back to article W3C: 'Do not track' by default? A thousand times: NO!

New technology that stops websites gathering information about users should not be switched on by default, but should require an explicit instruction to begin working, an internet standards body has said. The World Wide Web Consortium (W3C), which is responsible for ensuring that web technology is based on an agreed set of …


This topic is closed for new posts.
  1. Dan 55 Silver badge

    I can understand that point of view...

    ... but I can also see why it should be an option on the first run welcome screen.

    1. Ian Michael Gumby

      Re: I can understand that point of view...

      The 'compromise' is that companies will walk away from the W3C standards if this were opt-in. The problem is that its way to easy for 'glitches' where some how mysteriously, you get opt-ed back in after you opt-out.

      (Your preferences somehow got reset without your knowledge or approval.)

      Were this opt-in by default, this type of bad behavior would be harder to allow.

  2. Eponymous Cowherd

    Double negative

    Do not track requires explicit "consent" to be enabled == Users must explicitly opt out of being tracked.

    Sounds a bit like an episode of The Simpsons where a future President Lisa Simpson gets a tax hike past the people by calling it a "temporary refund adjustment"

    1. Anonymous Coward
      Anonymous Coward

      Re: Double negative

      You have to opt in to not being tracked.


      1. S4qFBxkFFg

        Re: Double negative

        Not if Microsoft's plans for Internet Explorer come to pass.

  3. Anonymous Coward
    Anonymous Coward


    On one hand several organisations have a strong opinion on freedom and privacy, but on the other hand they also fear (or seem to) the "wrath" of the commercial industry when they think that they're options to advertise are being threatened.

    I think in cases like these it might be better not to try to control things too much and let the market sort it out themselves. I mean; people who really care about this are most likely using AdBlock and NoScript already anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: Amazing...

      Do you really believe everyday users apply AdBlock, NoScript or equivalents to browsers on their computers and phones, or even know about these options never mind how to use them effectively?

      Apparently not so in the world I inhabit, although if you have any figures to back up your assertion I'm happy to be proved wrong.

      1. Dave 62

        Re: Amazing...

        anyone lacking the facilities to click the "install adblock" button is maybe not capable of forming a valid stance on targeted ads. At home I deny by default but on my work PC I accept and to be honest, the ads aren't all that bad. The main reason I run abp at home is that flash ads are f*kin annoying.

        I'd also like to point out that my gmail ads are currently for doors which is just silly, I do not plan on buying doors any time soon.

        1. BoldMan

          Re: Amazing...

          I'd love an adblock and ghostery extension to safari on my iPad, but Apple apparently won't allow it...

      2. Anonymous Coward
        Anonymous Coward


        No, I think a majority probably wouldn't know how to set it all up. But usually those people have friends or relatives who are more familiar with this stuff and can set it up for them. I've done the same for a few friends in my direct surroundings.

        ...which worked like a charm until FF started accelerating their releases, but alas. Different story.

        The main reason why I think things shouldn't be over regulated like this is because I think it will also create a false sense of safety with those same computer illiterate people. And IMO a false sense of security is much worse than limited security but still knowing about it.

      3. Anonymous Coward
        Anonymous Coward

        Re: Amazing...

        Everyday users generally aren't bothered. If they care enough about security and privacy to read a bit about it they'll soon find the appropriate tools.

    2. James Micallef Silver badge

      Re: Amazing...

      Users of el reg aren't a representative sample of Internet users. I suspect the vast majority have no idea of the extent they are tracked on the web, and do not care. They would never opt to not be tracked, because they don't even know the option is there. Conversely, if the default was to set do not track to on, the majority of users would also neither know or care.

      Advertisers etc want this OFF by default, because no-one would turn it back on voluntarily if they knew what it really meant. However I predict that if "do not track" is turned on by default, a lot of sites such as Facebook, Google etc who depend on ad revenue will pop up a friendly reminder every so often to turn "do not track" off (or otherwise the site will not "work properly" or "give the full experience")

    3. Shannon Jacobs

      Let them sort it out, eh?

      There's a problem with that position. Let's say you value your privacy for ANY reason and some other people don't care. I'm assuming you have sound reasons for valuing you privacy. In my own case, I just like freedom in the form of meaningful and unconstrained choice.

      However, you still get penalized and even harmed in various ways as a result of their indifference towards their privacy. Some of the penalties and harms are minor. One trivial example would be the loss of products and services that you might want. In the 'harmful' case, it is not because you are the only person who wants those products and services. It's just that the companies will go after the softer targets, and if they know what they can sell and to whom they are going to sell it, then why give you ANY consideration? In other words, they will choose to maximize their profits by minimizing your freedom.

      More to say, but hit the Reg limit, so...

  4. TeeCee Gold badge

    W3C - The finest standards that money can buy.

    Nice to see that the advertisers' lobbying cash and junketing budget hasn't been wasted.

    Where's the "Snout in trough" icon?

    1. dogged

      Re: W3C - The finest standards that Google can buy.

      fixed that one for you.

      1. Anonymous Coward
        Anonymous Coward

        Re: W3C - The finest standards that Google can buy.

        2.1 Parties

        2.1.1 Definitions

        A functional entity is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person.

        2.1.2 Transparency Requirement

        A functional entity must make its affiliated functional entities easily discoverable by a user.

        Should be applied to the authors -

        Peter Eckersley, Electronic Frontier Foundation

        Tom Lowenthal, Mozilla

        Jonathan Mayer, Stanford University

      2. TeeCee Gold badge

        Re: W3C - The finest standards that Google can buy.

        Sorry, I had sort of assumed that other advert-floggers would be keen on this one.

        Silly me. I forgot that Google has a de facto monopoly[1] in this area for a moment there.

        [1] An entirely non-evil monopoly of course.

      3. Field Marshal Von Krakenfart
        Thumb Down

        Re: W3C - The finest standards that Google can buy.

        Why is it that everyone thinks that FarceBook, Google and other vested interests are telling the W3C what to do?

        Oh! Hang on.......

        1. dogged

          Re: W3C - The finest standards that Google can buy.

          I noticed MS are also on the membership list.

          But they don't sell adverts and web-stalking, they sell software.

          It's hard to tell which interest is more vested but it's easy to tell which one has the highest motivation to provide desirable software feature (like DNT by default).

    2. Blank Reg Silver badge

      Re: W3C - The finest standards that money can buy.

      It's the same sort of crap as the do no call lists. It would make more sense that by default every phone number is on the list and you should have to explicitly request your number removed, or better yet have a do call list that you have to ask to be added to.

      Of course if they did then you could fit the entire do-call list on an floppy disk, and you wouldn't even need to take it out of it's packaging as there would be nothing to put on it :)

  5. Thomas 18
    Thumb Down


    How will this be functionally different from the cookie laws which recently came into effect. Websites will just say "please click the button to accept our cookies. If you continue to use the site, we'll assume you're happy to accept the cookies anyway." just as they currently are.

    If opt in tracking is required for accessing a website people will just grant permission.

    1. bofh80

      Re: Cookies

      Once turned on the technology would stop the "if you continue we assume Yes"

      "OH BTW we couldn't be asked to code in a NO button, please click this long winded Read about how we track you button to turn this feature off"

      And ofc the sentence would be a hell of a lot shorter if sites like El Reg had already coded in a NO button. I'm NOT fine with this. DUH.

      But tech savy readers wouldn't be bothered by that lameness.

      Keep up biting, err chewing, i guess tickling maybe.

    2. Ken Hagan Gold badge

      Re: Cookies

      How will they track that you've asked them not to track?

      If I push the "I'm OK with this" button, but have configured my browser to delete cookies on session exit, do I get bugged every day? The whole thing sounds like a usability disaster that most people will avoid by just dropping their pants and bending over whilst they surf.

      1. bofh80
        Thumb Up

        Re: Cookies

        What a well thought out response.

        Indeed you seem quite correct, since i've started seeing this stupid box on this stupid site, (stupid box = stupid site, remove the box, remove the stupid) i have not pressed the SINGLE answer button (YES) from the multiple answer question.

        And low and behold the box remains, constantly.

        But no, if you enable the DNT thing and press "I'm fine with this" in theory it will remember that, and add that site to the exceptions list. Much like turning on Ad-Block-Plus and enabling only for the non-stupid non-flash advert sites that want you for revenue.

        Flushing cookies on the other hand or disabling them all together in theory is just another work around seperate to this, and in theory, as you stated, the box would come up everytime.

        stupid site.

    3. Anonymous Coward

      Re: Cookies

      Yep, no button with "I'm not fine with this [X]" so why make it sound as though we have choice when we don't?

      Nothing has changed, all we get now are silly messages telling us the cookies are "to enhance our experience...." and similar corporate bull.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    They are assuming a lot

    Most users have very little technical knowledge and wouldn't know how to begin to opt-out of something that most of them aren't aware of in the first place. To them the internet just works and they have no idea how much information they give away or what that data can be used for.

  8. Anonymous Coward
    Anonymous Coward

    Sad Truth?

    Doesn't there have to be a huge number of internet users who are the subject of predatory advertising, tracking, and other purely commercial activities, so that the rest of us can use our opt-outs and ad blockers, living with the happy illusion that our internet is free and clean?

  9. nsld
    Paris Hilton

    Doesnt work with EU law

    IANAL but isnt the EU stance that the default is always opt out for things like email lists etc?

    Would that not also apply to this instance?

  10. david 12

    Accept Cookies

    I don't mind accepting cookies -- I'd like to be asked if I want SEND cookies. I haven't seen that option on a browser. It seems an odd ommision.

    Every time you visit a web site, you send the relevant cookies you have stored to it. Why is this half of the process is always ignored?

    1. Ken Hagan Gold badge

      Re: Accept Cookies

      "I don't mind accepting cookies -- I'd like to be asked if I want SEND cookies."

      What do you do with these cookies that makes you want to accept them but unwilling to send them back for their intended purpose? Is this some "disc detritus fetish" that I've missed out on?

  11. Anonymous Coward
    Anonymous Coward


    Come on. This "Pretty please, don't track me" shit was never going to work.

    1. Ken Hagan Gold badge


      That depends what you mean by "work".

      Since it has always been possible to avoid tracking by configuring your browser to reject cookies, it is obvious that the *purpose* of these new schemes is to persuade people to stop doing that in favour of a "voluntary" scheme.

      For fans of dubious internet analogies: it's a bit like a mugger asking you to give him your gun if he promises not to use it.

    2. cyborg


      Which is why the technical options of taking control over what data your browser is sending is a much better option.

      Ultimately that is the only thing you can guarantee control over - that and what you choose to download, but that only stops the effect, not the cause.

  12. The BigYin

    W3C...failing the general public

    Tracking, marketing etc should always require an explicit opt-in from the user/recipient. And I don't me a pre-selected check box that the user/recipient has to untick, or a list of check boxes (some ticked, some not) which ask for consent to market/share data in contradictory manners. I mean simple, clear and concise questions:

    Can we track you on our site? [ ]

    Can we track you across the Internet? [ ]

    Can we sell the data we collect about you to third parties? [ ]

    Can we allow others to track you on our site? [ ]

    Only a dribbling moron would tick more than the first one (and even the first one is optional). Note: I am not talking about session cookies etc that are required to make stuff work, I am talking about the nefarious, not technologically required bullshit.

    Of course people should still run ad-blockers, cookie killers and consider splatting the privacy intrusion services in their DNS cache.

    1. Charles 9 Silver badge

      Re: W3C...failing the general public

      Just watch. Fail to click on all four and the site will reject you, saying "Sorry, but we need to be able to do ALL of that for the site to function properly. Goodbye." And if it happens to be a hotspot like Facebook or a source of otherwise-unavailable data, then you're left with the stark choices of either bending over or not getting in.

      The tech-savvy would probably turn back and find some other way, but what about the average person? Wouldn't they just give the explicit consent and then we're back where we started only with little recourse left to people because they've given explicit (and thus contractually-binding) consent?

      1. The BigYin

        Re: W3C...failing the general public

        If a site does that, the answer is simple; stop using them.

        Or only use them via a puppet server/VM.

        That fact the people are willing to give away so much to the likes of Facebook and Google saddens me quite frankly. I detest people who host their code on Google and will only allow its download if I absolutely have to (which is very rarely).

  13. stanimir

    So a young student...

    hopes for a well paid job at google and makes a statement: "you see unless you find an option buried deep in some awkward settings and which also means nothing to you, any company is free to track and sell each of your activities, treat you as 'leads' and so no"

    Baring that do not track is cool and and that said student can carry on w/ speeches...

  14. Rich 2 Silver badge

    What a waste of time

    "...However, "affiliate information sharing" about users can continue even once DNT controls have been activated, Mayer said."

    Says it all really - This whole DNT standard isn't worth squat. It relies completely on the advertiser(s) abiding by the rules. And as they have spent many many years trying to get round various attempts by users who don't want this crap, and are now trying to convince everyone that DNT should NOT be enabled by default (who the hell thinks THAT's a good idea?!) clearly they can not be trusted at all.

    It will be interesting to see what happens when browser makers start enabling DNT by default because that's actually what their user's want - how will the W3C and the advertisers embarrass themselves then?

    Personally, I think I'll stick with the "trust no one" policy and use Ad Blocker, and Ghostery, and NoScript etc.

  15. Anonymous Coward
    Anonymous Coward


    that is all

  16. Shaun 1

    Yet again

    Internet Explorer fails at standards-compliance

  17. Graham Marsden

    "We have noticed...

    "... that you appear to have switched off an important feature of your browser which will enable us to enhance your customer experience and provide you with a better service.

    "You can proceed, however you will not get the full benefit of our website, so please click here to switch it back on..."

    (Website announcement that fell through a wormhole from a couple of years in the future)

  18. Anonymous Coward

    Once apon a time

    The W3C was here to push good cross-platform standards.

    Not be a mechanism for the advertising industry to try to avoid data protection, privacy and ethics regulations.

  19. Stevie Silver badge


    Trust a standards body to come up with a complete load of ineffective, useless-to-everyone bollocks when presented with a simple issue.

  20. Bucky 2

    Fail Safe?

    The issue here is really the failure condition.

    People SHOULD set their tracking preferences according to their--well--tracking preferences. As in, they should make a conscious yes/no decision about tracking.

    But what should the FAILURE condition be? The W3C says that the failure condition should be allowing tracking.

    This is not a fail-safe condition.

    The fail-safe condition (from the standpoint of the end user) is to DISallow tracking. Companies serving the user (and I choke a bit as I say this), like Microsoft, should properly set the failure condition to disallowing tracking.

    If one downloaded a web browser from an advertising company (like, well, Google), one would expect that the advertising company's priorities would probably be in effect--like not even HAVING an opt-out option.

  21. tekHedd

    We promise!

    We promise to honor "do not track" as long as you promise nobody will use it.

  22. Anonymous Coward
    Anonymous Coward

    Well I'm over the moon that all this focus is being put into stopping advertisers track me while every tom dick and harry is losing our confidential data.

  23. Mostor Astrakan

    W3C is right.

    What you have to remember is that this is not so much technology to block tracking, as it is a way of communicating unequivocally to whoever is listening that you do not want to be tracked. As such, it *has* to be a decision on the part of the user to turn it on, otherwise squiffy companies can just claim that nobody takes the trouble to turn it off, make a case that it is really another bit of noise in the communication put there by browser makers, having nothing to do with the users' preferences, and continue tracking regardless.

    So yes, the DNT flag does have to be turned off by default, simply to destroy that argument. And we need a bit of a publicity campaign to point out to people that they DO want to turn it on and where the checkbox is.

  24. Mr Tech
    Big Brother

    Why online privacy always loses

    Even if DNT is on by default, there is no way to ensure that trackers will comply with it, that's why the W3C don't want to make them angry, check out this interesting post on the topic - why privacy always loses:

  25. Tom 35


    "New technology that stops websites gathering information about users"

    Like the Do Not Call list stops people from calling me to say I won a free trip, need to clean my carpet... ?

    It can't stop anything, it just asks them not to. The same marketing companies that think calling spam an email blast (totally different thing!) makes it OK, are not going to give a crap.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020