New Apache patch overrides IE 10's Do Not Track setting

In May, Microsoft decided to put in "Do Not Track" as the default setting for Internet Explorer 10, currently only available for Windows 8. That stance angered many, especially in the Internet advertising industry, who claimed that such a setting in IE 10 would "reduce the availability and diversity" of Internet-based products and services.

As it turns out, the Internet ad business has an unlikely ally: Roy Fielding. He's one of the creators of the Do Not Track standard, but he's also recently created a patch for the Apache web server that's designed to disable the Do Not Track setting if an Apache web server is accessed by IE 10.

In a GitHub.com comment post, Fielding says that, in his opinion, Microsoft decided to violate the standard that he helped to create. He says:

The decision to set DNT by default in IE10 has nothing to do with the user's privacy. Microsoft knows full well that the false signal will be ignored, and thus prevent their own users from having an effective option for DNT even if their user's want one.

In a statement earlier this summer, Microsoft chief privacy officer Brendon Lynch says that the Do Not Track standard has yet to be formalized by the World Wide Web Consortium but that the company is "firmly committed" to working with the W3C on that standard.

Thanks to Max Norris for the tip!
Source: GitHub.com
Privacy image via Shutterstock

Report a problem with article
Previous Story

Will Sony finally make a Windows Phone device?

Next Story

New Nook tablet rumored; could it run on Windows 8?

32 Comments

Commenting is disabled on this article.

Idiots @ Apache, really.
The DNT header has legal backing in some countries already. Entire European Union to soon follow.
So ignoring this by default could be a very bad decision from the Apache Foundation.

The guy has a point: if every browser ships with DNT on by default ad companies will undoubtly decide to not honor it, although on the other hand Apache has not business deciding which DNT signals they should accept and which ones should be ignored.

The problem with the DNT standard is that it assumes that it must default to 0 and then be willingly enabled by the user, else ad companies can just choose to ignore the signal.

Fielding's patch is wrong, but it highlights the uselessness of DNT.

It is called DNT ffs! So what is the logic around switching it off when a user has it set on!

I really do dispair when companies decide they know better than you what is best for you.
You get notified when an app wants to change a setting on your PC e.g. change the default browser so I suspect MS or someone else will come up with a quick fix to at least warn you that an Apache site is trying to do this.

Perhaps as with the default browser of choice setting they will post a patch that denies any requests to change DNT or at least warn the user.

Oh well I guess Apache can take the hit for Google in people's eyes. Linux and open source community are now Google's minions.

Amazon are bad for this tracking kind of advertising. Say I went there looking for a Hoover, I'd then get adverts for this product on Amazon following me most places over the web, even after buying it. It's annoying, aggressive, intrusive, and exactly the reason I use AdBlock and have done for a few years.

Users should be able to opt in to this tracking stuff, because some people like having ads displayed (specially if it's for a company they work for, some computer firms force repair staff to not block them).

Before I started my own IT and electronics repair firm, one I used to work for had this tactic, allowing his own ads on customer computers with custom blocker rules. They were horrible Flash ads, many a time we got customers coming back saying they were slowing the system down and annoying them. I used to disable them behind my boss's back, I didn't like the guy, he was a software pirating, customer insulting moron.

"Microsoft just announced it would enable DNT in the "Express Settings" portion of the Windows Relevant Products/Services 8 set-up experience. Customers will also be given a "Customize" option that allows them to switch DNT off."
http://business.newsfactor.com...xhtml?story_id=003000774ZJ0

I would think the change noted above breaks any argument that the setting is enabled without sufficient notice to the user. So anyone disregarding the DNT flag would likely be exposing themselves to charges of intentionally ignoring a user's privacy choice.

I have to believe that there are lawyers all over the world getting very excited at the prospect of filing lawsuits against companies that choose to ignore this. I would also be surprised if regulators weren't also planning to crawl up the hind-ends of those same companies as well.

This is going to be interesting to watch.

That's pretty stupid, not honouring a request to use DNT is just as extreme as having it on by default. Now people that genuinely want to use DNT won't be able to.

For once I think MS is doing the right thing for the user. Now we get people to undermine it. Right now I almost feel sorry for MS. They really seem to turn things around and are trying to do the right thing. People hate them no matter what they do. Oh well, it is what it is.

EmbraceNext said,
For once I think MS is doing the right thing for the user. Now we get people to undermine it. Right now I almost feel sorry for MS. They really seem to turn things around and are trying to do the right thing. People hate them no matter what they do. Oh well, it is what it is.

Have been accessing it everyday without any issue.

Lol so guy helps create standard then goes on to break it.
Remind me why this joke of a man has a job again?

n_K said,
Lol so guy helps create standard then goes on to break it.
Remind me why this joke of a man has a job again?

Perhaps he is smarter than you think, He creates the DNT standard then gets paid mega bucks by ad companies to side step it.

TBH I have to agree with you, I have lost all respect for him now.

Riva said,
Very poor on behalf of the open source community.

In other news, Microsoft is working hard to fix a bug in IE10, where is doesn't display any pages at all if the site is hosted on Apache.

Microsoft says it's a very strange bug and despite weeks, their top programmers haven't been able to find and fix it.

dvb2000 said,

In other news, Microsoft is working hard to fix a bug in IE10, where is doesn't display any pages at all if the site is hosted on Apache.

Microsoft says it's a very strange bug and despite weeks, their top programmers haven't been able to find and fix it.

Blame Roy Fielding for that.

This is why more and more people install AdBlock, and will continue to do so. This is my first advice whenever someone asks me what they should have for protection when surfing the net.

@Leo said,
This is why more and more people install AdBlock, and will continue to do so. This is my first advice whenever someone asks me what they should have for protection when surfing the net.

AdBlock doesn't actually stop websites from tracking your data, it merely stops them from displaying ads to you based on that data

ingramator said,

AdBlock doesn't actually stop websites from tracking your data, it merely stops them from displaying ads to you based on that data

Well, what will that tracking actually do for them? Using that information for purposes other than advertisement is illegal, so track away.

@Leo said,

Well, what will that tracking actually do for them? Using that information for purposes other than advertisement is illegal, so track away.

Google...?

this should e against the law. are any website that uses this liable to be sued? I mean what if I explicitly chose not to be tracked? how can stop this privacy invasion?

ctrl_alt_delete said,
this should e against the law. are any website that uses this liable to be sued? I mean what if I explicitly chose not to be tracked? how can stop this privacy invasion?

If you know enough about browsers to know about DNT, why would you be using IE?

MadnessRed said,

If you know enough about browsers to know about DNT, why would you be using IE?

That's one of the most ignorant comments I have seen on here for a while.

I've been keeping up on this and I have to say that I'm not a very huge fan of Roy. I love what he originally did with DNT, but hate that he's now working to undermine his own (very welcome imo) creation.

Shane Nokes said,
I've been keeping up on this and I have to say that I'm not a very huge fan of Roy. I love what he originally did with DNT, but hate that he's now working to undermine his own (very welcome imo) creation.

Actually this standard is a joke.
Ads companies are willing to comply with DNT ONLY if nobody knows about this feature, and if they are certain that less than 0.1% of internet users will ever enable it.
It's just a way for them to tell the world "look, we care about privacy, we support DNT (because we know nobody will use it and it won't undermine our business)".

The solution would be that Microsoft publishes an update to force IE to ask the users if he wants to authorize ads companies to track him.

That would definitely put an end to this scandal.

And of course, 99% of users would choose to enable DNT, and then companies like google would be forced to admit they never wanted users to know about DNT in the first place.