October 2007
The Technical-Social Contract (1 October 2007
Screendump: #1 in a Random Series of Messages You Shouldn't See (5 October 2007
This is Disgusting (10 October 2007
The Proper Benefit of an iPhone Design Mistake (16 October 2007
Comcast Apparently Blocking Some Peer-to-Peer Traffic (19 October 2007
More on Comcast Blocking Peer-to-Peer Traffic (22 October 2007
"Do Not Track": All or Nothing? (31 October 2007

"Do Not Track": All or Nothing?

31 October 2007

According to press reports, some Internet marketing companies are starting a "Do Not Track" list, a way to opt out of tracking cookies. It's a good idea, but there's a downside: using this scheme can hurt your privacy unless you're very careful.

Internet marketers typically track people via cookies. A cookie is a small amount of text stored on your computer by a web server; it lets the server know you're the same person (more precisely, you're using the same web browser) who visited the site some other time. Some cookies are used to track your preferences, such as what sort of web sites you visit or articles you read; this is used to tailor ads to your (perceived) interests.

One of the best explanations of cookies and advertising can be found at Doubleclick's FAQ. (Doubleclick's privacy policy disclosure is one of the best out there. This is quite ironic, since years ago they were roundly criticized for their privacy practices. On the other hand, very few people know to check that site, since most people don't even know it exists.) You can see how this works by connecting to my cookie test server, which I'll leave running for a few weeks.

A typical "Do Not Track" option works by letting people download a special cookie. Doubleclick's opt-out service does just that:

Presumably, the AOL version would be more complex, because it will let you specify your interests. That is, it's intended to permit targeted advertising but without tracking.

The problem is that today's best way to avoid tracking — regularly cleaning out your cookie collection — will delete the "no-track" cookies. (Doubleclick even warns about this.) Users will thus be faced with a choice: defend against everyone, by frequently discarding all cookies; defend against the more responsible marketers, by using their no-track cookies; or trying to remember to be selective about discards and/or recreating many different no-track cookies very frequently. None of these options sound appealing.


Update: a New York Times blog has noted the same problem. It refers to some technology developed by Tacoda to permit preferences to persist even if cookies are deleted. It isn't clear to me what that technology is; Tacoda and its subsidiary, Advertising.com have web pages on cookie-based opt-out. Perhaps it uses a Flash cookie? Flash cookies are just about as useful for tracking people, and they're seldom deleted because most people don't know about them.
Tags: privacy