Chester Wisniewski writes:
The Apache Foundation, which oversees httpd, the world’s most popular web server, has decided to ignore an important privacy setting for users of Microsoft’s upcoming Internet Explorer 10 browser.
This feature, known as Do Not Track (DNT), allows users to express their preference to not be tracked by online advertising networks through the use of a header the browser sends every time you visit a website.
Read more on Naked Security, including the comments on Chet’s post.
You can color me livid over this one. Fielding’s disagreement with how IE 10 handles Do Not Track (DNT) puts users at risk of diminished privacy. Consider this hypothetical:
Jane Doe (a distant relative of Dissent Doe) hears that IE 10 has DNT as the default setting for the browser if she just uses the Express Settings option. Having been burned by Facebook’s confusion of settings, she decides to switch to IE 10 and just use that default setting. Of course, Jane Doe does not know that some sites will ignore the DNT header, and she may be somewhat overconfident about what she has accomplished, but she has no idea that her preferences – established by switching to the browser and using the default settings – are being stripped away because Apache doesn’t approve of how Microsoft implemented the DNT standard.
Shame on Apache for doing this. It’s bullshit moves like this that reinforce the notion that regulation is needed to require sites and advertisers to respect the DNT header.
And I have one question on this bright Sunday morning:
If the FTC fined Google $22.5 million for overriding Safari users’ privacy settings, will they fine Apache or those sites that do not comment out Apache’s patch?