In association with heise online

10 September 2012, 10:27

Apache ignores Internet Explorer 10's do-not-track header

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The dispute around the default setting for the "do-not-track" (DNT) header in Microsoft's Internet Explorer 10 (IE10) web browser is escalating: the source code of the open source Apache HTTP web server now includes a patch that completely ignores the DNT header if it has been sent by IE10.

The patch's author, Adobe employee Roy T. Fielding, said that the code modification was made because Internet Explorer openly violates the W3C's as yet unapproved DNT standard. Section 3 of this document expressly specifies that a browser must not determine a preference for this header, and that users should actively decide whether a value of 0 ("Yes, I want to enable tracking") or 1 ("No, I don't want tracking to be enabled") is to be applied.

However, Microsoft has decided that the default configuration of IE10 will send a DNT value of 1, signalling to web sites that the user does not wish to be tracked. The company's decision is backedPDF by the European Commission. Those who criticise Microsoft's decision point out that web site operators would simply ignore the DNT header if it is routinely enabled. They fear that, in view of IE's market share, the browser's default setting will ultimately achieve the opposite of what Microsoft is trying to achieve.

Fielding is not only the author of the Apache patch, he is also an editor of the DNT standard at the W3C. The standard only began to stipulate that browsers shouldn't include a default header setting with the draft released on 7 September. The previous draft released in March 2011 didn't conclusively determine this aspect. However, the standard is a long way from being approved and is currently an "editor's draft". The definition of what constitutes "tracking" remains completely open, and web sites can't even reliably determine whether certain actions go against the DNT header settings at present.

Fielding's patch was severely criticised in the discussions concerning the modification. The author of one comment accuses Fielding of misusing his power to support his personal bias and opinion. Another fears that, within the EU, the patch could have legal consequences as soon as IE10 users complain that a server is tracking them even though the default setting matches their preference. Julian Reschke, co-editor of the next HTTP specification and "invited expert" to the W3C's HTML 5 working group, describes the DNT principle as follows: "The whole premise of DNT is, like it or not, that "most" people will not use it, thus advertising/marketing people will accept it."

Tracking is mainly used in the advertising industry to monitor users' web site behaviour. In addition to the DNT header, which is the W3C's chosen approach, Microsoft's Internet Explorer offers reliable protection against tracking via Tracking Protection Lists (TPLs), which ensure that the browser doesn't even load content from web sites that are included on the list.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit