One of the internet’s biggest attempts to protect online privacy has hit a wall.
Apple announced last week it is removing the Do Not Track setting from its Safari browser, in part because it could be used to track a person’s browsing activity. Now privacy advocates are worried about what the move could mean for the future of privacy if other browsers follow in Apple’s footsteps.
“[Do Not Track] can lure users into some sense of false security,” said Alan Toner, a special adviser with the Electronic Frontier Foundation, a digital rights organization. “They think it’s protecting them when it’s not.”
But Toner said Do Not Track is important because it allows people to express their privacy preferences directly to companies. The problem with the Do Not Track setting, he says, is that there aren’t regulations requiring companies to abide by people’s preferences, or major repercussions for companies that ignore them.
For now, Toner is concerned that by removing the feature from Safari, Apple will “undermine any belief in the utility of this system” and prompt other browsers to do the same.
Other privacy experts are hopeful companies will be able to protect consumers in other ways.
“The simple fact is that tracking people without an invitation or a court order is wrong on its face,” said Doc Searls, editor-in-chief of the Linux Journal and co-founder of Customer Commons, a nonprofit for consumers. “That plain ethical principle will apply broadly online as well as off, eventually. The digital world is still very new, and we need time to work these things out.”
Apple’s decision is the latest blow to the years-long attempt by internet companies to agree on a simple privacy protection for consumers. Since 2012, most browsers have offered a Do Not Track setting that people are able to turn on voluntarily. When they browse the internet, the setting instructs websites, advertisers and content providers not to track their online activity. It was meant to be like the Do Not Call registry option to block telemarketing calls.
It has not worked out as companies or consumers hoped.
The groups collecting information about users, such as what led a person to visit their website, don’t actually have to honor the browser setting. And because companies can see who is opting in, they can potentially use the setting to track a person’s activity in even greater detail, according to Apple and experts at the World Wide Web Consortium.
Apple said in a developer note last week that it’s removing the Do Not Track setting on its mobile and PC browsers because of the potential for misuse. The change will take effect in the next major mobile and PC operating system updates.
Google Chrome, Microsoft Edge, and Mozilla Firefox still have the feature on their browsers and haven’t yet announced plans to remove it.
A prototype of a Do Not Track setting was created by researchers in 2009 in response to privacy concerns. The Federal Trade Commission published a report a year later endorsing the feature as a way to protect consumers’ online privacy. Several legislative attempts have since been made to protect consumers, but no national laws have been passed that require that companies obey Do Not Track requests.
In 2011, internet standards organization World Wide Web Consortium formed the Tracker Protection Working Group. It was tasked with improving user privacy and control, but after some large organizations left, discussions stalled. The working group finally called it quits in September without settling on a standard privacy setting.
While the US doesn’t have national legislation, Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act discourage and punish companies for collecting people’s personal data without permission.
Apple is the first company to announce plans to remove Do Not Track from its browser, but Toner thinks more will follow. He said that there isn’t an ideal replacement, but there are some security measures that target and block certain companies for tracking users’ online activity.
“There’s not enough momentum behind [Do Not Track] for W3C to adopt it as an official standard. This may still be a useful technology, but it’s going on ice,” said Toner, who represented the EFF in the group.
Safari has Intelligent Tracking Prevention, which limits companies from accessing third-party cookies, according to Apple. Mozilla Firefox recently rolled out a similar feature called “Enhanced Tracking Protection” that it says will block cookies and not allow third-party trackers to store information. Searls sees these moves as a response to consumer demand.
There are also third-party tools such as Privacy Badger, a browser plug-in made by the EFF that claims to block some tracking. Customer Commons, which Searls co-founded, also creates tools that help people protect their data. The organization believes customers should only be shown ads that aren’t targeted to them.
“This aligns incentives: Sites still get to advertise and make money, and readers don’t get tracked,” Searls said.
But without a universal standard or legislation, privacy advocates worry there’s no way to require browsers to implement privacy measures, and nothing to insure outside companies respect them.