Google Chrome To Get 'Do Not Track'

Microsoft SkyDrive Vs. Dropbox, Google: Hands-On

Google Chrome soon will support Do Not Track (DNT), a Web browser privacy setting that lets users tell online advertising companies whether they want to receive tracking cookies used to target online ads.

Support for DNT has been implemented in Chromium version 23.0.1266.0, as of build 156627. Google Chrome, which incorporates the open-source Chromium code, has yet to add DNT to its developer channel, however.

Proposed by security researchers and software engineers in 2009, DNT first appeared in Mozilla's Firefox browser and subsequently in Microsoft Internet Explorer, Apple Safari, and Opera.

Google had been offering something similar in the form of a Chrome plug-in called Keep My Opt-Outs, but remained unenthusiastic about DNT. If widely adopted, DNT has the potential to reduce Google's ad revenue. But only a few companies, such as Twitter, are doing anything when they receive DNT preference information from browsers.

In February, facing growing pressure for action on privacy, Google announced an agreement between online advertising companies, the White House, and the Federal Trade Commission to support the Digital Advertising Alliance principles, a self-regulatory framework that includes DNT.

[ Read Google Project Glass Must Be More Than Fashion. ]

"We undertook to honor an agreement on DNT that the industry reached with the White House early this year," a Google spokesman said in an emailed statement. "To that end we're making this setting visible in our Chromium developer channel, so that it will be available in upcoming versions of Chrome by year's end."

It appears, however, that DNT might not be as widely effective as its creators hope because there is still disagreement about how to implement it.

DNT adds an extra header field to the user's HTTP requests for Web pages. The DNT setting can be "1" to accept tracking or "0" to reject it, and, according to the specification, it cannot be set until the user has expressed his or her preference.

"The choice mechanism MUST NOT have the user permission preference selected by default," the specification states.

Microsoft has elected to set the opt-out flag in Internet Explorer 10 by default. Brendon Lynch, chief privacy officer at Microsoft, argues that setting the DNT flag for the user represents "our commitment to privacy by design and putting people first."

To companies that sell online ads, Microsoft's stance looks more like hostility to their business model.

There is presently a debate going on about whether Microsoft's implementation complies with the specification. Roy T. Fielding, principal scientist at Adobe and co-founder of the Apache HTTP Server project, earlier this month made a patch available for the popular Apache Web server that will disregard DNT settings communicated through Microsoft Internet Explorer 10.

In a discussion on the Apache bug tracking forum, Fielding argues that DNT must be "unset" by default. Internet Explorer 10 violates the specification, he insists, because the IE dialog defaults to "on" and is only presented to the user who installs the operating system rather than to each user independently upon first browser launch.

"Yes, it sucks, but the alternative is worse," he wrote. "DNT will not be deployed if the browser is allowed to lie about the user's preference setting."

Cybercriminals are taking aim at your website. Is your security strategy up to the challenge? Also in the new, all-digital 10 Steps To E-Commerce Security issue of Dark Reading: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious. (Free registration required.)