“Do Not Track” (DNT) is a privacy setting which is currently supported in IE, Firefox, Safari and Opera with Chrome support coming soon. When enabled, your browser informs advertising networks, websites and applications that you want to opt-out of tracking for purposes such as behavioral advertising.
DNT Implementation
It’s important to note that DNT is a draft specification and not a distinct technology. When enabled, the browser simply sends a field named DNT with a value of 1 in the HTTP header. This can be detected by your web server using PHP or any other code, e.g.
<?php
$DNT = 'HTTP_DNT';
if (isset($_SERVER[$DNT]) && $_SERVER[$DNT] == 1) {
// DO NOT TRACK enabled
}
else {
// DO NOT TRACK disabled
}
?>
DNT is voluntary. There is no legal requirement to use it and enforcement is an honor system — much like robots.txt.
How Should Your Server Application React?
This is where DNT requirements become a little ambiguous. In essence, DNT should not affect tracking of individuals on single applications or websites. However, it will prevent your actions being tracked across two or more sites. Therefore, you should not assign a unique ID to a specific user (via a third-party cookie) as they move from one domain to another. Let’s look how this affects typical applications.
Advertising Networks
An advertising network which showed an advert for blue widgets on site A because it knows you read about blue widgets on site B would be a clear breach of DNT rules. DNT won’t prevent adverts being displayed by the same organization, but the user should remain anonymous across their whole journey.
However, if the user is permitted to express their topic interests up-front, the network can serve relevant advertisements based on those preferences.
Social Plugins
DNT will affect social plug-ins such as the Facebook ‘Like’ system. For example, you should not be able to see a list of friends who liked a specific page because that would require tracking you as an individual on a site which was not Facebook.com.
That said, Facebook can work around this restriction by providing an “enable personalized ‘like’ buttons” option on their site. The widget would then function as though DNT were not enabled.
Website Analytics
A system such as Google Analytics is permitted to collate user data when DNT is enabled if:
- Visitor tracking is limited to individual websites, e.g. if the user linked elsewhere, their details would not be replicated or used in some way.
- Data must be siloed separately for each domain.
- The Analytics organization would not be permitted to access or use the data for their own purposes.
So far, so good. But DNT has recently hit the headlines owing to a controversial Microsoft proposal for IE10. I’ll discuss that further in my next article…
Craig BucklerCraig is a freelance UK web consultant who built his first page for IE2.0 in 1995. Since that time he's been advocating standards, accessibility, and best-practice HTML5 techniques. He's created enterprise specifications, websites and online applications for companies and organisations including the UK Parliament, the European Parliament, the Department of Energy & Climate Change, Microsoft, and more. He's written more than 1,000 articles for SitePoint and you can find him @craigbuckler.
