Front page of Slashdot today, in a story titled “Microsoft Adds ‘Do Not Track’ Option For IE9“:
Previously, Mozilla stopped working on a similar [Do Not Track] feature for Firefox after pressure from advertisers and other OSS projects as it would hurt their revenue sources from advertisers.
I’ve seen this said several times recently, but last time I looked into it, the story seemed to have no foundation in actual statements by Mozilla people. And its perpetuation is terrible PR for an organization focussed on privacy.
Is is true?
Update: Seems like this is bad reporting by the WSJ, which is being repeated ad nauseam elsewhere.
Given that Adblock Plus provides similar functionality (via EasyPrivacy filter list) – I probably would have noticed if Mozilla were working on something like this. But I have no idea where this statement comes from, there was definitely nothing in the open about this. Which doesn’t entirely exclude the possibility that somebody was working on it and then scrapped it without telling anyone – but how does Slashdot know then?
After looking at the WSJ article which seems to be the source – there probably was *something* but it has been distorted so much in need of a sensation that it is very hard to reconstruct the truth. I would like to see Mike Shaver or Jay Sullivan explain what they were really talking about.
The linked story from the Register has a statement from Shaver.
http://online.wsj.com/article/SB10001424052748704584804575645074178700984.html
Early on, the article says:
“Firefox’s creator, Mozilla Corp., killed a powerful new tool to limit tracking under pressure from an ad-industry executive, The Wall Street Journal has learned.”
Later is another quote that might be unrelated:
“Our goal is to put the user in control but not overwhelm them,” says Mike Shaver, vice president of engineering at Mozilla.
The story of the WSJ actually gives quite a bit of detail on what happened, if you read the last bits of it.
BTW, I remember another story “browser vendor pulls anti-tracking button after concerns over advertisements” from a few months ago, but this was about Microsoft, reported in the same WSJ:
http://on.wsj.com/aDxiNm
The WSJ contains some factual inaccuracies, and the headlines on Slashdot and The Register are based entirely on those inaccuracies.
The article refers to a cookie-related experiment (bug 565475) that we ended in bug 570630. (I’m pretty sure this is what it refers to, since it mentions a May 28 landing, corresponding to bug 565475 comment 12.)
We ended that particular experiment because we decided the idea in bug 565965 would be strictly better than the idea in bug 565475 (see bug 570630 comment 0).
The idea in bug 565965 failed to make it into Firefox 4 because we didn’t want to break desirable cooperation across websites, such as single sign-on, and haven’t come up with a good UI (see bug 565965 comment 16).
Some of us were also concerned that the effect on advertisers would not be the effect privacy advocates want. Rather than abandoning targeted advertising, advertisers might increase their use of first-party redirects or switch to heuristic fingerprinting. These outcomes would be bad for privacy (users concerned about tracking could no longer simply disable third-party cookies) and bad for web performance.
The WSJ claims that we ended the experiment immediately after a conversation with an ad executive, but based on the history in bug 565475, it’s clear that we did so before that conversation. The WSJ may have been confused because of the date of bug 565475 comment 18, which was made two days after the change it describes.
For more background, see https://wiki.mozilla.org/Thirdparty
A few related tweets:
http://twitter.com/#!/johnolilly/status/9414554358390784
http://twitter.com/#!/chrisblizzard/status/9481760698007552
fwiw, I thought the Slashdot text misportrayed things too… the Microsoft effort seems a good one, and indeed is like the “don’t load” features from AdBlock Plus, but the earlier Mozilla testing of “clear cookies on browser close” didn’t seem to address the same issues (a savvy personalizer will log all IP addresses which make requests, and not just rely on browser cookies). Story was over-dramatized… “If it bleeds, it leads”, etc.
Funny thing on the cross-site tracking issues… many of the articles which raise it themselves request third-party web-beacons. The Slashdot page itself wants to notify Google Analytics & DoubleClick when you arrive, and that’s one of the milder cases. Consumers should be in control of which web assets they actually download, and certainly in control of the privacy of their websurfing habits.
The poorly written WSJ article seems to be the source of confusion here. It implies that Mozilla doesn’t let you prevent tracking, whereas I and many others under Firefox and other browsers just clear cookies automatically on exit and reject 3rd party cookies. There’s even a new CNET article now showing how to resist tracking in multiple browsers:
http://news.cnet.com/8301-13880_3-20024815-68.html
I think the biggest problem is the WSJ article’s mention of the following:
“The idea of a do-not-track mechanism that could be built into Web browsing software is gaining steam in Washington. This week, a House subcommittee on consumer protection is holding a hearing about do-not-track proposals and the Federal Trade Commission is expected to release an online privacy report that will promote a do-not-track mechanism.”
…
“The group will discuss a technical method that would allow Web browsers to broadcast a “do not track” message at a user’s request.
For such a tool to work, browser makers would need to build in such a feature and tracking companies would need to agree to not track users that use the tool.”
My guess is that people who think Mozilla “killed a do-not-track feature” are those who don’t laugh or roll their eyes when they read those last two sentences. It’s the equivalent of trying to create a “do not mug” t-shirt, which people wouldn’t know about, and trying to get muggers to not steal from anyone who is wearing one, then pretending you can enforce such a pathetic idea. A “do not track” request message is one of the dumbest ideas I’ve ever heard, but the article did mention that it may have come out of Washington where people who write policy often openly state that they know nothing about what they’re writing policy about.
I’m rather surprised that this seems to be all about cookies, when there are also so many other ways of tracking that can be used or are currently in use, including evercookies and computer profiling.
Someone should write a blog entry clarifying this reality and how it happened so it can be picked up by slashdot or some other mainstream.
Update: Mozilla has to work the press too. What’s happening?
By the way, I understand that SilverLight sets cookies. Is IE going to disable those?