Microsoft has affirmed its commitment to shipping IE10 and Windows 8 with “Do Not Track” (DNT) enabled by default. In doing so, it’s set the stage for a major war over user privacy, and appointed itself an unofficial white knight of user privacy.
Feel free to pause a moment and let the cognitive dissonance fade.
For those of you just tuning in, Do Not Track is a proposed privacy flag, and its implementation is currently being drafted by the W3C (World Wide Web Consortium). As currently implemented, a browser with DNT activated notifies the target website that the user does not wish to be tracked. A website that supports DNT would (theoretically) honour the flag and agree not to track the visitor’s activities. DNT is a voluntary standard – there’s no law mandating its use and very few websites currently support it. If a website doesn’t support DNT, turning it on in the browser does nothing.
A number of advertisers have signed up to help draft the DNT standard in a bid to avoid a government-mandated solution that might be far more limiting, but that doesn’t mean they like it. Microsoft’s initial statement that DNT would be enabled by default came as a total surprise to many of the participants in the W3C’s draft process, and it was sharply criticised from certain quarters. In June, the W3C changed the DNT draft to propose that browsers must ship DNT off by default, and enable it only if the user gives “explicit consent.” This implied that if Microsoft went ahead and shipped IE10 with DNT activated, it wouldn’t be able to claim its browser supported DNT.
Microsoft’s unofficial response? “Bring it.” In a recent blog post, Brendon Lynch, Microsoft’s Chief Privacy Officer, spelled out how DNT is implemented in IE10. Users who choose “Express Settings” for browser configuration at first-run will have their DNT flag enabled. Users who choose to customise their options will be prompted to set the flag manually. In both cases, users are told what the DNT flag is, and how to change it if they choose to do so.
“Our approach,” Lynch writes, “is part of our commitment to privacy by design and putting people first. We believe consumers should have more control over how data about their online behaviour is tracked, shared, and used.”
A number of pundits have questioned whether or not Microsoft is using privacy issues to strike at Google’s advertising empire. The truth is, we don’t know. Some draft standards are widely adopted before the final version is complete – 802.11n was a good example of this – but with DNT, the implementation is still being worked on. Browsers that support DNT tend to do it in different ways, and websites are waiting for a better understanding of what they need to do before they go ahead with implementing it.
Microsoft’s decision to ship DNT as active by default isn’t actually going to mean much right away. It’s already led the W3C to consider modifying the DNT proposal; the business interests working on the standard are petrified that an opt-in network will destroy their companies and bombard users with constant requests for data sharing. Some of these concerns are shared by privacy advocates – a standard that destroys companies and creates an impenetrable tangle of pop-ups is in no one’s best interests. Here’s what you see if you visit Wired.com with IE10 and DNT enabled:
For the moment, I’m willing to take Microsoft at its word. What’ll be critical to watch is how the company implements DNT on its own websites, what it advocates as the standard evolves, and whether its positions take principled stands on defending users’ rights, or are drawn in a way that benefits itself while choking out the competition.
This is a move that really could go either way. If Windows 8 catches fire, it’ll fundamentally change the way Microsoft interacts with its customers and users. It’s fair to give the company a chance to demonstrate the principles it intends to uphold as part of that change – but it’s also fair to keep a very close eye on what’s going on behind the scenes.