Baked-In Browser Privacy

Internet privacy is growing up in a hurry. We’ve talked before about how 2010 was a banner year for those of us interested in a more transparent web, and 2011 shows signs of continuing that momentum.

Some recent examples of this phenomenon were announcements by Microsoft and Mozilla that revealed plans to build in more native privacy tools for Internet Explorer and Firefox, respectively.

IE9 makes a list

Internet Explorer and Tracking Protection Lists
In IE9, users will be provided the opportunity to use something called a “tracking protection list” (or TPL) – which is essentially a specially formatted text file that supports updates (IE9 will check for new versions once a week). TPLs are lists of domains, subdomains, specific urls, and/or specific files that are created by privacy advocates around the web. They come in two flavors: allow lists and block lists. Inclusion in an allow TPL means that a domain can be called from anywhere, no matter what. If a domain is included in a block TPL, IE9 will only allow calls to that domain if a user specifically clicks on a link, or from that domain itself.  This means that no third-party calls will be allowed to that domain from other sites, effectively blocking tracking from that domain.

Why It’s Cool
This is a big move from IE, and one that should help it establish a reputation as a browser that is serious about user privacy. Unlike an opt-out style solution, TPL functionality doesn’t allow the call to the included domain, which puts the control as close to the end user as possible.

What It Lacks
The biggest trouble with the TPL style approach is the lack of individual informed decisions. Users will download lists from sources they (presumably) trust, and those lists will be full of domains that the source believes are important to block, and/or domains the source thinks should be allowed. It will be up to these list publishers to explain which domains are included, and why. We haven’t seen anything that suggests a UI which will allow a user to easily add or remove items from that list, or dynamic features like site white listing (allowing all scripts to run on a specific site whether they are included in a list or not). All of this could be addressed with a robust feature dashboard, but that does not appear to be in the scope of the initial release.

TPLs and Ghostery
We don’t know yet if TPL blocking functionality will leave enough of an included script intact for Ghostery to detect it and include it in the purple box, but other than that, Ghostery and TPLs should get along just fine. We haven’t had an opportunity to test anything yet, but it’s reasonable to assume that if a domain is in a TPL, the call to that domain won’t happen, which is exactly what happens if you block a company in Ghostery. Other companies that are included in the Ghostery library but not in a user’s TPL will still show up in the purple box notification and be available for blocking by Ghostery. If IE developers choose to include this call-blocking functionality in an add-on API, that would allow tools like Ghostery to get better at detecting and blocking third-party calls in IE.

You can read more about IE9 & TPLs (and see an early version in action) at Microsoft’s IE blog.

Firefox gets heady

Firefox and Do Not Track Headers
Alex Fowler, Mozilla’s Global Privacy and Public Policy Leader, recently revealed new plans for Do Not Track header support in Firefox.  An HTTP header is the first bit of a web call that defines all the characteristics of the interaction with a server. A Do Not Track header message indicates that the user wishes to opt-out of interest-based tracking. This means that when enabled, the Do Not Track header feature will include an opt-out message in every click and page view you make in Firefox. Using the header to implement some kind of do-not-track list is not a new idea – the team at donottrack.us have built several working prototypes – but Mozilla’s native adoption gives the idea serious legs.

Why It’s Cool
Header messages are at the front line of communication. If you’re talking to a server, it can’t do anything without first reading the header. It’s something like the Internet equivalent of a sealed envelope – once you break the seal, you’re on the hook for whatever is inside. It’s more permanent than an opt-out cookie, which could accidentally be deleted (and must be set for multiple companies on multiple browsers). Users wouldn’t have to seek out or create lists of sites or servers to block, and when properly implemented, it represents a real transaction between users and the tracking companies – giving the latter and opportunity to earn trust and generally make the whole process more transparent.

What it Lacks
That last strength is also a weakness. You can include anything you want in a header – it’s just lines of text. What makes that information valuable is when it’s read and interpreted in a specific way by the server. No one knows how widespread and speedy the data tracking industry will be when it comes to adopting this header as an opt-out indicator. These companies know they must comply with the FTC’s wishes somehow, but not everyone agrees that the header is the best method. To their credit, the Mozilla team acknowledges that this is a first step in a longer process. Like IE’s lists, this appears to be an all-or-nothing option. There is nothing in the description that suggests features like white listing for trusted sites or the ability to opt-out of certain types of tracking (for example, purchase history collection) but allow others (like basic web analytics). As Fowler himself says, “this is one step of many for us to see if the header approach can work and confirm that it will provide our users a more nuanced, persistent tool for communicating privacy choices on the web.”

Do Not Track Headers and Ghostery
Including a Do Not Track header (as defined by the folks at DoNotTrack.Us) is actually on the feature roadmap for Ghostery. Clearly, we think that it’s a good idea – when combined with the individual decisions a tool like Ghostery allows. Again, it’s all about education – it’s important to not to make big sweeping decisions in your online data management, but informed choices based on your knowledge about the site’s publishers and the advertising companies they’re partnering with who collect and use your data. Until the feature matures enough to be a nuanced tool, it’s still something of a nuclear option. Additionally, as mentioned earlier, this functionality relies on the adoption of the companies that receive the header. If you have made a decision that a specific company shouldn’t collect your data, the most effective way to realize that decision is to block all communication with that company. Ghostery never allows scripts from blocked companies to execute, so there’s never a question whether or not they’re complying with your opt-out request.

Read Alex Fowler’s post (also linked above) here, and check out the Do Not Track Header FAQ on Mozilla’s wiki.

mmmmmm Chrome cookie

Google and Keep My Opt-Outs
The final approach comes from Google, which launched an opt-out cookie protector as a Chrome extension. When you visit a company’s page and opt-out of their services, they add a cookie to your browser (just like they would if they were tracking you). Instead of identifying you as a 30something male who likes video games and tech gadgets (assuming your browsing history looks a lot like mine), they instead recognize you as someone who does not wish to be tracked and targeted with interest-based ads. This approach works well enough, but the problem with cookies is that we tend to delete them. Without protection, opt-out cookies are treated by your browser just like other session cookies, even when deleting.

Why It’s Cool
Keep My Opt-Outs automatically sets opt-out cookies for all the companies participating in the self-regulatory program at aboutads.info, and then it protects those cookies from getting deleted. It’s a one-click way to remove yourself from targeted advertising from all of those companies at once, and it’s nice and persistent, because you can clear your browser cookies like crazy and the opt-outs will stick around.

What it Lacks
Another case where its asset is also its weakness – these companies are already participating in self-regulatory guidelines, which means they’re doing things like serving the little “forward-i” ad notice anytime an ad might collect or use behavioral data. (Full disclosure here – Ghostery’s parent company, Evidon, is a partner of the Digital Advertising Alliance and runs the technology platform to serve those notices.) So while you are able to opt-out of targeting from those companies, that’s the most transparent targeting on the web. Keep My Opt Outs does not create or store opt-out cookies for any other ad or data collection service, including web analytics tools like Google Analytics. And again, it’s an all-or-nothing approach. Sensing a pattern here? Setting an opt-out for every company on every site doesn’t give you the option of supporting data collectors with good policies or sites with good content. You can’t make granular, educated decisions – which is pretty much what Ghostery is all about.

Keep My Opt-Outs and Ghostery
These two Chrome extensions appear to get along just fine. Ghostery is still going to identify scripts from companies that are included in the KMOO list, because those scripts are still going to run on the page. If you’re blocking those companies in Ghostery, your browser never even communicates with those companies, so you don’t have to worry about telling them that you opt-out. It certainly doesn’t hurt to add the extra level of protection, and protecting those cookies is nice, but we’d really like to see an option to select those companies individually.

You can read an in-depth description of the Keep My Opt-Out tool at Google’s Public Policy blog.

The Road Ahead
It’s a nice milestone to see these three major browsers integrating more powerful privacy features. At the very least, it means that the informed privacy community has made enough noise that mainstream web users are starting to notice and talk about change. That keeps a smile on Ghosty’s face, and by no means do we wish to rain on the parade or diminish the efforts of the privacy, product, and engineering teams for each of the big browsers. However, introducing nuclear-option style tools doesn’t do a lot to help educate that newly aware mainstream web user, it just gives them something that placates their fears. These tools are a good start to help encourage a more transparent ecosystem, but they have a lot of growing up to do before they meet the high standards of education and empowerment that represent real, sustainable change.

We’re all on the same team, and we don’t doubt for a second that we all have the same goal. We’re going to keep working to improve Ghostery, just as the talented developers at Microsoft, Mozilla, and Google will keep working to make using their browsers more secure. We’re rooting for all the privacy geeks out there, and we grow ever more encouraged and excited about what the web might one day become.

Happy Browsing,

Andy K
Ghostery Product Nerd
andy@ghostery.com

Tags: browsers, Chrome, cookies, Do Not Track, Do Not Track headers, firefox, Ghostery, google, IE, Internet Explorer, Keep My Opt Outs, KMOO, Microsoft, Mozilla, privacy, TPL, Tracker Protection List, tracking