Do Not Track DNT

When enabled DNT ( Do Not Track ) sends HTTP headers that say: "Hey I do not want to be tracked" to every web server visited.

DNT would be an OK anti-tracking method in an ideal world. However, in our world this is a naive and not effective method.

The average user thinks that Do Not Track is an effective anti-tracking switch. Up until recently the text right next to the DNT checkbox on Firefox was insanely misleading. Now, ( 1345632068 ) on most Firefox versions the text next to the DNT switch checkbox reads "Tell websites I do not want to be tracked." It fails to mention that almost 100% of the websites do not understand or simply ignore the DNT header. Therefore, DNT is still misleading and hurtful to the average user.

At this moment ~100% of the web servers on the Internet do not understand or simply ignore the DNT header. -- Try the anon checker with DNT enabled a couple of times.

The information logged by the web server when a resource is requested: IP address , date , user-agent , etc is already logged when the DNT signal arrives. It is unwise for a system administrator to not log this information. A pro-privacy, pro-anti-tracking system administrator , systems team or company may delete such logs every 24 hours or every week. If a web service is willing to not log anything then it does not need to wait for a signal. The DNT scheme is useless when it comes to resource request logging.

The information that enables tracking is some unique identification string stored and transmitted by the browser. That along with information leaks such as preferred language, system time, fonts used , plugins installed , system internals accessed by powerful plugins , connection heuristics , century-old cookies , web services logging every click associated to that unique identification string, etc , draw a pretty good picture of the human using the browser. DNT simply adds a bit of entropy to the above list.

The information leak that enables tracking can be stopped by the browser. This information does not need to reach the server. The user does not need to ask the server to not track him.

Let 's assume that you want to protect your troops in a fire zone. Would you give them bulletproof vests or t-shirts that say "Do not Shoot me"?

Why, what is wrong with the "Do not Shoot me" t-shirts? Well, first of all they are not bulletproof, second there is a good chance that the enemy does not understand English, and third the enemy is not going to stop shooting at you just because you asked him or because he read it on your t-shirt.

Let 's look at another simple example demonstrating the fundamental flaw in the DNT design.
Let's assume that you want to secure your house from intruders. Would you choose to put a door with a lock in the entrance of your house or take off the door and put a "Do not Enter" sign next to the entrance?

It is trivial to program an anti-tracking switch that stops the information enabling tracking to leave the browser. This anti-tracking switch combined with a descent proxy used by many users could conceal one's privacy.

This anti-tracking switch would disable cookies, turn off plugins or run them in a strict mode, etc. If the switch was a global setting average users would wonder why half the Internet is broken so something like a new no-tracked window, something like the "Incognito Window" on Chrome would be nice. Something like the "Incognito Window" that works because the Chrome Incognito Window is an another session window but it is not Incognito at all.




DNT - Do Not Truck Joke