With the recent amendment (http://www.wired.com/threatlevel/2012/06/default-do-not-trac...) to the spec of DNT that the header should only be honored if the user has actively chosen not to be tracked, I guess we've just created more data that is transmitted with every HTTP request and subsequently ignored on the server.
As IE10 sending DNT isn't a response to a conscious user decision ("I accept the defaults" is not consciously deciding "I don't want to be tracked"), servers are basically free to ignore the header if the browser is IE10.
This also means that IE10 will for all intents and purposes always be tracked regardless of what the setting is set to and whether the server in general honors DNT or not (currently I know of only twitter to do so).
> Since when did the consumers' sentiment become "track me please"?
You present a false dichotomy. In the absence of asking consumers what they actually want in regards to tracking (whatever that means), it is impossible to know what their sentiment is. There are three kinds of people: those who are aware of DNT and have opted in, those who are aware of DNT and have opted out, and those who are not aware of the option. Guess which group is the largest.
You could certainly say that advertisers are intentionally playing dumb here, and would like to continue to do so by forcing the opt-in decision for DNT to be buried in layers of settings dialogs rather than having an opt-out decision front-and-center when installing windows.
But that doesn't imply that anyone thinks most people want to be tracked. It just implies that in the absence of intent one way or the other, advertisers will continue to treat consumers as they always have.
> In the absence of asking consumers what they actually want in regards to tracking...
From the original blog post by MS ... "Since then, we have conducted additional consumer research that confirmed strong support for our "consumer-privacy-first" approach to DNT."
Sounds like that's exactly what they did (asked their users).
> Guess which group is the largest.
The group that you explain what DNT is, and then enables it...
> "How, exactly, are they intending to detect the user's explicit consent via the medium of HTTP headers?"
My understanding is that when shipped (Windows 8 or IE 10), on first run the user is prompted to opt-out of, opt-in, or dismiss DNT. DNT is explained, and is given its own huge screen in the first-run process/dialog.
A set DNT header to 1 (don't track) or 0 (do track) signifies an "explicit" choice was made.
A missing DNT header signifies that user has not set, or has dismissed the option.
*I'm taking some guesses here with the "dismiss" choice. But I'm pretty sure MS pulls up a screen explaining DNT and gives the opt-in/out-out options to the user.
It's not unconscious. Win 8 first run has a separate step just about DNT. It is very much opt-in. The DNT step is ridiculously huge part (it's own screen and everything) of running Windows 8 for the first time. It's not a typical 'keep hitting next' experience.
My thoughts exactly. Even more so, by "sticking to their guns", Microsoft is essentially creating user confusion over what Do Not Track actually means. It used to mean "advertisers, please do not track me". Now it will mean "advertisers, please do not track me, unless I'm using IE 10." Considering that users have a tough time differentiating between the browser and the internet, this isn't going to help anything.
That's a mighty suspicious amendment to the spec. Its almost as if they want to make sure you're tracked. Will they require certified mail and a witness to verify you really really mean DNT next?
Can the W3C justify this amendment at all being for the good of the user?
I don't know enough to determine what % of companies represented on the panel are ad-supported; per a comment on the Microsoft blog:
> thank you for not folding to the corrupt w3c standards
> body that is setting the standards with a full deck of ad
> supported companies on the panel
My understanding (and while I've talked to people who are in the working group, I'm not in the working group or following the discussions closely) is that this was already (prior to the spec being modified) the common understanding of the people within the working group. It just hadn't previously been written in the spec, perhaps because it was thought to be obvious.
(And, given the context of what the group is trying to do -- build a do-not-track mechanism that advertisers are willing to honor -- I agree that it's obvious.)
If the user is informed that the button they are about to click will mean that DNT is enabled and that they have to manually turn it off if they don't want it should be good enough.
Although I assumed what all this meant is when you got to that part of the setup the box will be already checked and you had to click on it to turn it off.
Either way, if an attempt to inform the user of the option has been made before they click an "I Agree" button, then that should be good enough.
But honestly, I don't expect many people to honor the DNT header anyway. What's going to happen if they don't, get a strongly worded letter from somebody?
The amendment does not appear to restrict the selection of this option to those who go into settings, click on a privacy tab, and then choose an Advanced settings button, only to have to go through what choosing this means.
They're basically saying, "We're sticking up for consumer privacy! Oh, what? Well we don't want that much privacy - here's an amendment to our proposal so that we can still track you..."
I'm at a loss as to how such an amendment could be in the end user's best interest. How can you even detect such a thing as "the user has actively chosen not to be tracked"? Either the header is there and it means "do not track", or the spec is a joke.
The fact that it MIGHT not have been an active choice does not excuse that a server ignores the DNT-header. The DNT-header still has to be respect by IE10-users, since the user could have set it actively.
All they would need to do is to annotate the "I accept the defaults" option with something that says, "This enables default options, such as Do Not Track, javascript, sending anonymous usage reports to Microsoft, etc."
Then, by shoving it in their face like that, your point is invalid and they comply with the spec because the user has chosen not to be tracked, among other things. Now, they would need to force a user to go through that setup as a requirement to use IE10, but that shouldn't be a big issue for MS.
As IE10 sending DNT isn't a response to a conscious user decision ("I accept the defaults" is not consciously deciding "I don't want to be tracked"), servers are basically free to ignore the header if the browser is IE10.
This also means that IE10 will for all intents and purposes always be tracked regardless of what the setting is set to and whether the server in general honors DNT or not (currently I know of only twitter to do so).
Way to go!