• ARTICLES
SEARCH

How-To Geek

Why Enabling “Do Not Track” Doesn’t Stop You From Being Tracked

image

The “Do Not Track” option is enabled by default in Windows 8’s Internet Explorer 10 and available in Firefox, Safari, and Opera. Google is even adding it to Chrome. There’s just one problem: it doesn’t actually prevent tracking.

The Do Not Track check box can provide a false sense of security. While a few websites will pay attention to it, the vast majority of websites will ignore your preference.

What Tracking Is

Tracking takes a variety of forms. Websites and the advertising network scripts they use track what pages you visit online and serve you advertisements based on your interests. For example, if you visit a website for a specific product and then surf to another website, you may continue seeing advertisements for the product you viewed earlier. if you search for information about Android, you may see Android advertisements on other websites you visit, even if they’re not technology-related.

This data about you may also be analyzed or sold. There are also more basic types of tracking – for example, websites can see which pages you visit on them and how long you spend on each page. This can help websites determine what their visitors are interested in.

What “Do Not Track” Does

Your browser uses HTTP to communicate with websites. When you enable Do Not Track, your browser includes the “DNT” HTTP header with a value of “1” whenever you connect to a website.

The value of “1” expresses your wish to opt out of tracking. In other words, when you enable Do Not Track, your browser sends a request asking the website not to track you each time you connect to a website.

All browsers except the current version of Google Chrome have this option, and even Google Chrome will have it soon. For example, it’s named “Tell websites I do not want to be tracked” in Firefox.

image

Default Settings

The Do Not Track header has three possible values:

  • 1 – Do Not Track (Opt out of tracking)
  • 2 – Track (Opt into tracking)
  • Null – No preference

By default, web browsers use the null value, indicating that you haven’t expressed a desire of whether you want to be tracked or not.

image

The one exception is Internet Explorer 10, which automatically enables Do Not Track. This is extremely controversial because it violates the Do Not Track Standard.

The Do Not Track standard is designed to allow users to indicate a preference, and the authors of the Do Not Track specification and the Digital Advertising Alliance both disapprove of Microsoft’s choice. If Do Not Track is on by default, they argue that there’s no way to know whether the user has actually expressed an individual preference. Roy Fielding, one of the authors of the Do Not Track standard, updated the open-source Apache web server to ignore Do Not Track signals sent by Internet Explorer 10 for this reason.

The Problem With Do Not Track

Enabling “Do Not Track” doesn’t change any browser privacy settings. When you enable Do Not Track, your web browser asks each website you connect to please not track you.

The problem is that most websites simply ignore the “do not track” request. Websites have to be updated to pay attention to this field, and most websites aren’t interested in obeying it.

image

What Websites Do

Most websites simply ignore the Do Not Track field. Among websites that listen to the request, they’ll react to the request in different ways. Some will simply disable targeted advertising, showing you generic advertisements instead of ones targeted to your interests, all while tracking you and using the data for other purposes. Some may disable tracking by other websites, but still track how you use their website for their own purposes. Some may disable all tracking. There’s little agreement on how websites should react to Do Not Track.

Currently, Do Not Track is completely voluntary. In the future, it’s possible that some countries will pass laws forcing websites to obey this preference. It’s also possible that some advertising or business organizations may require their members to obey this setting.


The debate over tracking is a thorny issue – for one, tracking can be used to display ads for products you’re interested in, such as ads for tech products instead of ads for diapers. These ads also help fund websites.

If Do Not Track is enforced by law, the web will likely still be full of websites that track you. They’ll be located in other countries where adherence to Do Not Track isn’t enforced, just as our email addresses are constantly receiving spam in spite of spam being illegal in many countries.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 10/16/12

Comments (28)

  1. Bill

    i use AdFree or redirect ad sites to Local Host as my Do Not Track choice. if they can’t deliver their ads in the first place, then they can’t track. I also block Third Party Cookies completely and use NoScript to block all the Google bots and analytics. Its and escalating war…

  2. Citrus Rain

    I don’t get why they don’t just make do-not-track enable a modified version of in-private browsing.

    That’s what they mean for it to be – just with passwords. Which are saved on the user end anyways.

  3. knot

    Adbloc plus and ghostery are your friends if you use firefox

  4. Donna

    “Do not track” should be renamed to “show me ads that I dislike”.

    “Track me” should be renamed to “show me ads for products that I like”.

    Yes, it’s exactly the OPPOSITE of what you would think. You should always keep “do not track” turned *OFF*, not on.

    Besides, neither setting would “increase the NUMBER of ads”, nor “decrease the NUMBER of ads” anyway.

  5. Yu

    Does anyone have experience with the “Do Not Track Plus” addon (Chrome, Firefox)? It is supposed to actively prevent tracking client-side.

  6. Dan

    While I have DNT set to 1, I have no faith that advertisers would honor my choice. Which is why I will continue to use adblockers.

  7. cam2644

    I back up what knot says.Adbock Plus on Firefox is really helpful.

  8. OldSalt

    Just spoof the IP address of the IRS and leave the browser opened on the Contact page of the advertisers website….j/k

  9. metalika

    And does the firefox addon “Do Not Track Plus” make any changes or is it the same ???

  10. ibivi

    Maybe a national list of users who wish not to be tracked could be established like the national “Do Not Call” list. If it is a law perhaps companies would be less likely to violate it. No guarantee of course but it might make them more observant if users had an option to file class action suits against them.

  11. 0xRiddle

    Just install adblock plus and block all ads . Man ! that six abs google add kept haunting me until I installed it .

  12. harv

    Telling a site you do not want to be tracked simply provides them with another bit of information about you. Even if you delete all cookies it is still likely that you are leaving enough traces to be tracked. See http://panopticlick.eff.org/

  13. Yu

    On a side note, we have a major clash of interests and even moral here.

    One the one hand everyone is happy about free content, such as this blog. The free content however is financed by advertising. Advertising however is highly inefficient, unless coupled with some degree of personal information. Granted, it would be possible simply to show technology related ads on technology related sites, but as tracking is more efficient, this is the way it is done.

    On the other hand there is privacy. When we block ads entirely, we turn into leechers, that take the free content and don’t help funding it (by accepting ads). If we block the tracking part, its still no good, when suddenly we see “ads for diapers” on the tech blog and thus will be less likely to click the ads (not to mention that the ads lose the tiny bit of informational value they had before), thus still depriving the content creators of some fraction of the income we should have generated.

    So I have to wonder… If I use a client side method for actually blocking tracking, will I still see reasonable ads based on the website I’m looking at? If so, that would seem to be the fair trade-off between privacy and financing free content. If however advertising gives you the choice between giving up on privacy and not contributing to financing the content, then there is some fundamental problem :-/

  14. stephen -- nyc

    One problem with ads is that most of them (as I see them) are for things that are not really accurate – for example, weight loss and work at home stuff. Notwithstanding First Amendment issues, if we could ensure that the ads were legitimate items (like if I saw an ad from ThinkGeek on this site) then the ads wouldn’t be such a PITA. But, just like with TV, I record shows and then use the FF button on my VCR (yeah, I’m old school). And with browsers, I use Opera and its content-blocking function. That way the amount ads I do see are less than without the blocking.

  15. jeepmanjr

    I use DNT+, Adblock+ and Astrill OpenVPN with Firefox 64-bit Nightly. I’m pretty happy with the results.

  16. TheFu

    I disable ABP for sites that I trust that don’t also get too obnoxious with the ads or javascript.
    By selectively blocking Javascript almost all ads, except the little text ones like google uses are gone.

    From a security perspective, blocking javascript is a must these days.

    I don’t bother setting DNT, using session cookies and blocking 3rd party cookies works better. Every day, I come back as a new visitor – THAT helps the websites.

  17. Dic

    Adblock Plus is for Chrome, too. I have it.

    After using Firefox and its predecessors for umpteen years, I have just shifted it off one of my m/cs, with the result that things happen a hell of a lot faster. I’m about to take it off my other connected computer.

  18. Sam

    Install superantispyware on your windows computer. After a quick scan you will see who is tracking you.

    What I find interesting is in Firefox superantispyware has no trouble removing the “trackers” but in Chrome superantispyware removes the trackers, but takes up to 20 times longer.

    Superantispyware has a free edition to anyone that wants to install the program..

  19. clamo

    @Yu: yes, it does not work. all it does is show you what tracking cookies are active at any given time.

    folks, IF YOU DO NOT WANT TO BE TRACKED, pay for a VPN. if you live in the states, make SURE you get one in another country.

  20. TheFu

    @clamo: a VPN doesn’t stop you from being tracked. At most, it just hides your real location, but chances are that some other left over tracking from when you weren’t on the VPN will give that away. If you don’t clear cookies, flash, silverlight and other “web objects”, you will still be tracked. In fact, the uniqueness of your browser’s signature might be enough to be tracked.

    The EFF has tools to help determine these things and open eyes.

    It is not easy to be untraceable on the internet, no single tool solves it. A mix of techniques is needed. Even TOR users can be tracked, but perhaps not “traced”, if they’ve done all the other parts correctly.

  21. Matt

    I like websites to track me. I want ads that are suited to me rather than generic ones that are of no use. Why would I want advertising for women’s clothing when I could be informed of new tech that interests me? I don’t mind companies selling my data either, so long as they are open about it and aren’t selling it to spam companies.

  22. ibivi

    I downloaded ghostery and was rather shocked at all the info it provides about who is trying to track you. I had to get rid of it though because it was causing shutdowns of my browser.

  23. KMP

    This article (Why Enabling “Do Not Track” Doesn’t Stop You From Being Tracked) should be titled (Why Enabling “The Please Do Not Track Request Option” Doesn’t Stop You From Being Tracked).
    Simply put the “Do Not Track” option in most newer browsers is nothing more than a request to a web site not to track, which may or may not be honored. The only way to enforce the “Do Not Track” is to install a browser add-on, which blocks tracking.
    The best of which is “Do Not Track +” from Abine. Read the following two page article, and make your own decision:
    http://www.pcworld.com/article/253378/do_not_track_tools_hands_on_showdown.html

  24. André

    VPN and Adblock do a lot of for me, perhaps i’m still being tracked, but i haven’t had any problems with it. I have switched from chrome to firefox though, because google tracks pretty much everything you do, even setting your VPN.
    @Sam, i’m going to try that!

  25. DgsWilson

    Right now I’m looking for ways to get off the comment tracking system (just started) but below is of interest. I used it…

    (xxxx)://www.networkadvertising(x)org/choices/

  26. Steve Zimmett

    Startpage Protects Your Privacy!

    Startpage, and its sister search engine Ixquick, are the only third-party certified search engines in the world that do not record your IP address or track your searches.

  27. Steve Zimmett

    I’ve been using Startpage for about 6 months and it uses Google as its search engine and it works. No tracking period.

  28. BobJam

    Yu made a very reasoned analysis of this, and I pretty much agree with him/her.

    For example, Avira has a nag screen that is nothing more than an advertisement to buy their retail version (or at least used to have one when I used Windows a few years ago . . . am a ‘nix kinda guy now). Now there are indeed ways to disable it, but I always thought to myself, “that is how they can offer a free version”, and while the nag was bothersome (before I figured out how to disable it . . . a questionable tactic if you read the EULA, but winked at on the Avira forum), I can definitely understand why they do it. Liked that nag screen? No. Understood why they did it? Yes.

    HTG here has an interesting iteration on this. If you’re not a member, but rather just an occasional visitor, they serve up ads. But if you’re a member, you don’t get the bothersome ads. Now I don’t think that’s unique to HTG, because other sites do that too.

    Nevertheless, some ads, like the infamous “Scan Now” that leads to scareware, SHOULD indeed be blocked.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!