propelled individuals never appear to realize their weight loss objectives on time is Emotional Eating.
They made use of the exact same innovative science to create Adiphene as they
did Phen375, and this wound up developing
a fantastically safe, unbelievably effective dietary fat burning supplement that other business envy.
This continues to be not 100% confirmed, but keep tuned.
The thermogenic and stimulants from Adiphene will help your body
to burn the energy which are consumed throughout meals.
It reduces fats and carb absorption, reduces urge for food,
stimulates the metabolism promoting fats burning and offers you
extra vitality. It’s conceivable to accomplish this objective the conventional path moreover
through an equalized eating methodology and exercise.
Sonnie Mc – Lemore is a health and fitness blog owner.
I like to share information that I’ve accumulated through the year to help improve group functionality.
You’ll for certain do not have something to lose
with Adiphene, thus for those that actually need to slim while not losing their time and power, then Adiphene is that the product for you.
Safety is also assured when taking Adiphene because of its
natural ingredients, which means that serious side effects
are unlikely to happen if taken as directed. Having said
that, the study has shown that just about anything that can maximize the metabolism, also can raise the weight reduction even if the human being is just resting.
Excellent goods from you, man. I’ve take note your stuff prior to and you are
simply extremely excellent. I actually like what
you have acquired here, really like what you are saying and the best way by which you are saying it.
You are making it entertaining and you still care
for to keep it sensible. I can’t wait to learn far more from you.
This is actually a great web site.
Hiya! Quick question that’s completely off topic. Do you know
how to make your site mobile friendly? My web site looks weird when browsing
from my iphone. I’m trying to find a theme or plugin that might be able to resolve this problem.
If you have any recommendations, please share. Many thanks!
I know this web page offers quality dependent content
and extra stuff, is there any other web site which provides these stuff in quality?
Remarkable! Its in fact awesome paragraph, I have got much clear
idea on the topic of from this paragraph.
As I site possessor I believe the content material here is rattling wonderful , appreciate it
for your efforts. You should keep it up forever! Best
of luck.