Wired’s Threat Level provides a detailed look at the recently announced “Do-Not-Track” list to help Internet users block online advertisers from recording their browsing habits in support of targeted advertising. (For what its worth, Threat Level predicted this announcement a day earlier.)
Some of the details:
Technically, the proposed list (.pdf) would work very differently from the Do-No-Call list since any advertiser that tracks user behavior would have to report what servers they use to serve up a cookie or other tracking device. Individuals then update their browsers to include a plug-in that could download the list in order to block all or some of the tracking cookies. Like the Do-Not-Call list, government regulators would have the power to enforce companies that secretly track users or keep more information than they say they do.
…The groups also call on the FTC to force companies to be open to external audits to ensure compliance, to allow individuals to request what personally identifiable information an online advertising company has about them, and explicitly defines an IP address as personally identifiable information.
My earlier post, relying on coverage from the New York Times, incorrectly attributed AOL as launching the “Do-Not-Track” list. That’s incorrect. A coalition of privacy groups are calling on the FTC to establish the anti-tracking measure, and AOL is merely planning to provide its users access to the opt-out service (and will try to convince them otherwise).
Threat Level also provides some back-story as to why some of the larger privacy advocacy groups did not sign on to this request:
The Center for Democracy and Technology, the Electronic Frontier Foundation, and Consumer Action were among the 9 groups that signed onto the proposal.
Notably, however, the Electronic Privacy Information Center, the Center for Digital Democracy and U.S. PIRG – the groups that are asking the FTC to impose stringent privacy conditions on Google’s proposed acquisition of DoubleClick – did not sign the letters.
The CDD’s Chester said he didn’t sign on because he wanted something to go even further.
“The plan doesn’t address the full range of privacy threats from online marketing,” Chester said.
EPIC’s Marc Rotenberg argues the proposal too narrowly thinks of online marketing problem as if it were spyware.
Instead, Rotenberg suggested, “You have to look at the data collections of the largest search companies.”
Search engines have only recently begun taking steps to forget what people type into the search box and it takes complicated third party browser add-ons to have real choices about what data your browser sends to a search engine like Google.
Obviously, I agree with Marc Rotenberg that the personal data collected by search engines is much more expensive and detailed than typical ad-serving tracking cookies. Still, the “Do-Not-Track” list is a step in the right direction.