The failure of ‘Do Not Track’

Douglas Crawford

Douglas Crawford

September 3, 2014

The ‘Do not Track’ (DNT) header field was a fantastic but ultimately idealistic idea that was always doomed to failure. First proposed in 2009 by researchers Christopher Soghoian, Sid Stamm, and Dan Kaminsky, the idea was simple one – improve internet users’ privacy by allowing them to opt-out of tracking by websites by including a Do Not Track request whenever a browser connects to a website.

DNT was proposed in response to US and EU legislators, supported by a raggle-taggle collection of internet privacy advocates, demanding in 2007 that the internet advertising industry provide an agreed-upon standard which would allow consumers to opt-out of tracking by web advertisers.

Microsoft announced support for DNT in its Internet Explorer 9 browser in 2010, but Mozilla was the first to implement it in Firefox, followed by Internet Explorer, Safari, Opera and Chrome.

Unfortunately, the standard relies entirely on the cooperation of websites, advertisers, and analytics companies, who profit almost entirely from invading web users’ privacy and tracking their actions across the web in order to deliver ever more individually targeted advertising.

With no coercive dimension, and with compliance being direct opposition to advertisers business models, and the fact that groups who had the most to lose from DNT where necessarily included in the drafting process ensured the standard was doomed to failed from the very beginning. As privacy advocate Jonathan Meyer angrily noted when we left the Tracking Protection Working Group in July 2013,

We first met to discuss Do Not Track over 2 years ago. We have now held 10 in-person meetings and 78 conference calls. We have exchanged 7,148 emails. And those boggling figures reflect just the official fora.

The group remains at an impasse. We have sharpened issues, and we have made some progress on low-hanging fruit. But we still have not resolved our longstanding key disagreements, including: What information can websites collect, retain, and use? What sorts of user interfaces and defaults are compliant, and can websites ignore noncompliant browsers?

Our Last Call deadline is July 2013. That due date was initially January 2012. Then April 2012. Then June 2012. Then October 2012. We are 18 months behind schedule, with no end in sight.

Not only was getting the involved parties to agree on a standard which would shoot themselves in the foot never going to happen, but the half-assed poorly implemented standard that did emerge relies entirely on trusting websites to comply – something major aggressive tracking companies such as Clearspring, QuantCast, Meebo, Pollydaddy and KISSmetrics, who have a reputation for using unscrupulous, reputation damaging tactics, have proved time again they simply cannot be trusted to do.

Therefore, even though some (perhaps even most) websites might be abide by DNT, without any way on knowing which can be trusted to do so, web users must assume that all websites track them – which means the standard is utterly useless.

Additionally of course, this does not even begin to address the fact that thanks to Mr Edward Snowden we are now painfully aware that the NSA and other governments the world over are doing their level best to spy on everything we do on the internet, and do not give a fig about DNT requests.

Rats jumping ship

In May this year Yahoo! announced that it would no longer support DNT, claiming that ‘we fundamentally believe the best web is a personalized one’ (read ‘our market share slipped a further 6 percent in 2011, so we want to deliver more highly targeted advertising, and do not give flip about our user’s privacy’).

AOL has now followed suit, announcing a few days ago that ‘effective September 15, 2014… “Do Not Track” browser signals will no longer be recognized.

What you can do

While there is certainly no harm in leaving your browser’s DNT setting turned on (who knows? – some websites might still respect the request), it is clear that it cannot be relied on.

Many advertisers have implemented opt-out systems of their own, usually in the form of opt-out cookies (which we discuss in some detail here), but not only are there far too many of these for any consumer to be reasonably expected to opt out them all, but they still rely on asking the advertisers nicely not to track you (and again trusting them not to). In fact, most such opt-out systems only promise not to deliver targeted advertising, and make no promises about not tracking you!

A far better tactic is to take matters into your own hands and coerce websites into not tracking you. Extensions such as Disconnect, Ghostery, or (even more effective but requires more maintenance and knowledge) NoScript, plus a good cookie manager (such as Cookie Monster or Click & Clean) are highly effective at preventing tracking (EFF’s Privacy Badger is also be a good choice for the less tech-savvy), plus some version of Adblock ensures that you don’t have to see any ads.

Check out our articles on browser extensions for Firefox and Chrome/Chromium that can help block tracking, and read out series on articles on the many underhanded methods used by advertising and web analytics companies, starting with ‘Supercookies, Flash cookies, Zombie cookies and things that go bump in the night’.

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
Exclusive Offer
Get NordVPN for only
Exclusive Offer
Get NordVPN for only