By Craig Buckler

What is “Do Not Track” and How it Affects Your Website

By Craig Buckler

“Do Not Track” (DNT) is a privacy setting which is currently supported in IE, Firefox, Safari and Opera with Chrome support coming soon. When enabled, your browser informs advertising networks, websites and applications that you want to opt-out of tracking for purposes such as behavioral advertising.


DNT Implementation

It’s important to note that DNT is a draft specification and not a distinct technology. When enabled, the browser simply sends a field named DNT with a value of 1 in the HTTP header. This can be detected by your web server using PHP or any other code, e.g.

if (isset($_SERVER[$DNT]) && $_SERVER[$DNT] == 1) {
	// DO NOT TRACK enabled
else {
	// DO NOT TRACK disabled

DNT is voluntary. There is no legal requirement to use it and enforcement is an honor system — much like robots.txt.

How Should Your Server Application React?

This is where DNT requirements become a little ambiguous. In essence, DNT should not affect tracking of individuals on single applications or websites. However, it will prevent your actions being tracked across two or more sites. Therefore, you should not assign a unique ID to a specific user (via a third-party cookie) as they move from one domain to another. Let’s look how this affects typical applications.

Advertising Networks
An advertising network which showed an advert for blue widgets on site A because it knows you read about blue widgets on site B would be a clear breach of DNT rules. DNT won’t prevent adverts being displayed by the same organization, but the user should remain anonymous across their whole journey.

However, if the user is permitted to express their topic interests up-front, the network can serve relevant advertisements based on those preferences.

Social Plugins
DNT will affect social plug-ins such as the Facebook ‘Like’ system. For example, you should not be able to see a list of friends who liked a specific page because that would require tracking you as an individual on a site which was not Facebook.com.

That said, Facebook can work around this restriction by providing an “enable personalized ‘like’ buttons” option on their site. The widget would then function as though DNT were not enabled.

Website Analytics
A system such as Google Analytics is permitted to collate user data when DNT is enabled if:

  1. Visitor tracking is limited to individual websites, e.g. if the user linked elsewhere, their details would not be replicated or used in some way.
  2. Data must be siloed separately for each domain.
  3. The Analytics organization would not be permitted to access or use the data for their own purposes.

So far, so good. But DNT has recently hit the headlines owing to a controversial Microsoft proposal for IE10. I’ll discuss that further in my next article…

  • Q.E.D.

    So does that mean that google would no longer be able to track an individual from one site to the next using google analytics and sell that information to a 3rd party? Heck, I might actually consider using it if that’s the case!

    • Ideally, that should be the case now … but I doubt it is. Remember also that DNT won’t stop Google or any other company doing whatever they like.

      • Nick Stevens

        This is a very cynical outlook. If you actually ask the question of “why am I being tracked?” you might come to the realization that the company wants to sell you more stuff (i.e. – serve you better). The best way to get you to buy things is to provide you with the best experience and most relevant content. Nobody is selling your data from web analytics tools, nobody is profiting off of your anonymous activity data. DNT should be an option, but a better solution is for the organizations using these monitoring tools to be forced to expose the data to individuals upon request. Then people can decide whether this is malicious or not for themselves with some actually knowledge of what is being collected. Blanket statements like “Stop tracking me” or “no cookies” expose a gross lack of knowledge. This is why the UK instituted their no cookie enforcement, only to realize the only way to block cookies was by setting… wait for it… a cookie. If technology is over your head, hire some unbiased folks who can explain it to you – otherwise stick to print.

      • Q.E.D.

        Nick, are you saying that those gathering our information should be telling us what they know about us (not just what data is being collected – there is a difference between saying “we note your past browsing behavior” and “here are the sites you visited in the last two weeks – and who we told”), to whom they are selling that information, or both?

        Personally, I probably only consciously register about 10% of the ads I see online and I don’t care what they are. What concerns me is that a setup like google analytics can track me from one site to the next and compile a list of my browsing behavior. And since google analytics is used by so many sites, while google may not know my name, they do know where I bank, where I live, my religion, my political preferences, my hobbies, and possibly even who my friends are. That concerns me, and it should concern any web developer who cares about the privacy of his/her users. Just because someone is too ignorant to disable third party cookies doesn’t mean that their privacy is any less valuable.

  • I don’t think anyone really wants to be tracked. If anyone wants to be tracked, please respond with why. The only reason I can think of is that a person might like all the personalized ads they see.

    • Personalization is the only reason. Social plug-ins is possibly the most useful example. Or perhaps you like adverts for luxury British sports cars after you’ve been browsing the jaguar webcam stream at your local zoo!

      The whole concept of DNT has taken a slightly odd twist, however. Look out for my follow-up article later today…

      • I think what’s at stake is lots of advertising jobs and advertising opportunities. I don’t even know what a social plugin is….

  • i have no idea about this one…..

  • John

    Do not track is better than the silly cookie thing, however, my prediction is that a load of big companies will ignore it (it requires them to be honorable which is uncommon in advertising land) then get caught for privacy breaches beyond any pragmatic ‘service tuning’.

    Then the EU will get fed up after letting them ‘self regulate’ for a while, and then in their sledgehammer manner the EU will just make all tracking illegal (it has actually been suggested).

    The ad industry needs to watch out. The EU do have horrid pretty recent histories involving surveillance such as DDR, Holocaust etc that massively abused personal information and so since then take privacy very seriously.

    I don’t think US & UK really understand this mentality as those things haven’t happened close enough to home and some of the stuff I see coming out of the mouths of US based ad execs actually makes me sick.

  • Your blog is absolutely amazing and perfect for my need. I found your advice and tips very helpful and informative. Thanks for sharing. Hope to see more wonderful blog on your website and to see some exciting discussion.

  • There will always be tension between privacy and efficiency in terms of targeting from a marketing perspective.

    With IE’s recent preset disabling of tracking.. I think consumers will general OPT for no tracking than for tracking. So adnetworks and big sites are going to have to find other ways to “build profiles”

Get the latest in Entrepreneur, once a week, for free.