Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft’s Do Not Track Decision Draws Fire

Microsoft has said that it would activate Do Not Track (DNT) by default in Internet Explorer 10 on Windows 8. This announcement caused a bit of a clash between Mozilla – the first to implement DNT – and advertisers.

Microsoft has said that it would activate Do Not Track (DNT) by default in Internet Explorer 10 on Windows 8. This announcement caused a bit of a clash between Mozilla – the first to implement DNT – and advertisers.

DNT is a method that will enable users (at home and the office) to opt-out of the tracking mechanisms that many Web advertisers use. It’s gaining popularity in the mainstream – as many privacy advocates are talking about it – but that’s about it. Websites are not required to implement DNT, but some have made headlines (Twitter / Yahoo) for plans to enable it on their own.

Last week, Brendon Lynch, the chief privacy officer at Microsoft, said that his company would enable DNT on IE 10 as a means to “put people first.”

“We believe that consumers should have more control over how information about their online behavior is tracked, shared and used,” he wrote, adding that an important step in this process is implementing privacy by default.

With that said, while Mozilla – the first browser company to support DNT – welcomed Microsoft’s move, they raised questions over the reasoning.

“We appreciate seeing Microsoft putting its full weight behind DNT, especially given Firefox was the lone browser supporting DNT just one year ago,” wrote Alex Fowler, the global privacy and public policy leader at Mozilla.

“DNT is not an off switch for a particular technology, rather it is the expression of an individual user’s desire being reflected in code — and that’s what makes the feature great.”

However, turning it on by default removes the choice from the user, Fowler wrote, which is why Mozilla does not implement it by default. As it stands, DNT has three settings; accept tracking, reject tracking, or no choice. Without direction, it’s clear that advertisers will see option #3 in the browser and take that to mean the user is fine with option #1 being applied.

“This causes the presence of the signal to mean more — the signal being sent should be the user’s choice, not ours. Therefore, Firefox doesn’t broadcast anything until our user has told us what to send,” Fowler added.

To counter this, it looks as if Microsoft wants to take that off the table, by pre-selecting an option for the user. Oddly, this is a rare case where the user is opted-in to privacy, instead of being opted-out by default.

This method has earned the software giant a bit of heat from the advertising industry. The Digital Advertising Alliance (DAA), which is a coalition of the nation’s leading media and marketing trade associations and companies, said Microsoft’s move “threatens to undermine that balance, limiting the availability and diversity of Internet content and services for consumers.”

According to the DAA, implementing DNT by default, “may ultimately narrow the scope of consumer choices, undercut thriving business models, and reduce the availability and diversity of the Internet products and services that millions of American consumers currently enjoy at no charge.”

For now, there is plenty of other DNT-related issues to settle, the chief among them determining the scope of DNT itself. Will it apply to analytics programs and third-party applications? Another question is one of internal collection. In order for a given domain to track users for their own purpose, they have to collect information and track the visitor. If this information isn’t shared with anyone else, could the website collect it and use it while remaining compliant with DNT?

This is going to be the topic to watch in the months ahead.

Written By

Click to comment

Expert Insights

Related Content


The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


The Federal Communications Commission (FCC) is proposing tighter rules on the reporting of data breaches by wireless carriers.The updated rules, the FCC says, will...