A consistent standard for opting out of advertiser tracking on the Web is a nice idea. Too bad that's all it might ever be.
On paper, the Obama administration's announcement of a proposed Consumer Privacy Bill of Rights sounds like a great idea. It calls for legislation that allows attorneys general and the Federal Trade Commission to enforce how end-user privacy is protected, and for consistent transparency in how personal data is collected and used online.
After "Do Not Call", and hot on the heels of yesterday's news about California pledging better privacy protection for users of mobile apps, here's "Do Not Track".
Again, it sounds like a great idea: Click a conspicuously visible button in your browser, and third parties are automatically blocked from harvesting unwanted information from your browsing habits. What's more, it wouldn't just be a good idea--it would be mandated and protected by law.
That's the theory, anyway. The practice might turn out to be far thornier. In truth, there is no agreement or rule on what the browser is supposed to do when the user clicks the magical Do Not Track button.
The quest for a universal Do Not Track (DNT) standard has worn on for some time now, with little more than a few competing ad hoc standards to show for it. It's always been possible for end users to purge tracking cookies, use proxies, or block data harvesting with third-party add-ons. But who wouldn't be happy with a single, centralized mechanism to allow users to opt out of online tracking? (Apart from advertisers, that is?)
The problem is figuring out what that one single mechanism is, getting everyone to use it, and making sure it isn't just going to be circumvented or broken.
One of the original DNT initiatives involved using a header, broadcast by the browser, to tell Web servers that the user in question doesn't want to be tracked. A version of this proposal was floated in 2009 (as described by security researcher Christopher Soghoian), but lacked support from the very people who needed most to implement it: the advertisers. The idea also suffered from one major loophole: the burden of support was on the server side, not the client. The server didn't have to honor the header, and there was no enforceable penalty for noncompliance.
Over time the idea of a universal DNT system returned with a vengeance. The problem was, again, how to implement it, since everyone seems to have wildly different ideas--all of which put the burden of support on different parties.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.