Securiti AI Launches Context-Aware LLM Firewalls to Secure GenAI Applications

View

Do Not Track: Everything You Need To Know

Published August 23, 2023 / Updated March 10, 2024

Listen to the content

“What do people use the internet for?”

A simple question that may elicit thousands if not millions of responses owing to nearly 5 billion people using the internet as of 2022. That impressive fact also helps showcase the internet as one of the most (if not the most) valuable consumer channels on the planet for businesses.

Organizations and websites on the internet have proven this by using user-generated data to improve the overall browsing experience of internet users. Doing so improves the chances of a website connecting with its target market more effectively, thus resulting in better conversion rates and more revenue as a result.

The data gathered results from cookies downloaded on a user’s device, which track a user’s online behavior and browsing habits. Web services use tracking to run analytics to understand how users navigate through their website, which demographics of the visitors are most popular, what advertisements would be best suited for them etc. Based on this data, a website can personalize the content users see. In a nutshell, websites know what their customers want and can more effectively deliver.

However, as many privacy advocates have argued over the years, this arrangement relies on constantly monitoring a user’s online activity via cookies and similar technologies, which can often be quite invasive. With technology advancing by the day, privacy concerns and protecting users’ data have also caught momentum. The Do Not Track (DNT) technology emerged as a result of such concerns.

What is Do Not Track?

In essence, Do Not Track (DNT) is a browser setting that adds a signal to your browser’s header, telling other websites that you don’t want their tracking cookies. Once enabled, all internet traffic from your browser will have this signal on it, letting the websites you visit know that you do not want your browsing session tracked.

However, since it isn't officially enforceable, websites may choose to simply ignore it.

Tracking users’ activities on the internet via the use of cookies is what allows organizations to know what their customers want and what’s likely to gain their attention. Naturally, this makes access to users’ data a vital aspect for most organizations.

While it may seem innocuous, users may feel this constant tracking of their digital activities a violation of their privacy. The DNT helps them notify websites of their unwillingness to have their browsing sessions’ data tracked.

So, read on to learn more about the background of DNT, what it means in the context of data privacy laws, how it affects advertising in general, and how organizations can adopt their practices in line with DNT if they choose to do so.

A Brief Background

Netscape invented the HTTP cookie as an innocuous tool that would help keep track of users’ activities, such as logins and real-time shopping carts while using their browser. However, since then, cookies have become a far more comprehensive data collection and consumer surveillance tool than initially envisioned.

While cookies' primary users and beneficiaries remain the websites, web browsers remain the primary vehicle for this method to be used. After all, since the days of Netscape, the cookies have been stored on the web browser to allow more effective and efficient tracking of a user’s activities.

Some may be tempted to call DNT a recent phenomenon, but upon closer inspection, that doesn’t seem to be the case. Privacy advocates have been vocal about the online use of cookies and other forms of tracking mechanisms. In 2007, the Federal Trade Commission (FTC) received a request from several privacy groups to establish a Do Not Track list for online advertising.

The list would have been relatively straightforward. A list of domain names that a website uses to place its cookies. Users on a website would have been able to access this list and know. The idea was not implemented for years until, in 2010, the FTC issued a privacy report that called on web browsers to implement a DNT feature. This would allow the users to send an opt-out request from the monitoring and tracking to the websites.

Web Browsers Taking the Right Steps

In January 2011, Microsoft formally announced that its next web browser would support Tracking Protection Lists to block tracking cookies in their Windows 8 version. Advertisers and website owners heavily criticized this. Later, other browsers such as Mozilla, Apple, Opera, and Google followed suit by providing support for DNT via a browser header. All these browsers allowed the user to choose and control the default setting for DNT.

However, DNT came under significant criticism as all it did was send an opt-out request to the browsers. Discretion was still with the website owners whether they honored that request or not. In the absence of regulations that would obligate the websites to honor DNT requests, websites and publishers were just not pushed to care, and very few advertising companies offered any support for the DNT.

Reputed advertising bodies such as the Digital Advertising Alliance and the Direct Marketing Association actively discourage the use of DNT by their members, citing insufficient regulations and a lack of established protocols on how websites should respond to the header. Thus, the DNT technology sadly never launched, and it became an inadequate privacy tool.

Currently, most web browsers have built-in options allowing users to enable DNT settings, Safari is the only one that discontinued this feature, deeming DNT as an expired standard. However, web browsers have also been proactive in ensuring that users aren’t left entirely helpless. The famous “incognito mode” or “private browsing mode” was introduced by most browsers, particularly to ensure that users could browse the internet without having to worry about cookies and their browsing habits being tracked. It was a good start. It wiped the session data from a user’s device but didn’t completely disable tracking from advertisers.

How to Enable DNT Settings in Your Browser?

Here’s you can enable DNT in some of the most popular web browsers:

Google Chrome

  • Click on Settings > Privacy & Security
  • Click on Cookies and other site data
  • From here, scroll down and toggle on the Send a “Do Not Track” request with your browsing traffic option.

Firefox

  • Click on Preferences > Privacy & Security
  • From here, scroll down to Send websites a “Do Not Track” signal that you don’t want to be tracked and select Always

Safari

  • Click on Preferences
  • Select the Privacy tab in the navigation menu
  • Check the Block all cookies box.

Edge

  • Click on Settings > Privacy, Search, and Services
    Toggle on the ​​Send “Do Not Track” Requests option

A Standardized Opt-Out Solution

Most privacy regulations either have an opt-in or opt-out model in place. As the name suggests, in an opt-in model, users have to consent to have their data collected. This model is one that is supported by frameworks such as General Data Protection Regulations (GDPR). On the contrary, the opt-out model allows data collection by default. The user must indicate that they wish to opt-out of having their data collected or, by extension, having their digital activities tracked.

The California Consumer Privacy Act (CCPA) requirement of having a Do Not Sell My Personal Information button or link on their web pages is an example of an opt-out mechanism in place. Another example of the opt-out mechanism would be AdChoices, a self-regulatory program that ensures users only sees ads based on their preferences. However, the AdChoice opt-out preference is stored in a cookie. Hence, if a user were to clear the cookies in their browser, the opt-out signal would also be eliminated.

The DNT, on the other hand, is a far simpler opt-out mechanism. Anytime a user connects to the internet, their traffic requests begin with bits of information known as “headers”. These headers include information such as the user’s browser, the default language, device, location, and other information. The DNT is a header, which, when enabled, precedes all other headers indicating to a website that this particular user does not wish the rest of their headers to be tracked.

At this point, if a website honors DNT requests, it may filter out such users, and this is why the DNT is a far more standardized opt-out mechanism since it can be enabled on any user’s traffic without requiring the use of any additional form of cookies.

Advertising Under the Microscope

Of course, the most direct impact of DNT was, is, and will always primarily be in the digital advertising world. Digital marketing now represents a significant strategic tool for most organizations, and for good reasons. Why target thousands when you can target millions? Or, more accurately, why target a thousand random users online when you can now target a million users far more likely to opt for what you have to offer?

That latter bit relies on tracking users’ online browsing behaviors and habits. DNT represents an existential threat to the advertising world. Even when browsers or websites choose not to offer any support for DNT, users have plenty of alternatives, such as Adblockers, that undo the entire purpose of collecting users’ data in the first place.

There have been growing calls for the advertising industry to adopt more privacy-friendly and less invasive methods. There’s no clear answer to how the industry plans to do that as a whole, but individual stakeholders have been developing methods to make it a possibility.

Google has been particularly active in that regard. It introduced Federated Learning of Cohorts (FLoC) that would have categorized all users into groups based on their shared interests online as an experiment to see if cookies could be replaced altogether.

It has since scrapped FLoC and focused on Topics. It is yet another experiment meant to replace individualized data collection on users.

The Future of Do Not Track

While DNT may not have become a standard industry practice, it may yet still achieve what it was meant to in essence.

The EU’s e-Privacy Directive requires businesses to give notice to website visitors on the use of cookies and track users via or use cookies only after they obtain users’ explicit consent. The websites are required to display a banner that clearly shows which are strictly necessary cookies and the ones that are only required for analytics for advertising purposes. This allows the users to choose and select which cookies they wish to accept.

The Global Privacy Control (GPC) is an HTTP header field, similar to the Do Not Track. It is a browser extension, which, when enabled, sends signals to websites that the user wishes to opt-out from selling their personal data (in compliance with the CCPA) or both the selling and sharing of their personal data (in compliance with the CPRA from January 1st, 2023).

Just like the DNT, the GPC can indicate to all websites and publishers that a user does not want to have their data sold or shared in any form by ad trackers regardless of the technology being used, i.e., cookies, etc. The GPC has garnered a name for itself after being declared a valid mechanism for a consumer to make a ‘Do Not Sell My Personal Information’ request as per Section 1798.120 of CCPA.

The California Attorney General left little room for doubt after reiterating that organizations subject to the CCPA would have to respect any signals sent via the GPC or face penalties for non-compliance with CCPA Section 1798.120.

The recent fine levied on Sephora for failing to detect and process consumers’ opt-out requests made via their GPC signals indicates that organizations must now take such global user consent preference signals and requests not to have their data tracked, collected, or sold very seriously.

GPC may very well be the spiritual successor to the DNT, as many have described it so. However, unlike the DNT, websites now have a legal and regulatory obligation to adhere to it, with strict monetary fines for those that fail to do so. Read more on GPC and what it means for privacy here.

Automate Do Not Track Signals with Securiti Privacy Center

Just like the Do Not Sell My Personal Information signal under the CCPA, other data regulations have similar options for users. The upcoming California Privacy Rights Act (CPRA) takes it further with its Do Not Sell or Share My Personal Information signal.

In other words, users now have a legal right to request an end to the website collecting or sharing their data with third parties for cross-contextual advertising even without there being an exchange of monetary value - covering a lacuna that existed in CCPA Section 1798.120 which was being exploited by certain online advertisers to consider their activities outside the remit of a ‘sale of personal information’. This new provision will require websites to rethink their online advertising strategies and pay greater attention to regulatory compliance to avoid millions of dollars in fines and the loss of users’ trust.

Securiti is a market leader in providing enterprise solutions related to data compliance and governance. Its artificial intelligence and machine learning algorithms-based solutions ensure an organization can effectively comply with any and all global obligations set forth by data regulations.

Its Privacy Center allows a website to comply with a myriad of complex and evolving global privacy regulations from a centralized interface, such as cookie consent, privacy notice management, individual DSAR requests, and Do Not Sell functionalities.

Additionally, Securiti provides a Do Not Track functionality that lets you detect the DNT signal from the leading W3C Working Group and reflect the user's status properly within the centralized Privacy Center dashboard.

Request a demo today to learn more about how Securiti can help you comply with the CCPA and all other significant data regulations globally.


Key Takeaways:

  1. Introduction to Internet Use and Data Tracking: Nearly 5 billion people use the internet as of 2022, making it a crucial channel for businesses to understand and connect with their target market. Websites use cookies to track users' online behavior to improve user experience and increase conversion rates.
  2. Privacy Concerns and Do Not Track (DNT): With the rise of privacy concerns, DNT emerged as a technology allowing users to signal their preference not to be tracked across websites. However, DNT is not enforceable, and websites can choose to ignore the signal.
  3. Evolution of Cookies and Tracking: Initially created for simple tasks, cookies have evolved into tools for extensive data collection and tracking, raising privacy concerns. This led to calls for mechanisms like DNT to give users control over their online privacy.
  4. Web Browsers and DNT: Various web browsers responded to these concerns by incorporating DNT features, allowing users to express their preference not to be tracked. However, the lack of mandatory compliance means websites are not obligated to honor DNT signals.
  5. DNT and Advertising: DNT poses a challenge to the digital advertising industry, which relies on tracking user behavior to target ads effectively. Despite alternatives like "incognito mode," the lack of comprehensive tracking prevention has led to the development of new methods like Google's Topics to replace cookies.
  6. Implementing DNT in Browsers: Users can enable DNT in browsers like Google Chrome, Firefox, and Edge, sending a signal to websites about their tracking preferences. Safari, however, has discontinued this feature.
  7. Opt-Out Mechanisms and Privacy Regulations: Privacy regulations, such as the EU’s e-Privacy Directive and the California Consumer Privacy Act (CCPA), require websites to inform users about cookie use and obtain explicit consent for tracking, offering a more structured approach than DNT.
  8. Global Privacy Control (GPC): GPC, a successor to DNT, sends a similar signal but with regulatory backing under laws like the CCPA, obligating websites to honor user preferences not to sell or share their personal data.
  9. Future of DNT and Privacy Compliance: While DNT has not become a standard practice, initiatives like GPC and evolving privacy regulations continue to enhance users' control over their data. Organizations must navigate these regulations to ensure compliance and maintain user trust.
  10. Securiti's Role in Privacy Compliance: Securiti offers solutions to help organizations comply with global privacy regulations, including managing cookie consent, DSAR requests, and adhering to Do Not Sell or Share requirements. Securiti's Privacy Center facilitates compliance with a centralized interface, demonstrating the importance of automated solutions in managing privacy obligations effectively.

Frequently Asked Questions (FAQs)

"Do not track" (DNT) is a browser setting that signals to websites and online services that the user does not want to be tracked for advertising or analytics purposes.

Whether you should turn "do not track" on or off depends on your privacy preference. Turning it on indicates you don't want to be tracked while turning it off implies you're okay with being tracked for advertising and analytics.

The effectiveness of "do not track" depends on websites and online services honoring the signal. Some sites may respect it, while others may not. It's not a guaranteed method for preventing all forms of tracking.

A DNT, or "Do Not Track," is a setting in web browsers that sends a signal to websites, indicating the user's preference not to be tracked for targeted advertising or analytics.

On an iPhone, "Do Not Track" is a browser setting that indicates to websites that the user does not want to be tracked for advertising purposes.

Whether you should turn off "Do Not Track" on Chrome depends on your privacy preferences. If you want websites to honor your tracking preferences, you may keep it on. If you want personalized experiences, you might turn it off.

"Do Not Track" refers to browser settings indicating a user's preference not to be tracked online, while "Do Not Call" is a registry to prevent receiving unsolicited telemarketing calls.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share


More Stories that May Interest You

What's
New