“Do Not Track” lists and registries

Several consumer groups have proposed a do not track list in response to the problem of behavioral profiling online. The idea is that domains which use technologies that track users via the internet register with the Federal Trade Commission. Internet users who do not want to be tracked can then download this list to block the tracking technologies. This would be accomplished with a browser extension, plugin or some other technical method on the user end. The groups have provided a pdf image that describes how the system works.

The idea is not without its critics. Declan McCullagh writes:

The pro-regulation lobbyists and activists are most upset about behavioral advertising, meaning computer-generated ads that are based on pages a visitor previously viewed. Someone who spends a lot of time reading a newspaper’s Asia travel articles may see ads for trips to China even when perusing sports scores. Quelle horreur!


I think some of the messaging on this is a bit off. At least, it gives people the wrong idea as to how this works. Note this Washington Post article:

Privacy, consumer and technology groups yesterday proposed the creation of a Do Not Track list similar to the Do Not Call phone list, allowing people to prevent companies from tracking which Web sites they visit.

Under Do Not Call, you sign up your number for a list. Telemarketers are then prohibited from using this list. Likening this recent proposal to do not call gives people the idea that they have to sign up for a do-not-track list. That someone will be keeping track of all the people that don’t want to be tracked. Thats not quite how this works. This works more like an sex offender registry — the people we are on the lookout for (the trackers/sex offenders) are the ones that are tracked. Not the consumers.

Of course it is problematic messaging to compare servers that track online consumers to sex offenders. But it does describe the interaction better: users are not signing up with the government, they’re using the government list to know who to avoid.


The system does have some limitations. It doesn’t address all the data collection and use practices out there. One major item left off the list is data collection by search engines. That’s data that can be used for behavioral profiling. Specially since search engines like google keep individually identified information.

It’s also basically an opt-out system. I’ve talked about the problems with opt-out before. And also how opt-in is better.

But it does mitigate some problems with opt-out. Under opt-out, the data collector has no incentive to explain its data collection practices to the users. In fact, the incentive is to not explain it. Also under opt-out, the consumer has to go to each place and opt-out of that one place. Burdensome. This proposal fixes those problems by legislating the incentive on to the collector to disclose. It also allows one easy opt-out, rather than many.

It basically complements and facilitates many self-defense measures that are out there. I’m quite tech savvy. I use adblock, I manage my cookies. I block most third party scripts on the sites I visit. It seems like it would be more efficient to let all users simply make one choice — be tracked or not — than to have to make each choice like I do. And it would make it easier if the law facilitated this, by mandating that trackers disclose this information to the FTC. Investors make decisions based on mandated disclosures. Consumers should be able to as well.

Posted: November 4, 2007 in: