</a> Yesterday I sat in on webdev work group - really just a bunch of webdevs sitting in conference room G ("get to da choppa"). I overheard a discussion that showed me the mission of Mozilla permeates the entire organization. Here's an anonymous summary to protect the guilty and innocent:
Dev 1: Check out this 7-line DNT implementation for Site A.
Dev 2: You know the B group is going to hate DNT.
Dev 1: Yeah.
Dev 2: I don't know if it's a battle I want to fight.
Dev 1: It's not what we want - it's what our users want.
It's the same attitude and perspective we had when we first discussed Do-Not-Track at a brown-bag - we should do what our users want. We discussed what Google and Microsoft are implementing, but there are problems with cookie blacklists, as the EFF pointed out. The one I heard most at our brown bag was that NAI "opt out" doesn't specify whether a user opts out of all tracking or only out of the behavioral advertising. The quote I remember from the Mozilla Privacy discussion was: "A Do-Not-Track header is the clearest message a user can send to advertisers that they don't want to be tracked."
It's also the most technically elegant solution. Check the NAI opt-out page with Firecookie and you see the following opt-out cookie: values - TOptOut: 1 (bing, live.com, MSN), optout: 1 (collectivemedia, criteo), id: OPT_OUT (doubleclick), opt: 1 (fetchback), optout: * (invitemedia), qoo: OPT_OUT (quantserve), NETID01: optout and NETOPTOUT: true (revsci), a: cOPT_OUT (rfihub.com), AO: o=1 (yahoo). And that's just from the dozen networks from which I've opted out. The page shows me at least two dozen more networks from which I still need to opt-out. I just did this exercise a couple weeks ago. How often do I need to visit this page to opt out? Where are these new networks coming from?
And a user doesn't have the same cookies between browsers so they have to get the opt-out cookies on every device (think Desktop, phone, tablet, etc. unless they use Firefox Sync of course), and have to get all the new ones on every device too. Google can help you if you clear your cookies - but that's the only issue Keep My Opt-Outs seems to address.
Compare all this with a header:
DNT: 1
It's efficient (6 bytes), decentralized, permanent, extensible (DNT: 2, 3, 4, 'all', 'behavior', etc.) and if it comes down to it - enforceable. It isn't a perfect solution, but I love working at an organization with top-notch engineering talent AND a pervasive focus on the mission to make the web better for everyone. Mozilla FTW.
