Do Not Track: Analysis of Google, Microsoft and Mozilla's solutions
That they've all produced different solutions to the problem seems counter-productive, though. Rather than Google and Microsoft working together to create a unified targeted ads blacklist, or a concerted push behind Mozilla's HTTP header approach, we'll have to deal with all three. Not only will this annoy website owners and ad companies -- all three of the methods require their intervention -- but ultimately, you and I will have to deal with fragmented and incomplete blocking, depending on which browser we're using at the time.
Let's take a closer look at how Firefox, Chrome and Internet Explorer will block tracking cookies, and which solution is ultimately the best.
Mozilla FirefoxMozilla's approach is by far the most softly-softly and open solution. The idea is to create a Do Not Track HTTP header, which you can enable or disable -- and presumably, you will have granular control over which websites you enable it on. When your browser sends the new HTTP header, the website then omits any tracking cookies from the response.
The problem is, every website has to be modified to accept the new Do Not Track HTTP header. By default, Mozilla's solution does nothing -- and there's nothing that can force a website to accept the new header. Mozilla hopes that the header will gain momentum, though -- and unlike Google and Microsoft's platform-dependent solutions, any browser could be configured to send a Do Not Track HTTP header, including browsers on smartphones, tablets, TVs, and so on.
Finally, Mozilla notes that the Do Not Track HTTP header is only one of its solutions to tracking cookies. Mozilla Labs is fantastic at shoehorning functionality into Firefox, so it wouldn't be surprising to see some cool cookie-related add-ons from it in the future.
Google ChromeWith what seems like a very hasty, heavy-handed solution, Google has produced an extension with a long list of blacklisted targeted advertising providers. If a cookie originates from a blacklisted domain, it blocks it... and that's about it.
As it stands, there's no granular control, and the blacklist only covers U.S.-based ad companies. The fact is, though, that granular control isn't even all that useful -- I mean, do you even know which advertising company provides ads for your favorite websites? If you opt out of targeted ads on Download Squad, will that also impact your ads on Engadget?
Google says that the blacklist will automatically update as companies join the Self-Regulatory Program for Online Behavioral Advertising, which is a lot easier than implementing the Do Not Track HTTP header -- but it doesn't help you, if you don't want to be tracked on your mobile phone, or on a computer that doesn't have Chrome installed.
Having said that, if you really don't want to be tracked, Google's method is the best immediate solution -- and presumably, there will eventually be a Firefox add-on that uses the same blacklist.
Microsoft Internet ExplorerThe most graceful solution to the Do Not Track problem belongs to Microsoft and Internet Explorer's Tracking Protection. It's similar to Google's approach, in that it uses a client-side blacklist, but more control is ceded to website owners, and human curators.
Rather than just blocking ad companies en masse, Internet Explorer 9 will have access to human-curated Tracking Protection Lists. You will be able to choose which list you want to use, and presumably some will be more aggressive than others. The neat bit, though, is that website owners can create a TPL that explicitly allows third-party cookies -- that way, if a website relies on tracking cookies for its business model, or to provide specific functionality, the owner can be sure that IE9 users will experience the site properly. I presume that you'll still be able to force-opt-out of these tracking cookies if you need, though.
FragmentationIn conclusion, we're in for a bit of a bumpy ride over the next few years. Mozilla's standards-based approach gives both end-users and content owners the most control, but it will take months or years to gain momentum. The idea of every browser having a 'Do not track me on this website' flag is surely the most desirable solution, though.
Google and Microsoft both offer great stop-gap solutions, with Internet Explorer edging ahead in terms of actual functionality and usability. Who can say which method will win out? If Microsoft's standard schema for Tracking Protection Lists gain traction, it will become trivial to implement intelligent blacklists in all three browsers. Ultimately, all three browsers will use both methods -- it might just take a few release cycles to get there.
I think it's important to note that content providers need to have some input in this whole Do Not Track process. Targeted advertising is used because it works -- it generates money! If targeted advertising disappears, and clickthrough rates plummet, free websites may need to find alternative revenue streams, or shut down.
While it's true that we need more control over who tracks our Web surfing habits, completely removing targeted advertising from the equation may do more harm than good.