FTC calls out Google's Chrome over Do Not Track

Google will have to decide whether to support privacy feature once it hits WebKit, says expert

Federal Trade Commission Chairman Jon Liebowitz this week singled out Google for not adopting "Do Not Track," the privacy feature that lets consumers opt out of online tracking by Web sites and advertisers.

In an interview Monday with Politico, Liebowitz called out Google for not supporting Do Not Track in its Chrome browser.

Noting that Do Not Track had gathered momentum, Liebowitz said, "Apple just announced they're going to put it in their Safari browser. So that gives you Apple, Microsoft and Mozilla. Really the only holdout -- the only company that hasn't evolved as much as we would like on this -- is Google."

Do Not Track has been promoted by the FTC and by privacy advocates including the Electronic Frontier Foundation (EFF), as the best way to help consumers protect their privacy.

The technology requires sites and advertisers to recognize incoming requests from browsers as an opt-out demand by the user. The information is transmitted as part of the HTTP header.

As Liebowitz said, Microsoft and Mozilla have added Do Not Track header support to their Internet Explorer 9 (IE9) and Firefox 4 browsers. While Apple hasn't confirmed that the next version of Safari will include Do Not Track, developers have reported finding the feature in early editions bundled with Mac OS X 10.7, aka "Lion," the upgrade slated to ship this summer.

That leaves Google's Chrome and Opera's browser on the outside. But neither plans to implement Do Not Track anytime soon.

"Such features could lead to better privacy but potentially contribute to a false sense of security," said Thomas Ford, a spokesman for Opera. "There are also some complications that arise when Web sites do not honor the Do Not Track feature. As such, we are exploring the area but have yet to make any announcements."

Chrome has its own ideas about privacy, and also won't commit to Do Not Track.

"We continue to offer the Keep My Opt-Outs plug-in for Chrome ... which already works to permanently opt users out of most ad profiling," a Google spokesman said in an email reply to questions.

The Keep My Opt-Outs plug-in blocks targeted ads produced by about 60 companies and ad networks that hew to self-regulation efforts by the online advertising industry. Currently available only for Chrome, Google has said it will release similar tools for Firefox and IE "fairly soon."

Google declined to comment on whether it is considering adding Do Not Track header support to Chrome, but seemingly left the door ajar. "We're encouraged that the standards bodies are working on these different header approaches, and will continue to be involved closely," the spokesman said.

On Tuesday, Google also declined to comment on Liebowitz's calling Google the Do Not Track holdout.

The company may face a decision sooner than later, said Jonathan Mayer, a student fellow at Stanford Law School's Center for Internet and Society (CIS). Mayer is one of three researchers who crafted the newest iteration of the Do Not Track technology.

"When Apple follows, they're going to check Do Not Track into WebKit, and then Google will face a choice," said Mayer, talking about the open-source browser engine that powers both Safari and Chrome. "Are they going to expose the feature or not?"

If Google decides to disable WebKit's Do Not Track feature when it builds Chrome, the company would repeat the mistake made by the once-dominant Netscape, which nine years ago first offered pop-up ad blocking, then removed it.

Asa Dotzler, Mozilla's director of community development, made the same observation earlier this week when in a post to his personal blog he argued that Chrome's lack of Do Not Track support meant the "team is bowing to pressure from Google's advertising business and that's a real shame."

Mayer didn't hesitate to call out Google.

"I think it borders on deceptive," Mayer said of Chrome's plug-in. "It's not opt-out for privacy, it's opt-out of tracking ads. They're saying, 'We won't show you the ads, but we'll still collect the data.'"

Google will likely bow to the building pressure and support Do Not Track, predicted Mayer. But he understands the company's current position, even though he doesn't agree with it.

"Google is in a particular awkward spot," Mayer said. "Microsoft could sort of get away with supporting Do Not Track without saying what it means to its advertising business, but Google is a different story. They have to have a pretty good idea what [Do Not Track] means for the company."

The bulk of Google's revenue comes from its online advertising business, which could be affected by Do Not Track.

"I hope they have a plan, because the pressure's mounting," said Mayer. "It's not clear what the internal decision-making process is. Some inside Google think it's a good idea, other thing it's a bad idea. [Do Not Track] is getting a lot of attention within Google, but it's not clear who has the authority today to say, 'Here's our policy.' They haven't spoken with one voice."

The picture may be clearer after the W3C (World Wide Web Consortium), the primary standards body for the Web, meets at Princeton University to discuss Do Not Track.

"There we might get a better sense of whether they're ready to proceed with Do Not Track," said Mayer of the April 28-29 W3C workshop.

In preparation for the event, seven Google employees have authored a position paper ( download PDF ) on Do Not Track.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.

Read more about browsers in Computerworld's Browsers Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags e-commerceapplicationsregulationinternetprivacymozillaElectronic Frontier FoundationAppleFederal Trade CommissionGoogleMicrosoftsecuritybrowserssoftwaree-businessgovernmentGov't Legislation/Regulation

More about AppleEFFElectronic Frontier FoundationFederal Trade CommissionFTCGoogleICOMicrosoftMozillaStanford Law SchoolTopicW3CWorld Wide Web Consortium

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place