When the Do Not Track standards-setting process began, some observers had high hopes, while others had skepticism.
Two years later, the entire process appears to be fizzling out. One
privacy expert I spoke with earlier this week argued that the
advertising industry has successfully "filibustered the standard to
death."
Some members of the standard-setting committee have publicly declared
their doubts that the much-delayed process will ever achieve consensus.
And if a standard actually emerges from the current contention, it will
likely be almost completely ineffective at doing what its name suggests
it should. See also:
There were two big Do Not Track developments today.
First, the W3C via conference call agreed to accept a draft of the
standard (the so-called June Draft) and try to work toward Last Call,
the stage where the document is presented for final vote. The June Draft
contains significant unsettled points that still need to be worked out
among factions that are far apart.
Second, Stanford’s Center for Internet Society announced that it is launching a “Cookie Clearinghouse” to create and maintain “allow lists” and “block lists” to help Internet users protect their privacy on the Web.
The Clearinghouse will identify instances where tracking is being
conducted without the user’s consent, such as by third parties that the
user never visited. To establish the “allow list” and “block list,” the
Cookie Clearinghouse is consulting with an advisory board that will
include individuals from browser companies including Mozilla and Opera
Software, academic privacy researchers, as well as individuals with
expertise in small businesses and in European law. ... The Clearinghouse
will also offer the public an opportunity to comment.
One name appears in common on both projects. Jonathan Mayer is the author of the “Grand Compromise” document submitted to the Tracking Protection Working Group a little more than one year ago. At that time, he said:
As you review the draft, please recognize that it is a compromise
proposal [that] reflects extraordinarily painful cuts for
privacy-leaning stakeholders, including complete concessions on two of
the three central issues. Some participants have already indicated that
they believe the proposal goes too far and are unwilling to support it.
Our Last Call deadline is July 2013. That due date was initially
January 2012. Then April 2012. Then June 2012. Then October 2012. We are
18 months behind schedule, with no end in sight.
There must come a stopping point. There must come a time when we
agree to disagree. If we cannot reach consensus by next month, I believe
we will have arrived at that time.
I would make two proposals for next Wednesday's call. First, that we
commit to not punting our July deadline. If we have not attained
agreement on Last Call documents, we should wind up the working group.
Second, that we begin planning a responsible contingency process for
winding up the working group if we miss our deadline.
Mayer wrote a more pointed email to the group yesterday, suggesting five possible outcomes, with three of them being “irresponsible.”
Reached for comment, Peter Swire, director of the Tracking Protection Working Group, told me:
Here is what happened today:
We followed the procedure announced to the group last week in an
email from the co-chairs. Members of the group were invited to propose
alternatives to working on the June Draft. Aleecia MacDonald and
Jonathan Mayer both introduced such proposals, but the group did not
agree with either. Therefore, as announced previously, the group is
moving ahead with the June Draft.
MacDonald, a former chair of the Tracking Protection Working Group,
is a leader of the Cookie Clearinghouse project. Mayer, a Stanford
graduate student, is also closely tied to the project, which appears to
follow up on code he wrote that was incorporated into Mozilla Firefox
last February. Thanks to Mayer’s patch, Firefox now follows the same
guidelines as Safari, rejecting third-party cookies unless you actually
visit the site.
The Cookie Clearinghouse goes considerably further, providing a
privacy option that doesn’t require extensive user interaction. Both
Mozilla (of Firefox fame) and Opera are early backers of the program.
But the program’s founders make it clear that the project is open to
other browsers as well. Given Microsoft’s recent propensity for using
privacy as a competitive weapon against Google, it would not be
surprising to see them join the nascent effort.
The problems with Do Not Track appear insurmountable. Representatives
of the advertising industry have watered down the latest draft so that
its tracking protection is paper-thin. Here are the biggest problems
with the standard in its current draft form:
The entire program is opt-in, with browsers that enable Do Not Track by default penalized.
Default settings give advertisers and trackers carte blanche to collect and use any information they like.
First party tracking, regardless of how intrusive it might be, is expressly permitted.
Multiple exceptions are granted to advertising and analytics
companies, which means that even if you explicitly turn the Do Not Track
option on, your information is going to be shared with web sites.
The bottom line is widespread consumer confusion. At this point,
maybe the best thing that could happen for the privacy movement is to
let the Do Not Track standard die a painful and public death and turn
the task over to the companies that actually connect people to the web.
0 comments:
Post a Comment