Microsoft rolls back commitment to Do Not Track

Microsoft today rolled back its commitment to the nearly-dead "Do Not Track" standard, saying it would no longer automatically switch on the signal in its browsers.

Microsoft today rolled back its commitment to the nearly-dead "Do Not Track" (DNT) standard, saying that it would no longer automatically switch on the signal in its browsers.

"DNT will not be the default state in Windows Express Settings moving forward, but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so," said Brendon Lynch, the firm's chief privacy officer, in a blog post Friday.

"Windows Express" is Microsoft's label for the setup process after first turning on a new PC or after the installation of an upgrade.

Do Not Track signals whether a user wants online advertisers and websites to track his or her movements, and was modeled after the Do Not Call list that telemarketers are supposed to abide by. All five major browsers -- Chrome, Firefox, Internet Explorer (IE), Opera and Safari -- can send a DNT request.

"This change will apply when customers set up a new PC for the first time, as well as when they upgrade from a previous version of Windows or Internet Explorer," added Lynch.

His comments implied that when users of Windows 7, 8 and 8.1 upgrade to Windows 10 later this year, the DNT setting in IE11 and Project Spartan -- the new browser that will be named the default -- will be left as off.

Lynch cited new emphasis in the DNT standard for the change.

The standard's latest draft states, "The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user. In the absence of user choice, there is no tracking preference expressed (emphasis added)."

"We are updating our approach to DNT to eliminate any misunderstanding about whether our chosen implementation will comply with the W3C [World Wide Web Consortium] standard," said Lynch.

Previously, Microsoft had been adamant about automatically enabling DNT, a decision it made in mid-2012 as it developed IE10, the browser bundled with the then-impending Windows 8 and its offshoot, Windows RT. IE10 was also offered to Windows 7 users.

At the time, Lynch made clear Microsoft's position. "We believe turning on Do Not Track by default in IE10 on Windows 8 is an important step in this process of establishing privacy by default, putting consumers in control and building trust online," Lynch said in late May 2012.

Even then, the words "choice" and "deliberate" were being bandied about, with many, including the advertising industry, arguing that users had to explicitly choose DNT, and that an automatic setting of "on" should not be allowed.

Later in the summer of 2012, Microsoft backed away slightly, saying users could turn DNT off when they were first told of the feature as Windows went through its setup paces.

Even then, ad industry lobbying groups howled, calling Microsoft's DNT moves "unacceptable" and arguing that IE's setting would "harm consumers, hurt competition, and undermine American innovation."

Today's decision may have been a reversal of Microsoft's former position -- the latter fueled, analysts said, by the company's desire to take the privacy high ground to differentiate IE from rivals like Google's Chrome -- but it was largely moot.

DNT has been in tatters for years, progress stymied by the inability of the various parties, particularly privacy advocates and the ad industry, to reach agreement. Not surprisingly, each has called the other obstinate, or worse.

The fact is that only a handful of websites honor the DNT signal., for instance, lists just 21, with Twitter and Pinterest the biggest names.

Today, Lynch tried to characterize the change as conforming with its previous position, rather than a surrender. "We said in 2012 that browser vendors should clearly communicate to consumers whether the DNT signal is turned off or on, and make it easy for them to change the setting," he wrote. "We did that for IE10 and IE11. And we're continuing to do so with future versions of our browsers."

Join the CSO newsletter!

Error: Please check your email address.

Tags FirefoxMicrosoftsecuritydata privacyprivacy

More about GoogleMicrosoftW3CWorld Wide Web Consortium

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts