Cookies were originally used to make logging into websites easier and make the day-to-day browsing experience more convenient for users. These days, only a fraction of the cookies stored inside your browser’s cache are used for logons or your convenience. The vast majority are dropped by ad servers when they place ads on your favorite websites to track your usage history.
If you think this sounds like an invasion of privacy, you’re not alone. The makers of all the leading browsers agree and offer Do Not Track settings as a way to give users more control over the information that is collected about them.
How it works: When you set your browser to ‘Do Not Track’, the DNT=1 bit is sent by your browser with every HTTP request for a website, telling the website that you don’t want to be tracked by third-party cookies before it even loads. This should prevent the storage of third-party cookies and only allow cookies of the website you actually visited to be saved. The header clearly states that you’re opting out of analysis and, thus, behavioral ads. But DNT is not an ad blocking mechanism: Once enabled (and if a website supports it), it’s not going to turn your web into an ad free zone.
Trace your typical browsing routine with Firefox Collusion
To get a sense of how many ad networks really collect your data, I suggest you try the (free) FirefoxCollusion ad-on. Once enabled, it gives you a visual representation of how many ad networks placed cookies on your machine. Go ahead and visit 10-15 of your favorite websites and see what happens.
What’s wrong with DNT?
As I see it, there are four problems with DNT currently.
1. Once you enable DNT, you’ll see the real problem with it: You’re going to have the same old browsing experience you always had. Browsers can send the DNT=1 header until the cows come home, but if websites don’t accept it, there’s little to prevent the ad servers from dropping cookies.
The FTC urged ad companies to set up DNT and — to everyone’s surprise — the DAA (Digital Advertising Alliance) followed. But currently, Twitter is one of the few websites that actively respect DNT. Most websites see DNT as what it is: a voluntary setting.
2. Users may find the web a more annoying place to be with DNT enabled. For example, I saw car rental ads on the tech websites I visit regularly just because I browsed for rental cars a few days ago — that’s creepy and unwanted, yes, but at least it’s relevant. With DNT enabled, I still get ads, they’re just less targeted.
3. As I previously mentioned, Microsoft decided to enable DNT by default when the user opts for the “Express Settings” in the Windows 8 setup wizard. This move led Apache (which is used by 65% of website all around the world) to ignore the DNT header send by IE10.
4. And last but not least: While the intent of Do Not Track is pretty clear (cookies from a website that the user actively opens is ok, third-party cookies are not), the definition of what exactly a third-party cookie is is open for interpretation. Is a Microsoft ad cookie on a Microsoft website a third-party cookie? Or is it first party? I don’t have the answers. Neither does the W3C committee or any of its partners.
Setting Do Not Track in your browser
Don’t take my word for how well Do Not Track works (or doesn’t, as the case may be). Try it yourself. Here’s how to enable it in IE, Firefox, Chrome, and Safari:
IE9 supported Do Not Track, but with IE10 Microsoft has taken it a step further and made it a default setting: During the express setup of Windows 8 (which includes IE10), the “Always send Do Not Track header” is enabled by default. This caused quite a stir with the Tracking Protection Working Group of the W3C. However,Microsoft stuck to the plan and is shipping Windows 8 RTM with the header enabled.
Mozilla implemented DNT early with release 4 and is still allowing the user to opt-in using the “Tell web sites I do not want to be tracked” setting.
Google just recently added DNT to build 23 (Chromium). The respective setting can be found under the “Privacy” section of the browsers setting. Google Chrome, however, has yet to add Do Not Track to its developer build. I’m not exactly surprised that Google a big hesitant, as online ad revenue is big business for the search giant.
Apple added DNT with Safari 5. You’ll find this both on Windows and on the Mac in the settings menu under the “Privacy” tab. Just check the “Ask websites not to track me” box and you’re done.
The bottom line
Follow the DNT discussion, enable it if you like, but if you really don’t like being tracked, use tools such as Ad Blocker, DoNotTrackPlus, Ghostery, and NoScript and clean out your local cache regularly.