{"id":6519,"date":"2012-09-08T22:30:29","date_gmt":"2012-09-08T21:30:29","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/?p=6519"},"modified":"2012-09-08T22:30:29","modified_gmt":"2012-09-08T21:30:29","slug":"adobes-roy-fielding-patches-apache-to-ignore-ie10-do-not-track-privacy-request","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/6519-adobes-roy-fielding-patches-apache-to-ignore-ie10-do-not-track-privacy-request.html","title":{"rendered":"Adobe\u2019s Roy Fielding patches Apache to ignore IE10 Do Not Track privacy request"},"content":{"rendered":"

Adobe\u2019s Roy Fielding, who is also the original author of the W3C\u2019s Tracking Preference Expression draft, has patched Apache<\/a>, the open source web server, to ignore the Do Not Track header sent by Microsoft\u2019s Internet Explorer 10, the browser in Windows 8:<\/p>\n

\"image\"<\/a><\/p>\n

Under the heading \u201cApache does not tolerate deliberate abuse of open standards,\u201d Fielding\u2019s patch sets Apache to remove the Do Not Track request header if IE10 is the web browser.<\/p>\n

Fielding\u2019s argument, one presumes, is that IE10 breaches clause three in the Tracking Preference Expression draft<\/a>:<\/p>\n

\n

Key to that notion of expression is that it must<\/em> reflect the user’s preference, not the choice of some vendor, institution, or network-imposed mechanism outside the user’s control. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user. In the absence of user choice, there is no tracking preference expressed. <\/p>\n<\/blockquote>\n

However the document goes on to say (highlighting is mine):<\/p>\n

\n

We do not specify how tracking preference choices are offered to the user or how the preference is enabled: each implementation is responsible for determining the user experience by which a tracking preference is enabled. For example, a user might select a check-box in their user agent’s configuration, install an extension or add-on that is specifically designed to add a tracking preference expression, or make a choice for privacy that then implicitly includes a tracking preference (e.g., Privacy settings: high<\/q>). The user-agent might ask the user for their preference during startup, perhaps on first use<\/strong> or after an update adds the tracking protection feature. Likewise, a user might install or configure a proxy to add the expression to their own outgoing requests. <\/p>\n<\/blockquote>\n

Here is what happens in Windows 8 after startup. This is among the first screens you see when installing Windows 8, before you get full access to the operating system:<\/p>\n

\"image\"<\/a><\/p>\n

One of the settings specified is \u201cTurn on Do Not Track in Internet Explorer. If you click Learn more about express settings you get this:<\/p>\n

\"image\"<\/a><\/p>\n

If you click Customize you get this:<\/p>\n

\"image\"<\/a><\/p>\n

Does this respect the user\u2019s preference? It seems to me a reasonable effort. The only objection I can see is if you consider that any user agent that defaults to setting Do Not Track on cannot be respecting the user\u2019s preference. The draft specification does not state what the default should be.<\/p>\n

It is also worth noting that clause 3 in the Tracking Preference Expression draft has changed; the wording about \u201cnot the choice of some vendor\u201d was inserted in the 7th September draft, after<\/strong> Windows 8 was released to manufacturing. Here it is in the latest (March 2012) W3C Working draft<\/a>:<\/p>\n

\n

Key to that notion of expression is that it must<\/em> reflect the user’s preference, not the preference of some institutional or network-imposed mechanism\u2026<\/p>\n<\/blockquote>\n

Even if you agree with Fielding\u2019s views on browser defaults, quietly patching the world\u2019s most used web server to ignore the IE10 setting looks hard to defend, especially on a matter that is far from clear cut. Fielding is personally involved, not only as the author of the Tracking Preference Expression document, but also as an employee of Adobe, which specialises in digital marketing and may be more aligned with the vendors and their brands which may want to track user activity wherever their ads appear, rather than with end users.<\/p>\n

Of course Apache is an open source project and Fielding\u2019s patch has attracted the attention of the Apache community and may not survive. <\/p>\n

It is also possible that a future draft of the Tracking Preference Expression document will state that Do Not Track must<\/strong> be off by default; but even if it does, patching the web server to ignore the browser\u2019s header strikes me as a contentious solution.<\/p>\n

Finally, it is worth noting that sending the Do Not Track header has little effect on whether or not your activity is tracked, since its meaning is unclear and respecting its value is a a choice made by third-parties, so this is a debate with little practical impact for the time being.<\/p>\n","protected":false},"excerpt":{"rendered":"

Adobe\u2019s Roy Fielding, who is also the original author of the W3C\u2019s Tracking Preference Expression draft, has patched Apache, the open source web server, to ignore the Do Not Track header sent by Microsoft\u2019s Internet Explorer 10, the browser in Windows 8: Under the heading \u201cApache does not tolerate deliberate abuse of open standards,\u201d Fielding\u2019s … Continue reading Adobe\u2019s Roy Fielding patches Apache to ignore IE10 Do Not Track privacy request<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,44,55,62,97],"tags":[123,149,337,586,676],"class_list":["post-6519","post","type-post","status-publish","format-standard","hentry","category-adobe","category-internet","category-microsoft","category-open-source","category-windows","tag-adobe","tag-apache","tag-do-not-track","tag-microsoft","tag-open-source"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/6519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=6519"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/6519\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=6519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=6519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=6519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}