Apache webserver patch set to ignore IE10's Do Not Track feature

By Lee Kaelin on September 11, 2012, 5:30 PM

An Apache HTTP webserver developer has stirred up controversy after releasing an update for the webserver application to Github that ignores Internet Explorer 10's "Do Not Track" (DNT) settings. Roy Fielding, an architect of the DNT standard, an Adobe employee and the chief scientist for Apache, says he made the changes because Microsoft is deliberately violating the standard -- a fact Apache won't tolerate.

"[DNT] must reflect the user's preference, not the choice of some vendor, institution, or network-imposed mechanism outside the user’s control." DNT is intended to give computer users a simple means of preventing their browsing habits from being tracked by websites and advertisement networks. Although it's yet to be finalized, it hasn't stopped Microsoft from adding its own interpretation to its Web browser.

In June, Microsoft said that IE10 would enable DNT by default, which raised curiosity and anger in equal measures because the decision seemed contrary to an agreement made with the Digital Advertising Alliance, a consortium of which Microsoft is a member. The company agreed with all parties to honor DNT as long as it was not made the default setting for all browsers.

Critics of Fielding's patch say that users are informed DNT will be enabled when they select the "express settings" option during the final stages of installation and, as such, IE10 is fully compliant with the standard. They argue that it isn't Apache's job to police the standard.

"The only reason DNT exists is to express a non-default option," Fielding wrote when defending the patch. "That's all it does. It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization."




User Comments: 8

Got something to say? Post a comment
Guest said:

So if you workaround some copy protection you'll go to jail, but if some corporations override your privacy settings its ok?

Darth Shiv Darth Shiv said:

Very poor from Apache.... but then again leaving the server to honour "do not track" client settings was always flawed and subject to such abuse in the first place.

Win7Dev said:

Very poor from Apache.... but then again leaving the server to honour "do not track" client settings was always flawed and subject to such abuse in the first place.

This exactly. Design your browser to hide all possible information from the webserver if you want privacy. Add vpn and proxy specific options if you really want privacy.

Archean Archean, TechSpot Paladin, said:

Design your browser to hide all possible information from the webserver if you want privacy.

+1

I wonder if MS would push/support for alternatives e.g. Lighttd, Nginx, Boa, IIS etc. ....... could be fun if it happens.

Staff
Jesse Jesse said:

+1

I wonder if MS would push/support for alternatives e.g. Lighttd, Nginx, Boa, IIS etc. ....... could be fun if it happens.

You wonder if Microsoft would support IIS as an alternative? That's an emphatic yes.

Very poor from Apache

I disagree, it should be the user's choice, not Microsoft's.

Tygerstrike said:

Personally I feel that they shouldnt track you anyways. The joy of online, is that the user gains annonimity. You get to surf the web in the comfort of your own home. Going to whatever website strikes your fancy. That allows you to explore the web and all it has to offer w/o the judgments of others. I find it a bit disturbing that ppl want to know if im going on a game site or a porn site. Tracking is a slippery slope. Yea I'm sure those that track you are going to say they are doing it to provide you a better web experience. In the end it all boils down to the fact that DNT should be a default setup. Its not anyones business what and where you choose to visit.

TJGeezer said:

I understand wanting to stick by a standard but I don't get Apache's position here. How is "uncheck here if you don't want DNT" different qualitatively from "check here if you do want DNT"? Either way, it's the user's choice. If IE10 presents the choice clearly during the install but defaults to more not less privacy, doesn't this server mod award the Snoopy Bad Boy demerit badge to Apache? This makes no sense.

Staff
Rick Rick, TechSpot Staff, said:

Personally I feel that they shouldnt track you anyways. The joy of online, is that the user gains annonimity. You get to surf the web in the comfort of your own home. Going to whatever website strikes your fancy. That allows you to explore the web and all it has to offer w/o the judgments of others. I find it a bit disturbing that ppl want to know if im going on a game site or a porn site. Tracking is a slippery slope. Yea I'm sure those that track you are going to say they are doing it to provide you a better web experience. In the end it all boils down to the fact that DNT should be a default setup. Its not anyones business what and where you choose to visit.

Giving users a "better experience" is noble, but the *real* problem with DNT is untargeted advertising is nearly worthless. Advertising, of course, makes a lot of the free content we enjoy on the Internet possible and knowing what your demographics and interests are raises the value of that advertising a great deal.

It's really a matter of privacy vs. revenue. There needs to be a balance. An extremely hard turn in either direction could make the web a very unfun place to hang out.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.