Do Not Track: what is it?

What on earth is Do Not Track?
If you want to stop targeted ads, then Mozilla's Do Not Track could help achieve this

If you've ever wondered what Do Not Track is, or you've just searched for it in Google, you've come to the right place.

Here's our complete guide to the feature, which gives you greater privacy in your web browser.

Q. What's this Do Not Track business all about, then? Stalking people?

A. It's not about tracking in real life. It's about tracking on the internet, and while it's not quite the equivalent of stalking, almost everything you do online is tracked by someone, somewhere.

Q. Really?

A. Yes. When you visit a web page, there's a good chance that it contains tiny images or invisible code that exist for the sole purpose of recording your browsing habits. Do Not Track is meant to protect you from this.

Q. We're not just talking about what I put in my shopping basket, are we?

A. No, that's right. The kind of tracking we're talking about is where third-party companies, advertising groups rather than website owners, record your visits and habits across many different websites.

Q. Hmm, that does sound a bit more disturbing. How does it work?

A. When you visit a site that's given permission for advertisers to put their special images or code on it, they record and uniquely, although 'anonymously', identify your computer.

Q. How exactly do the advertisers do that?

A. There are several different methods they can use. In the past, the most common was to place a cookie on your computer which contained a unique ID. Now, advertisers are using less visible and harder-to-manage techniques, such as browser fingerprinting and LSOs (otherwise known as Flash cookies).

Q. And then when you visit another site?

A. If the same advertisers are present on another site that you visit, then they'll look for that same unique ID or fingerprint. If they find it, then they'll add a record of your visit to that site to your unique ID's record.

Q. I guess the big question is: why?

A. To make money, really. By being able to build up a picture of what you're interested in, they can offer 'targeted' adverts when you visit sites that they operate on. So if you were checking out the specifications for a laptop in the morning, you might see an advert for that laptop in the afternoon. The advertisers think that targeted adverts are more useful to users, and that you're more likely to click on them.

Q. Oh, is that all they use it for then? I don't really mind that.

A. A lot of the time it's a useful feature – but not always. What if you were visiting a job site, looking for information about an embarrassing medical condition, or even just shopping for a surprise birthday present? In all these situations, those convenient targeted ads can be quite inconvenient.

Q. I didn't think of it like that!

A. No, and there's more too. The advertising company has managed to amass a lot of data about you that you wouldn't share with anyone else, except for your doctor or close friends and family. What if it gets hacked, or if you're just not comfortable with that idea?

Q. Then I'd want a way to insist these companies don't track me, and don't store any information about me.

A. Me too, as do many others, and this is exactly what Do Not Track is meant to do.

Q So how does it work?

A. It's very simple. When you visit a website, along with the request for content, your browser includes a HTTP header. This contains all kinds of useful information, such as the website you were on previously, information about your computer and its configuration, and much more.

Q. Ah, and this Do Not Track thing, it gets included in the header?

A. Exactly. All the browsers that have included the feature also send a line that says DNT:, followed by a 1 if you've got it enabled, and a 0 if not. This is then really simple for the website, and for the advertisers to detect, and they should change the way they act accordingly.

Q. 'Should' change the way they act?

A. Yes, there's a bit of a problem with this plan. Do Not Track is technologically passive – that is to say, it does nothing to enforce your wishes, just tells the advertisers what your preference is. Many people are worried this gives users a false sense of security.

If they've set the preference, they'll think they're definitely not being tracked, but this is far from the case at the moment. Some advertisers will ignore it completely, some will respect your wishes, and some will keep tracking you, they just won't show you any targeted adverts so you don't realise it.

Q. That doesn't sound very useful! So DNT is a whole lot of talk without any real teeth – there must be something more we can do?

A. There have been lots of other attempts at facing up to this tracking problem but all of them have their own flaws.

Q. Tell me more...

A. Well, you can install various extensions, such as AdBlock Plus and NoScript, which stop any material from the advertisers reaching your system or running on your machine without your knowledge. Microsoft offers a similar system to this, with its Tracking Protection Lists.

Q. That all sounds good, so what's wrong with them?

A. The problem with those is that advertisers are always finding new ways to identify and track you. This means that if you want to maintain your privacy online, you'll find yourself engaged in a kind of arms race with the advertising industry, always searching for another counter-measure.

Q. Actually, now I think of it, I've tried NoScript before – I kept having to click on things to make it work.

A. That's right, they're quite technical solutions and interfere with the browsing experience. Unfortunately, this makes them inaccessible to many users.

Q. So, it sounds to me like Do Not Track isn't really any better than these previous solutions. Why's everyone talking about it so much, then?

A. For one thing, it's simple. To activate it, users just have to tick a box. It's also simple because there's one universal setting that's visible to every single website. This means it doesn't rely on each advertiser developing its own system, which users then have to discover.

Q. Anything else?

A. It also means that there's one way to opt out for every kind of tracking. If the company can see it, they should disable all the different kinds of tracking, not disable one and leave others on.

Q. But this all still depends on advertisers doing the right thing?

A. You're right, but there's one other advantage that Do Not Track has. It's been implemented by almost every web browser and, because it's got momentum, it's got the support of the European Commission and the Federal Trade Commission in the United States of America.

These regulatory bodies are pushing advertisers to support the standard, and have threatened to introduce legislation if they don't act voluntarily.

Q. Excellent. So Do Not Track is one prong of a two-pronged attack?

A. Yes, between technical and legislative measures, the internet should become a much more secure environment for users to operate in.

Q. Great! How do I enable it?

A. In Firefox, which was the first browser to implement it, you just need to go to the Preferences menu, then the Privacy tab, and just tick the appropriate box. Unfortunately, the other major browsers on Linux don't yet support it, including Chrome and Opera.

In fact, Google, the creator of Chrome, has recently signed a letter opposing Do Not Track legislation in California since it feels it will unnecessarily impact on its advertising business.

Since not all advertisers support DNT yet, if you're concerned, it's still worth pursuing other measures. Enable AdBlock, NoScript and set your browser to delete all cookies after every session.

Q. Where can I find out more?

A. Check out the Mozilla blog for more information.

-------------------------------------------------------------------------------------------------------

First published in Linux Format Issue 151