Do-Not-Track in Chrome and Firefox: Different Approaches, Same Fatal Flaw

Google and Mozilla both want to give you more privacy controls in their Web browsers, but the way Chrome and Firefox handle do-not-track are quite different.

Google will, ironically, rely on tracking cookies to help users opt out of behavioral ads. The Keep My Opt Outs Chrome extension, which was announced Monday, activates do-not-follow cookies from the Network Advertising Initiative, telling them not to track your behavior on the web.

Ad networks that participate in the NAI already allow you to opt out on the group's website, but these preferences are lost if you clear your browser's cookies. Keep My Opt Outs remembers your do-not-track preferences and adds new participants in the Network Advertising Initiative automatically.

Mozilla wants to add an opt-out button to Firefox's basic settings, instead of using a browser extension. When users visit a website, Firefox will broadcast the user's preferences as an HTTP header, effectively telling sites not to track users on a case-by-case basis.

Firefox's approach is cleaner on the user's end, but will take longer to implement. Even if Mozilla adds this feature in the next version of Firefox--not a given, a Mozilla blog post on the matter suggests--websites will still have to recognize the HTTP header. For now, the cookie-based approach that Google is adopting will have to suffice.

Still, both approaches share the same flaw: they rely on the good faith of advertisers. Although the Network Advertising Initiative consists of the 15 largest ad networks in the United States, unscrupulous advertisers in the web's shadier corners certainly won't be participating.

This speaks to a larger problem with the current hysteria over web tracking: telling good-natured websites not to follow your activity ultimately amounts to an attack on relevant advertising. Meanwhile, websites may run amok with your information in more serious ways. Just last week, Facebook revealed that developers are free to gather home addresses and phone numbers from user profiles (Facebook has since tabled the plan while it thinks of a way to better warn users about giving away their contact details.)

Personally, I'd rather see a banner ad for a video game based on my browsing habits than give away my phone number just for playing a game on Facebook, but there's no browser extension to prevent the latter.

Subscribe to the Security Watch Newsletter

Comments