What is Do Not Track, and Why Should I care?

Author: @smartprivacyio | Updated: May 22, 2019

Do Not Track (DNT) was a proposed standard and mechanism that sought to enable users to opt-out of third-party tracking of their digital activity.

The proposal received numerous endorsements, including most major browsers, the US Federal Trade Commission, and the EFF, amongst other consumer advocacy groups.

The basic idea was to allow users to configure an opt-in or opt-out state within their browser settings. This setting would correspond to sending an HTTP header along with any requests to a particular website. The website and included services would then obey this header and honor the users wish to be exempted from tracking technologies.

The Do Not Track initiative has failed on many levels. First, adoption by major browsers has been tenuous, at best. Second, even major advocates, such as Google and Microsoft, do not obey the request with their services even though their browsers largely support it.

Browser Fingerprinting

The problem with DNT implementations is that they make it easier for trackers to identify you through a tactic called browser fingerprinting.

Your browser has specific characteristics that websites and trackers can identify. It is the unique configuration of these broadcasted settings that allow websites to track you. For example, if you set your default font to Helvetica, which is a non-system standard font, that puts you into a subset of users with that identifying factor. Next, if you adjust the default font size to 24px, you're one of X users who have those settings applied, where X is presumably much smaller than the pool of all users. Add in the unique combination of plugins and browser extensions you've installed and all of a sudden we've got a pretty robust profile.

Taken across dozens of settings, a browser fingerprint can become surprisingly accurate in terms of identifying individual users. To see your browser fingerprint, you can use the Panopticlick tool, created by the EFF.

Browser fingerprinting is very difficult to detect, and since it happens entirely outside of your computer, you can't stop it by clearing your cookies or resetting your IP address.

If we look at the Do Not Track spec, the spec implementation does not send the header at all if you do not want to opt into DNT. Therefore, the very act of your browser sending the header is yet another data point that can help identify you.

The adoption of Do Not Track has been kind of a nightmare. Here is a breakdown of each browsers' efforts thus far.

Chrome

Google first announced support for DNT in November of 2012. The setting is still available as of the writing of this article.

Safari

While Apple initially supported DNT in April of 2011, Safari was one of the first major browsers who dropped support, back in February of 2019.

Firefox

Mozilla Firefox was one of the first browsers to support the DNT, with the first version released in February of 2011. The setting is still available as of the writing of this article.

Microsoft Internet Explorer / Edge

Microsoft Internet Explorer first adopted DNT settings in March of 2011. The setting is still available as of the writing of this article.

Recommendation

At this time, we do not recommend applying the Do Not Track browser settings. Instead, we recommend taking the issue into your own hands and using a browser-based plugin or extension to handle blocking trackers.