Microsoft Subnet An independent Microsoft community View more

Is Microsoft right and W3C wrong about Do Not Track being turned on by default?

After Microsoft announced Do Not Track would be turned on by default in Internet Explorer 10, the latest W3C DNT draft proposal suggests Do Not Track should not be on by default. Microsoft stands by its privacy-by-design decision. Who is right? Should the decision to be tracked or not to be tracked be left as 'unknown' until the user chooses otherwise?

Some of us, including Senator Al Franken, believe privacy is a fundamental right. Choice is great, but it's also a problem since many users will not take steps to change settings and protect themselves or their privacy. Microsoft led the privacy-by-default pack with Internet Explorer 10 on Windows 8 when the company announced "Do Not Track" (DNT) will be enabled by default. However, the latest W3C Do Not Track proposal says DNT should not be on by default; Ironically, Microsoft will have to change DNT privacy by default for the Mighty M to "claim it supports the developing privacy standard."

Mozilla, which originally proposed Do Not Track, praised Microsoft on its Privacy Blog for putting its "full weight behind DNT." Yet Alex Fowler went on to explain, "At its foundation, DNT is intended to express an individual's choice, or preference, to not be tracked. It's important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it's not the browser being tracked, it's the user." That is also why Mozilla recommends "the right starting point for a DNT system is a default of preference unknown."

"Explicit consent required" was added to the DNT compromise proposal, which states, "An ordinary user agent must not send a Tracking Preference signal without a user's explicit consent." The editors of the DNT compromise are Peter Eckersley of the EFF, Tom Lowenthal of Mozilla and Jonathan Mayer of Stanford University. Mayer wrote, "I can assure you now: there will be components of the proposal that you will not like. Some industry and advocacy participants will flatly reject it. But when everyone in the center of the group is just a bit unhappy, I think we've found our consensus."

Brendon Lynch, Microsoft's Chief Privacy Officer, followed up with another post after W3C "rejected" DNT privacy by default. Lynch mentioned the Pew Internet & American Life Project in which 68% of people said they "were 'Not OK' with targeted advertising because they don't like having their online behavior tracked and analyzed." Although Microsoft is a part of and has "great respect" for the W3C working group, the company believes the "appropriate privacy-friendly default for DNT in IE10 is 'on'." Lynch concluded, "We agree with those who say this is all about user choice. However, we respectfully disagree with those who argue that the default setting for DNT should favor tracking as opposed to privacy."

Several people have suggested that Microsoft's decision to turn DNT on by default may be a strike at its rival Google, but all big advertising networks profit by vacuuming up and collecting web user behavior data. Not all tracking stops even when Do Not Track is "on." Digital Trends suggested, "Do Not Track may not protect anybody's privacy."

Personally, I believe DNT is a good thing and I support Microsoft's decision to have it automatically on in IE10. However, Don't Track looks even more appealing to a privacy freak. The difference is that Don't Track literally means nothing about what you are searching for online is saved, and that is why I stand by and highly recommend using DuckDuckGo. Unlike some people, I'm not interested in targeted ads and use all kinds of privacy and security add-ons to block and stop as much as possible. Sadly "don't track" me at all in any way, anywhere while I'm surfing the web, not ever, does not yet exist once you leave DDG.

In other Microsoft news, today the company detailed its new process for automating certificate revocation. Also, WSUS administrators are advised to apply the Windows Server Update Services update prior to deploying this month’s security bulletins. The Redmond Giant sent this:

Additionally, to minimize disruptions and help protect customers’ systems from potential cyber-attacks, Microsoft issued seven security updates today through its regular monthly release cycle. Of note, one update addressing four issues in Microsoft Lync was added after the Advance Notification Service was released on Thursday, and another (Visual Basic for Applications) was removed from the list. Microsoft conducts stringent testing on each bulletin throughout the release process, and occasionally that results in withdrawing or re-adding a particular bulletin to ensure customers receive updates as soon as they are ready to ship.

The top priority bulletins this month are MS12-037 (Internet Explorer) and MS12-036 (Windows). Microsoft recommends that customers test and deploy these top-priority bulletins as soon as possible.

More details on June’s security updates, including Microsoft’s deployment priority recommendations and Exploitability Index, can be found on the Microsoft Security Response Center blog.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies