The debate around "Do Not Track" has been going on since 2009 and it's a doozy. Most people don't know about it but, if they did, there might well be an outcry. I'm about to do my part.
The Internet, particularly the World Wide Web, is a tracked environment. This means that, unless you set things so your progress remains private, you will be followed. Someone is recording the websites you visit, what you do on them and the choices you make on those websites -- like downloading a file or buying something. In and of itself, as the Electronic Frontier Foundation points out, this can be useful. If you visit a site and that site retrieves and retains information about you, it can make return visits and use of the site quicker and more efficient and even enhance response to security threats and fraud.
You probably interact with this tracking all the time without knowing. Say you're shopping for something and you notice that, magically, much of your information is filled in when you go to check out. The site remembers you because it has installed a small piece of software, called a "cookie", on your computer with that information or some identifier that allows the site to search your info on its database. If you want that convenience, it's there.
But so is the threat because that type of tracking (called "simple" or "party-to-party" tracking) has a companion protocol called "third-party tracking" and that ugly piece of surveillance works like this. You go to a website with a graphic (maybe a photo or ad... you've seen them). That graphic is actually on some other website -- not the one you're visiting -- and can be loaded with code that installs another cookie on your computer, which transmits information about where you're going and what you're doing to whoever installed it. This is one of the Internet's most common forms of surveillance and one few people really know about.
Your entire web session is recorded in detail by a company (or organization) you might not know exists. What's more, that company can do whatever it wants with that data and never report what it did to anyone, especially you.
Your computer has these types of cookies in its hard drive unless you're one of the few people savvy about the threat and capable of disarming it -- which you can do through a browser setting. But that "how do I turn it off" issue is secondary. The most important question is: "Who the hell gave these jerks the right to invade your computer with a device that reports on your every action?"
The answer is "nobody"; the addendum is "but it doesn't matter". There are no rules governing tracking on the Internet.
Last week, the problem was put on display as the W3C "standards committee" continued to limp to a definitive standard, 18 months behind schedule.
The W3C (short for World-Wide-Web Consortium) is as close as we come to a world "authority" on web-browser standards. With nearly 400 members, the Consortium (founded by Sir Tim Berners-Lee, generally considered the "first developer" of the World Wide Web) meets and develops "standards" for browsers. In short, what are browsers maximally allowed to do and what do they minimally have to do?
All of this is pretty much regulated. That's why browsers, try as they might to be "unique", do pretty much the same thing. If they didn't, we couldn't have a World Wide Web.
In 2009, at the urging of privacy advocates, the Consortium took on the issue of tracking and promised strong standards to regulate it. The problem is that W3C members are heavily weighted toward companies and many of those companies don't want a lot of regulation on tracking. So they've slowed the process down, through amendments and tactics worthy of the U.S. Congress, and we still don't have standards. A browser can still literally do whatever it wants in tracking you and that, up to now, hasn't changed. Many experts believe it won't.
Even those who trust that standards will be set acknowledge that industry reps have watered things down considerably. In fact, the latest standards proposal includes several pretty horrible points:
* The entire program must be opt-in: you have to decide that you don't want tracking and then push buttons to make that happen. Browsers that enable Do Not Track by default will be penalized. In other words, you can be fined if you produce a browser that respects privacy as a default.
* The current default settings stay the same, giving advertisers and trackers complete freedom to collect and use any information they like in any way they want and never telling you that they're doing it or how.
* First-party (or party-to-party) tracking is completely permitted. You can't turn it off: an actual retrenchment from current standards.