Is the doNotTrack header everyone’s privacy protector?

Firefox offers a setting to their user to specifically tell websites that they do not want to be tracked. It's in the "privacy" tab in the "options" menu:

The setting itself doesn't do a thing, it only tells websites they do not want to be tracked. The websites still have to build in code to obey this setting... I did not, for now, and did track those people to see how many people used it. I used this code in my Google Analytics tracking:

if (navigator.doNotTrack) { _gaq.push(['_setCustomVar', 3, 'do not track', navigator.doNotTrack,1]) };

For Internet Explorer (yeah, they always want to implement it different) you can use msDoNotTrack, but I choose to only measure Firefox. This is the result:

Of all Firefox 9, 10 and 11 visitors, 13% said specifically that they didn't want to be tracked, sorry that I did 😉

A good solution?

I think this setting could be the proper solution for the cookie+privacy discussion that is going on in Europe at the moment. But there's a big but: you can't differentiate in the things you do and do not want to be tracked. As a website owner I want to see how my site is used, I don't (or maybe a bit) care about who is doing it. And with me are many more website owners. So, this would be my proposal for the Firefox settings:

  1. Tell websites I don't want to be tracked across multiple websites. Retargeting, bannering, etc, 3rd party cookies.
  2. Tell websites I don't want to be remembered after my visit. Then you can see how your website behaves, but loose unique visitor and new/returning visitor data. I can live with that, A/B test software not. Perhaps a sub-setting for functional tracking like storing logins can be applied.
  3. Tell websites I do not want to be tracked at all. And a sub-setting for functional tracking like logins can be applied. Website owners can decide to give these users less functionality, no tracking no favors 😉

Every step is a bit more private.

Are cookies really a privacy problem?

Europe wants to apply a new legislation about this whole tracking thing, but why? Are users really concerned about their privacy being violated? Or don't they know? Often a browser is tracked and not a person. And if you block 3rd party cookies the most visible part of being tracked (retargeting banners with viewed hotels for example) is gone. Probably Europe is trying to solve something that doesn't need to be solved? The supermarkets with their bonus cards are far more privacy intrusive, they connect real live behavior to Personally identifiable information. /rant.

Click to activate social bookmarks


5 thoughts on “Is the doNotTrack header everyone’s privacy protector?

  1. I think you're right. The problem is that bonus cards in supermarkets have a clear benefit for their users, so privacy is easily sold. For normal sites their seems to be no benefit for the users to display all their information to the site owner, and retargeting or banners is way too visible and obtrusive. As long as they can't see it, there's no worry. Sad but true. The second you get chased too obviously by supermarkets, like Tesco (i believe) did with pregnant women, people will also object to that.
    Ergo: this is about education and simple morals, not about technique. I think.

  2. For reference you can use this code to verify if the user is using the Google Analytics opt-out extension and track them anyway.

    if(window._gaUserPrefs && window._gaUserPrefs.ioo && window._gaUserPrefs.ioo()) {
    delete window._gaUserPrefs;
    _gaq.push(['_setCustomVar', 4, 'do not track', 'Opt-out extension',1]);

    Of course you shouldn't do that and instead you should respect the user privacy. But it's possible.

    1. Cool addition. But now we have 2 implementations: IE and FF, and Google with their own extension. Their should be one standard IMNSHO 🙂

Comments are closed.