Apache has issued a web server that aims to correct a standard violation by Microsoft. The violation, however, may not be, depending on your point of view, as bad as you think. In detail the patch is described as follows:
"Apache does not tolerate deliberate abuse of open standards." The open standards Apache is referring to are the agreed do not track (DNT) settings in a web browser, which should be turned off by default. Microsoft went the other way and decided it may be beneficial to its users to actually turn the tracking protection on by default and, in effect, violate the standard. Apache reacted by issuing an update, which overrides a web server's configuration file so that it ignores Internet Explorer 10's DNT settings.
While this may be a violation, the case is not quite so clear and Apache is currently hit by criticism for turning itself into the browser police. A standard violation in this specific case may not be such a bad idea anyway. More than any other browser maker, Microsoft is dealing with a user base that is not very interested in fine-tuning browser settings and if do-not track is, in fact, a technology that is offered to users as a way to protect their privacy, some may even argue that Microsoft should be applauded for this move.
Adobe's Roy Fielding, cofounder of the Apache HTTP Server Project, wrote the following in a thread post:
The only reason DNT exists is to express a non-default option. That's all it does. It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization. Microsoft deliberately violates the standard. They made a big deal about announcing that very fact. Microsoft are members of the Tracking Protection working group and are fully informed of these facts. They are fully capable of requesting a change to the standard, but have chosen not to do so. The decision to set DNT by default in IE10 has nothing to do with the user's privacy. Microsoft knows full well that the false signal will be ignored, and thus prevent their own users from having an effective option for DNT even if their user's want one. You can figure out why they want that. If you have a problem with it, choose a better browser.
While Fielding has reason to chastise Microsoft for the way the feature was announced and implement, we also realize that Microsoft has a very strong interest in user tracking to cater to its advertising customers. So it is even an unusual move and certainly raises the question whether the standard or Microsoft is wrong.
I think it's the smart move but what are your opinions of MS breaking open standards for the security of the users?