IE10: Apache Shows the Holes in Microsoft’s DNT Decisions

September 12, 2012

Microsoft’s decision to make Do Not Track (DNT) the default setting in its forthcoming version of Internet Explorer (IE10) upset advertisers and ad tech companies from the start, but the unrest seems to have spread now to the coders and publishers themselves.

Developers of the Apache Web server, one of the most popular servers in use today, have built a patch that ignores Microsoft’s DNT signal when consumers visit a page using IE10. Roy Fielding, the patch’s developer and a cofounder of Apache, believes that most sites will ignore Microsoft’s DNT signal, and Microsoft already know this. As a result, IE users will be surprised to learn that their browser may be purporting to block data collection, but may, in fact, not be doing so. “The decision to set DNT by default in IE10 has nothing to do with the user's privacy,” he wrote.

He’s correct in that assessment. Microsoft’s DNT implementation is not an effective privacy mechanism, and from where I sit, it’s clearly not a strategy that educates consumers or gives them choice. What Microsoft is doing is spreading a fear that any kind of data collection is inherently wrong. If no site honors IE10’s signal, then Microsoft isn’t really doing anything more than creating a misguided illusion.

This is exactly why the DAA developed the AdChoices icon, which has been in market – and supported, respected and honored by a majority of the advertising ecosystem – for more than two years. Our goal is to educate consumers about how data is used online and who is using it, giving them a choice to control their preferences in real-time. It’s been effective thus far, with more than 1 million unique visitors every month to the YourAdChoices website.

The Apache patch also is illustrating another giant hole in Microsoft’s DNT plans: there’s absolutely no enforcement component to the default DNT signal as far as we can tell. To create an effective privacy mechanism, you need some means of enforcement, and not even a company like Microsoft is itself in any position to enforce DNT across a varied and large advertising ecosystem. In such a broad marketplace, privacy enforcement requires outside help from multiple and independent parties who are able to judge compliance against a code of conduct to which participating companies have liability. The Council of Better Business Bureaus has already brought 12 cases on behalf of the DAA, and the Direct Marketing Association reviews additional cases as well. If companies say they’ll abide by transparent data practices, we are going to hold them to that, in a way that a browser company can’t match.

It is tempting to think of technology as a silver bullet to solve these kinds of issues. But, the hard truth is that no single piece of technology will change the privacy debate overnight, whether we’re talking about Internet Explorer Version 10 or any other browser. You can’t just drag the entire online advertising ecosystem along. Instead, the ecosystem needs to be part of the solution in adopting responsible data use practices, and educating consumers about why these policies exist.  The DAA, working together with groups such as the World Wide Web Consortium, provides industry-wide policies that serve to facilitate a free to the consumer, ad-supported internet. We already have a market-accepted, peer-regulation solution in market that is putting transparency, accountability and education at the core of the debate, without unnecessarily fanning baseless fears about data and online advertising.



Back to Top