Microsoft and Mozilla edge towards web privacy consensus?

Header debate beats government regulation

Nothing helps rivals in the private sector find common ground quicker than the threat of government intervention.

Microsoft and Mozilla – makers of dueling browsers Internet Explorer and Firefox – could be headed towards some kind of industry agreement on giving netizens the power to stop ad networks from tracking their behavior.

Mozilla's chief executive Gary Kovacs has told the Wall Street Journal that the US government will probably mandate the use of a do-not-track tool in browsers to stop sites following users. According to the WSJ's Digits blog, he said: "It probably doesn't need to be regulated, but it probably will be... The thing that will give it teeth is what the user decides." He believes netizens will forgo technology and websites that offer simple privacy protections.

He spoke as Microsoft released the latest version of its browser, IE9.

Microsoft has been falling in love with its own reflection on IE9, banging on about "the beauty of the web". But security and privacy wonks will be more interested in the fact that Microsoft has submitted do-not-track technology in IE9 to the W3C standards group for ratification as an industry standard.

Microsoft uses Tracking Protection Lists. These contain web addresses that IE9 will visit only if the user hits that site directly by clicking on a link or typing their address. IE9 users can also make exceptions, letting IE9 "call" sites not actually visited.

It's a commercially friendly proposal that gives Microsoft's IE partners the opportunity to build ready-made lists of sites while also giving users the power to make their own.

Snuck into Microsoft's proposal, however, is the mention of a do-not-track header. A do-not-track header is the same approach being touted by Mozilla.

Microsoft is not talking about why it has included the header in its W3C proposal, and it has not said how this might work in the browser or in conjunction with Tracking Protection Lists.

Mozilla has been more forthcoming on its proposed an HTTP header. Mozilla has said that the HTTP header transmitted with every HTTP request will alert sites and networks to the fact the user doesn't want to be tracked.

Mozilla's proposal defines the syntax and semantics of the header and how websites and services might respond. Microsoft provides next to no detail, and the reference to the header in its W3C proposal is little more than a placeholder.

Contacted several times to explain its header proposal and how, if at all, it differs from Mozilla's proposal, Microsoft declined to provide details.

A Microsoft spokeswoman instead called its W3C submission "an example of Microsoft's commitment to receiving feedback from the standards community." The W3C's acceptance of Microsoft's submission "demonstrates that the industry also takes Microsoft's approach seriously and sees it as a potential solution to help provide choice and control for customers over their online privacy," the spokeswoman said.

The absence of details and Microsoft's unwillingness to discuss the subject suggests the matter is far from settled, and that there's everything's left to play for as the parties involved on this subject debate with each other and lobby regulators.

Further down Mozilla's operation, those closer to the privacy debate expect resolution. Mozilla submitted its header proposal to the Internet Engineering Task Force (IETF) after Microsoft slipped its header to the W3C in the Tracking Protection Lists proposal in February.

Mozilla's global privacy and public policy leader Alex Fowler reckoned it's not a matter of "if" but "how" the subject is resolved. Fowler expects the first thing that will happen is the W3C and IETF will decide among themselves the best venue for settling the subject of do-not-track. Mozilla's man clearly believes the IETV is the best venue.

According to Fowler's blog here: "While the W3C has considerable experience working on privacy-related standards, HTTP is the domain of the IETF. We also understand that the IETF may be a more open venue for stakeholders impacted by DNT who may not be members of the W3C."

Things are coming to a head thanks to politicians' involvement, according to Center for Democracy and Technology director of consumer privacy Justin Brookman.

The browser makers' do-not-track options were rapidly ushered into code following a report by the Federal Trace Commission (FTC) last year that said industry efforts to self regulate were moving too slowly. Among a series of measures, the FTC proposed the inclusion of a do-not-track mechanism with a simple opt-out procedure in browsers.

Brookman's group has been trying to build a consensus around the subject among browser makers, ads companies, and the FTC. It published a report earlier this year on how to handle things like analytics, benchmarking, and market research online through the browser.

He told The Reg that he's happy to see browser makers coming up with new ideas to protect consumers' privacy using do-no-track.

The problem is the options from Microsoft, Mozilla, and Google - the third major browser maker pushing yet another approach, which introduced a Chrome extension that will store your privacy settings with different opt-out programs - require broad industry backing.

As far as Microsoft's Tracking Protection Lists are concerned, they require "a good person running the list", Brookman said. He calls the do-not-track header "the easier idea."

With tech companies reacting to the threat of regulation on do-not-track, it sounds like the next battle will over where the matter is thrashed out - the W3C or IETF. And, in the absence of comment from Microsoft, it seems the company's already prepared the ground to insert a header-based do-not-track approach in IE by inserting big place holder in to its W3C submission.

That place holder will swing into action should Microsoft lose the subsequent debate on who has the best approach for do-not-track, or if regulators move from recommending to insisting their proposals are adopted.

If that happens, it will be Mozilla and Microsoft on the same page with Google as odd man out. ®

Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022