Wednesday, December 01, 2010

Does a "Do Not Track" list make sense?

The FTC is proposing a "do not track" list for web users, which would prohibit ad networks and websites from tracking people's movements as they browse the web:

The do-not-track list, modeled after a national do-not-call list targeting telemarketers, would help consumers better protect their privacy because a uniform mechanism for opting out of online tracking does not yet exist, the FTC said in an online privacy report released Wednesday. The do-not-track list could be implemented by the Internet industry or by the U.S. Congress, the FTC said.

While I applaud a move towards protecting individual privacy online, I question whether this is actually a good idea. How would it work, exactly? Would a person register by name, or by IP address, or what? If I decided I didn't want to be tracked at home, would that also apply to work? Could my employer require me to allow myself to be tracked at work? If it's based on IP address, then what happens when my IP address changes? If registration is by name (or some other non-IP method such as ISP subscription account), how are they going to know it's me that's online at any given moment? That last question is actually the one that bothers me the most. It's entirely possible that this move, in order to work, would require implementation of technology even more fundamentally intrusive than tracking cookies, which, quite frankly, are not all that bad.

It seems like a whole can of worms might be cracked open if this goes forward. Furthermore, there are ways right now that people can guard themselves against this stuff. One step I take myself is to disable third-party cookies in my web browser. That doesn't take care of everything, obviously, but it's a start. Of course, there are always trade-offs. Disabling third-party cookies has the side effect of making both my Blogger and Wordpress logins not "stick" between browser sessions, due to both of these sites utilizing third-party cookies to track logins. This is the exception, not the rule, however. My feeling is, the vast majority of third-party cookie usage is not something that benefits the rank-and-file web user.

A person can also utilize browser plugins like Adblock Plus or NoScript, or even FlashBlock, to help foil online trackers. Those who are really hardcore can set their browsers to delete all cookies on exit. I believe most browsers even have a setting allowing outright refusal of all cookies (although I suspect a lot of sites would "break" if that was activated).

There is also at least one browser plugin available that takes care of Flash cookies, which aren't affected by normal cookie settings. (Offhand I can't recall the name of it, I'll have to look it up and report back later.)

The point is, I am sitting here wondering why in the world this is even needed.

Labels: ,


Post a Comment

<< Home