Following Mitchell’s recent comments on DNT, here’s a riff from me.
There are currently two views of how Do Not Track, the standard for a browser to signal to a website that its user does not want behavioural tracking, should be enabled.
My position (and that, as far as I can tell, of the standardization group, and of many within Mozilla) is that Do Not Track is “no preference” by default (i.e. no header is sent), and must be explicitly enabled or disabled (without specifying an exact user experience). While it may change in the future, Microsoft’s current position is that users will be asked about “Do Not Track” during installation or upgrade, and the checkbox to turn it on (visible only in the non-speedy install) will be checked, and so the feature will be enabled, by default.
This made me think that the two views of “Do Not Track” correspond to some degree to two views of the role of government in innovation and user empowerment.
If you are in favour of market-driven solutions, then the power of Do Not Track comes from the fact that everyone who has it turned on has made a conscious decision to do so. This action speaks with a powerful voice in the market, and is hard to argue against. The idea is that any advertiser which refuses to respect a specific user request will suffer from a poor reputation, and loss of business. Hence, consumer pressure leads to positive change without regulation. But for this to work, it requires that the default be “off” (or “no preference”, which amounts to the same thing).
If you are in favour of regulated solutions, then the power of Do Not Track comes when governments force advertising companies to respect it. So how it gets turned on or not is a secondary question, and your goal is simply to get it enabled on the computers of as many people as possible, and get a law passed that makes website owners pay attention to it. After all, once it’s a government mandate, the advertiser has to respect it, whether the user made a choice to enable it or not. And so having it on by default allows you to make the claim that you are “protecting more users”.
I suggest that history shows us that government regulation of technology is usually written by those who don’t understand it, arrives late, and demonstrates inflexibility in the face of future innovation. The EU cookie law, as implemented in the UK, is a case in point – its net effect is that most UK websites how have to have a click-through dialog before you can continue to use them as before. I doubt that many people’s privacy has been meaningfully enhanced, and website usability has suffered.
Government-mandated DNT would not nearly be as flexible and open to further innovation as market-driven DNT. I hope we get the market-driven sort.