Moving Mozilla stuff to our new Privacy Blog

We’ve launched the Mozilla Privacy Blog today to bring together announcements and news about all the awesome work we’re doing in privacy! Covering our work on Do Not Track, privacy icons, as well as new product features and policy activities, the blog is intended to be our hub for privacy.

To kick things off, we’ve posted The Do Not Track Field Guide, which includes the latest adoption numbers of DNT by Firefox users. The Guide includes case studies, tutorials and sample code. In addition, our Metrics team provided a nice chart of the rate of user adoption of DNT, which is included with the post about the Guide.

Exciting stuff!

Alex Fowler

Mozilla Brown Bag on BrowserID & Privacy, 08/17/11, 12noon Pacific

Next week, Mozilla is hosting a brown bag on “BrowserID Privacy Architecture.” Ben Adida, Mozilla’s technical lead for BrowserID, will describe the details of our experimental identity system for the web and lead an open discussion on privacy and security related dimensions of our approach.

Topic: BrowserID Privacy Architecture
Presenter: Ben Adida,
Date: August 17, 2011
Time: 12:00 PM Pacific
Location: 650 Castro Street, Third Floor, 10 Forward, Mountain View, California
Live Video: http://air.mozilla.org
IRC: irc://irc.mozilla.org/airmozilla

Mozilla Labs designed the BrowserID experiment to increase user convenience and safety online. Using Mozilla’s Privacy & Data Operating Principles as guidelines, we are developing a system that seeks to maximize user privacy and control by shrinking the user-data minefield, disclosing information to sites only on a need-to-know basis, employing a model that is intuitive and users understand, and limiting tracking of browsing behavior while also enabling pseudonymity online.

More information about BrowserID is online at:

• Privacy and BrowserID, July 21, 2011
• Introducing BrowserID: A better way to sign in, July 14, 2011

Bring your lunch and join us in Mountain View or eat at your desk and participate remotely.

Alex Fowler

DNT Gaining Traction in Europe

The DNT meme has crossed the Atlantic! Two important policy makers in Europe made statements just one week apart supporting Do Not Track (DNT).  It appears there’s genuine interest by these EU regulators to determine how a website’s support for DNT meets compliance with legal obligations under the ePrivacy Directive.

I was in Paris today where Ed Vaizey, UK Minister of the Department for Culture, Media and Sport, told participants at the OECD High Level Meeting on The Internet Economy that “support for DNT is already being explored in the UK” and is part of the discussions underway by his Department’s Browser Working Group.

The strongest call for DNT in Europe came last week from Neelie Kroes, the Vice President of the European Commission responsible for the Digital Agenda for Europe. She told those of us participating in the Online Tracking Protection and Browsers Workshop in Brussels that “we should collectively pay more attention to the emerging ‘do-not-track’ technologies,” and she challenged industry in Europe to make it happen by June 2012. Here’s the key excerpt from her speech (and make sure you read the last sentence below):

DNT is simple: users can instruct their device or application to accompany all network requests with an indication that they do not want to be tracked. Service providers need to react to such explicit requests.

DNT has a lot of potential because it can apply:

• First, to all networked devices and applications
• Second, to all types of tracking and
• Third, to all purposes of tracking.

DNT is already deployed in some web browsers. And some web businesses say they honour it.

But this is not enough. Citizens need to be sure what exactly companies commit to if they say they honour DNT. For example, there is an important difference between a commitment not to record tracks and a commitment not to use them for a specific purpose once recorded. When this is solved more users will deploy DNT – and it will become simpler – and companies will go along. So we are looking at a virtuous circle.

How do we get there? We need a standard! We need to standardise how the DNT signal and the expected reaction should look. The standard must be rich enough for users to know exactly what compliant companies do with their information and for me to be able to say to industry: if you implement this, then I can assume you comply with your legal obligations under the ePrivacy Directive.

I blogged a few weeks ago how I believe the DNT header can fit with the ePrivacy Directive, but I’ll be very interested to see how the thinking evolves among more knowledgeable policy makers and legal experts. And I’ll be sure to update my blog as I learn more…

Alex Fowler

What’s the Browser got to do with EU e-Privacy Directive?

I’ve been in London this week to participate in a forum hosted by the ISBA on “Cookies, Privacy and Consumers: What Every Business Needs to Know,” as well as to meet with several people from consumer advocacy groups, leading technology companies and representatives of the UK government. The EU Privacy and Electronic Communications Directive goes into effect today in the UK and much discussion is underway about the role of browsers in the coming year here.

In the context of Mozilla’s ongoing support for people to better understand and control their Web experience and based on the meetings I’ve had here in London, my thoughts center on three major points:

1. It’s important to focus on the intent of the e-Privacy Directive to empower Internet users with greater choice and control over online tracking. Inherently, this is not about cookies, nor is the Directive solely a technology challenge.
2. I believe browser-based controls for cookies and tracking need to be simplified and harmonized to improve user experience and meet user expectations. We’re exploring ways the browser can help users convey intent regarding tracking in ways that enhance user experience and don’t break the web.
3. However, the Directive is not about Firefox nor any other browser on the market today, nor does it require browsers to be configured or perform in any particular way. Compliance is solely the responsibility of any and all entities on the web that set cookies covered by the Directive on users’ computers and web-enabled devices.

A number of international law firms have published analyses of the e-Privacy Directive and the current implementations in the UK, France, Germany and other countries (e.g., Hunton & Williams, MoFo), so I won’t spend much time here on the specifics of the Directive. The UK Department of Media, Culture and Sport has published an open letter to the Internet on the the Directive, too, that provides additional guidance on how to interpret the Directive in the UK.

It’s fair to say browsers today have not harmonized the range of cookie controls in such a way as to send one clear, standardized signal to businesses that can be used as a proxy to meet compliance and respect consumer demands. Browser companies are just kicking off standards processes with the W3C and IETF that might be helpful in the future, but realistically it’s going to be months, if not longer, to achieve clarity at a technical level. Then there’s the question of getting users to adopt new versions of browsers with enhanced controls to further support user requirements and ease compliance efforts in this area.

It’s my view that site owners and third parties need to focus on improving privacy notices and statements that inform consumers of their cookie and tracking practices. In addition, any parties engaged in tracking consumers in the EU need to address compliance as if no new browser controls emerge. These are their consumers to loose and its their brand reputations on the line. Is it really our job as browser manufacturers to ensure consumer confidence and trust for their data practices?

Over the past few months, Mozilla has been supporting a new mechanism aimed at empowering users to control tracking online. Firefox 4, Firefox 4 Mobile and Firefox 5 Beta support a Do Not Track (DNT) feature, which when enabled, sends a HTTP header, DNT:1, telling publishers, advertisers and all third parties with which a user interacts online, that the user wishes to not be tracked. Based on browser upgrading trends for Firefox 4 and IE9, we anticipate that upwards of 25% of Internet users worldwide will have access to DNT by the middle of this summer. Apple’s announcement to include the same feature in the next version of Safari will only further accelerate DNT in the market.

Much has been written about DNT over the past few months, but it isn’t clear what the relationship is between DNT and the e-Privacy Directive.

Both DNT and the Directive are intended to provide more transparency, choice and control to users. The e-Privacy Directive requires “prior consent,” for cookie-based tracking, while the DNT feature is an opt-out for all types of online tracking, including cookies. While DNT and the Directive are different in purpose, there is an intersection.

The power of DNT comes from the user turning it on, thereby giving sites and third parties full confidence that the presence of the DNT:1 header is the individual user’s preference to not be tracked online. This is similar to what business and government representatives in the UK are saying right now. By the same token, sites and third parties in Europe engaging in cookie-based tracking will need to solicit permission from users regarding persistent cookies and other tracking techniques at some point in their interaction with these users.

Publishers, advertisers and third parties interacting with users online should consider how to respect users who’ve enabled DNT via the browser. Some data protection authorities may interpret the presence of the DNT setting as an indication that “here’s an informed user” who has opted out of the setting of persistent cookies covered by the Directive. This is one approach and others will need to be considered. Ignoring users with DNT enabled, however, which might be discovered by auditing server logs, could also impact user trust, brand reputation, and perhaps raise questions about compliance with the Directive. So both are going to be important factors worthy of consideration.

Users should be in control of their browsing experience. Cookies influence users’ browsing experience in many important and positive ways. They can also be used in ways that are surprising for users.

I’m supportive of efforts that increase transparency and enable users to manage their personal information online, whether created solely through technology or regulatory/self-regulatory measures or some combination of technology, industry standards and government regulations.

Along these lines, I believe the e-Privacy Directive can further enhance consumer protections for privacy and empower users with greater choice and control, depending on how sites and browsers support the Directive. At the same time, there are other forms of online tracking outside of cookies (e.g., device tracking, browser fingerprints) that need to be addressed, and any browser-based controls focused on compliance with the Directive will only address a portion of the many new ways users access the Internet (e.g., mobile devices and apps).

I’ll continue to work with my colleagues and the Mozilla community to innovate in this area and work with key stakeholders such as industry and standards groups, publishers, advertisers and policy makers. We’re at the beginning stages of evaluating how we can improve tracking protections online that bridge DNT and cookie-based controls with other privacy-enhancing technologies. I think one of our first efforts will need to be to further inform Firefox users about how cookies work and take steps to enhance cookie controls in the browser. One of the advantages Mozilla has as an open source software project is its very active community of users, developers and partners in Europe. I’ll make every effort to engage with that community as we explore browser-based options and tracking protections.

Alex Fowler

Catching up on DNT Developments

Mozilla continues to see progress with regard to Do Not Track, including adoption by online marketing, ad networks and tracking companies.

It’s certainly fair to say that market adoption of Do Not Track will take longer than it took Mozilla to create the mechanism and see it implemented by other major browsers over the span of two short months. While we continue to see positive discussions and strong interest from a broad range of publishers, advertisers, ad networks and data tracking companies, most of the major Internet players appear likely to wait to see what happens next before taking that first step. We’ll continue to support our users in asserting greater choice and control over their online experience, and we’ll work with leading players who recognize the need to embrace those users.

That said, there are several developments worth highlighting, including:

• The W3C held its first workshop on tracking protection and will issue its report any day now.
• Three additional online marketing companies have publicly stated their support for DNT: Chitika, Effective Measure and bluecava.
• The DNT feature is now part of the Privacy Panel in Firefox 5 Beta.
• We’ve provided UI to enable the DNT feature in Firefox Mobile on Android and Maemo.

Mozilla co-sponsored the W3C Workshop on Web Tracking and User Privacy last month, along with Adobe, Google, Microsoft and Yahoo. From our perspective, the workshop was very well organized and covered a lot of ground in a few days. The W3C stated in a blog post last week that “…the points of agreement suggest that real interoperable progress on tracking protection — the kind that will help the average end user’s privacy — is on the way.” The workshop report is due out any day now, and the W3C says web tracking will soon become the subject of a Working Group to undertake technical standards work.

In addition to the AP News Registry, which we announced had implemented the DNT header across 800 news sites servicing 175 million unique visitors each month, we’re pleased to learn that three more companies have implemented support for DNT across their services.

Chitika, an independent ad network that, according to its site, serves over 3 billion monthly ad impressions across 100,000s of sites. When users with DNT enabled encounter an ad served by Chitika, the company responds as if the user had installed Chtika’s opt-out cookie. If you browse to Chitika’s privacy policy with DNT enabled in your browser, they also demonstrate how use of the DNT signal can be used to personalize a notice.

Effective Measure, which provides “digital audience measurement, website rankings, internet demographics and media planning tools for publishers, agencies and digital marketers,” wrote in a guest blog post on the Privacy Choice blog that they:

“suppress a number of pieces of information that can be identified to the remote users computer – notably their IP address and User Agent” (a value sent by your browser on each request to identify your browser, its version and the operating system used). Inclusive to the solution that we offer, we flag traffic coming from users who send the DNT header. This is then discounted from any of our products or services above and beyond core audience measurement.”

It would be cool to see Effective Measure update its opt-out page to emulate Chitika and show people who have enabled DNT that they’re already opted out.

At last week’s pii2011 event in Santa Clara, my co-panelist David Norris, bluecava’s CEO told the audience that his company respects the DNT header, which is particularly relevant as the company ramps up “to digitally fingerprint 10% of the 10 billion devices connected to the Internet this year.” I don’t know all the details behind bluecava’s DNT implementation, but I’m eager to find out more. Perhaps Jim Brock with Privacy Choice can convince David to guest blog the details, or perhaps I’ll ask him first. It would also be great to see bluecava follow Chitika’s example of recognizing users with DNT enabled on its privacy preferences page.

With this week’s release of Firefox 5 Beta, I’m happy to report that the DNT feature is making the move onto the Privacy Panel within the browser, as opposed to its current location under Advanced settings. Here’s a screenshot of how the new panel looks:

Feel free to download the beta and let us know what you think!

Last, but not least, we released new UI for users of Firefox 4 Mobile for Android and Maemo to turn on DNT. My colleague Sid Stamm issued a post earlier this week on this development, which includes a great screenshot.

As always, your comments and input will be much appreciated!

Alex Fowler

Industry Adoption of DNT Underway

Mozilla’s Do Not Track privacy feature in Firefox provides users more control over online behavioral tracking. Two developments bring it closer to being respected by industry.

Mozilla is a nonprofit organization committed to making the Web better and putting users in control of their Web experience. As part of this mission, we’re developing and implementing technologies that give people easy and effective privacy controls.

Mozilla introduced the Do Not Track (DNT) HTTP header approach in January and launched the feature in Firefox 4. We’ve worked closely with more than fifty leading companies and trade groups to help devise ways to implement DNT and offer users more control over how their browsing behavior is tracked and used online. Mozilla is working with the W3C and IETF organizations to standardize the DNT header, and we were pleased to see Microsoft subsequently include the mechanism in Internet Explorer 9.

To provide users more choice and control over online behavioral tracking, it’s essential that publishers and advertisers adopt and implement Web technologies that respect consumers’ wishes to not be tracked across their Web properties and services.

Today there are two significant developments on this front:

• The AP News Registry service, run by the Associated Press, implemented the DNT header across 800 news sites servicing 175 million unique visitors each month.
• The Digital Advertising Alliance (DAA), which includes the five major media and advertising agencies, is initiating a process to explore incorporating the DNT header, as proposed by Mozilla, into its Self-Regulatory Program for Online Behavioral Advertising (OBA). The DAA represents more than 5,000 leading media and technology companies that span the entire marketing-media ecosystem.

The Associated Press (AP) is the first company to deploy DNT on a large scale, and it only took a few hours for one engineer to implement. The AP News Registry tracks 1 billion impressions of news content, with 175 million unique visitors per month, and has membership with more than 800 sites. When consumers send a DNT preference via the browser while viewing a story at one of its publisher’s sites, the AP News Registry no longer sets any cookies. The previous solution was for users to opt-out via a link to a central opt-out page referenced in each participating news site’s privacy policy. They still count the total number of impressions for each news story, but aggregate consumer data for those with DNT in a non-identifiable way.

Since Mozilla issued the DNT proposal in late January, we have been engaged in productive and fruitful discussions on DNT with stakeholders across the industry, including the major ad groups and publishers. The turning point in the discussion came a few weeks ago, following a presentation from the FTC and ensuing industry call to discuss melding browser-based DNT implementations with self-regulation. Just last week, the leaders of the five groups that make up the DAA approved moving forward with determining how to include the header into its existing program. As a result, Mozilla will collaborate with the DAA and other stakeholders to explore both business and technical requirements to further support broad implementation of the DNT header.

Over the last eight weeks we’ve heard that the DNT header wasn’t technically feasible, that it would break the web, and that no one would sign up to respect the header. It’s too early to claim victory, as there are many challenges and details yet to be to addressed, but the current momentum and support for DNT, including real-world implementations like the AP’s, certainly suggest that these criticisms may have been too hasty.

We’ll continue working with our users, online advertisers, publishers, developers, consumer groups and policy makers to flesh out DNT implementations and ensure DNT evolves into a meaningful tool for enhancing consumer privacy online. We believe the HTTP header is a constructive approach and one of the many areas we’re exploring to put users in control of their Web experience.

Alex Fowler

Note: This post is modified from the original one published on the Mozilla blog.
Photo Credit: OlliL

Mozilla Makes Joint Submission to IETF on DNT

Mozilla joins with Stanford University to submit a proposal to the IETF on the Do Not Track header mechanism.

As we previously blogged, Mozilla planned to bring a proposal to standardize the HTTP header for Do Not Track to the Internet Engineering Task Force (IETF). On Monday, we jointly submitted our draft proposal with Jonathan Mayer and Arvind Narayanan of Stanford’s Center for Internet and Society to the IETF.

The proposal, entitled “Do Not Track: A Universal Third-Party Web Tracking Opt Out,” is a first attempt to define the syntax and semantics of a HTTP header-based mechanism for DNT and it also provides a recommendation for how web services should respond to such a mechanism.

The World Wide Web Consortium (W3C) received a submission a few weeks ago from Microsoft that included the DNT HTTP header. We were not consulted in that submission, but we welcomed it for further advancing the DNT header cause with an important set of companies and groups dedicated to web standards. There’s an upcoming W3C Workshop on Web Tracking and User Privacy being sponsored by the W3C on April 28-29, 2011 at Princeton University’s Center for Information Technology Policy. Interested people need to submit papers by March 25, 2011 to attend the workshop.

We expect that the two standards groups will consult with each other to determine the appropriate venue for developing the DNT header standard. While the W3C has considerable experience working on privacy-related standards, HTTP is the domain of the IETF. We also understand that the IETF may be a more open venue for stakeholders impacted by DNT who may not be members of the W3C, so that may be another factor to consider in selecting the best venue. Either way, we remain committed to working within the standards process to further define both the syntax and semantics of DNT.

Alex Fowler

Mozilla’s Comments to the FTC on Privacy

Last week we submitted comments to the U.S. Federal Trade Commission in response to their request for comment on a proposal describing a new framework for protecting consumer privacy in both online and offline environments.

The FTC sought input on a broad range of of issues from online privacy protections for children to the blending of distinctions between PII and non-PII. More than 400 comments were submitted from a wide array of interests including  individuals, consumer groups, advocacy coalitions, advertisers, social networks and all kinds of service providers. You can see the complete list here. It’s worth reading a few of these to get a sense of the discourse (i.e., Future of Privacy Forum, Facebook, CDT, and US Chamber of Commerce).

In summary, the Mozilla comments recommended:

• Expanding the definition of personal information to data that can be reasonably linked to a specific consumer, computer or device. The emergence of browsing history, geolocation, behavioral advertising data, browser fingerprints and the social graph are examples of personal information that warrant additional consideration to prevent unintended secondary uses.
• Adding industry best practices, standardization and technology tools to Privacy By Design initiatives to help consumers make sense of an array of similar and confusing privacy configurations across the Web.
• Adoption and creation of a uniform and comprehensive choice mechanism through a new Do Not Track (DNT) HTTP header as part of an evolutionary arc of privacy improvements.
• Continued FTC leadership to develop consensus on the scope of DNT as it relates to online behavioral advertising and implementation across the online advertising industry.
• Using contextual notices in conjunction with other enhancements, such as graphical icons, to improve online privacy policies and notices.

We expect the FTC will spend some time evaluating and organizing the feedback they received, and later this year, will issue a follow-up report with suggested next steps. In the meantime, let me know what you think.

Alex Fowler

DNT: 1 = “Tell sites I do not want to be tracked”

Mozilla lands Do Not Track HTTP header into nightly builds today: 30 lines of code to support more privacy online.

My colleague, Sid Stamm, Mozilla’s privacy engineer announced this morning that we have uploaded working prototypes of our Do Not Track HTTP header in nightly builds (pre-beta versions of Firefox). Anyone interested in testing it out can download one of these versions and see how we are implementing the header.

In collaboration with the researchers at Stanford’s donottrack.us, we have modified the header to now state “DNT: 1″ when a user turns on the option within the browser. This is shorter than the original proposal for “X-Do-Not-Track,” and this is what we will be bringing forward to the industry.

Testers will not notice any difference in browsing online until sites and advertisers start to respond to the header. For now, broadcasting DNT: 1 will be akin to displaying EFF’s Blue Ribbon campaign, for those of you who remember the popular online rights campaign from the 90s.

Currently, the feature shows up in the “Advanced” panel within Firefox Preferences. It pains me that it’s not under the “Privacy” panel, yet. This reflects our desire for speed in getting the feature into Firefox, as updating the “Privacy” UI and content will require additional engineering bandwidth. We’ll have more to say on this once we move the new feature into upcoming beta releases.

We were blown away by the overwhelmingly positive response to last week’s announcement of our HTTP header proposal. We are having daily interactions with a broad array of interested companies, advertisers, consumer advocates, developers, and researchers to flesh out the details of how to interpret the header. Everyone here at Mozilla remains committed to working with all stakeholders in determining whether this approach provides a more nuanced, persistent and simple way for users/sites/advertisers to recognize and respect choice and control online than other opt-out or blocking mechanisms.

Alex Fowler

(Image: Zazzle mock-up for a different kind of do-not-track “header” based on our implementation.)

More Choice and Control Over Online Tracking

Do Not Track: Mozilla’s latest effort to put users in control of their web experience.

The web is evolving quickly in how information about people is collected, used and shared online. We believe it’s crucial to put people in control of their personal web interactions and experiences, as previously articulated in my post on our draft Privacy & Data Operating Principles. In particular, we’re seeking ways to provide Firefox users a deeper understanding of and control over the flow of personal information online.

We’re pleased to be able to share one of these efforts today in the area known as “Do Not Track,” which is best understood in current policy discussions to provide a way for people to opt-out of online behavioral advertising (OBA).

As the first of many steps, we are proposing a feature that allows users to set a browser preference that will broadcast their desire to opt-out of third party, advertising-based tracking by transmitting a Do Not Track HTTP header with every click or page view in Firefox. When the feature is enabled and users turn it on, web sites will be told by Firefox that a user would like to opt-out of OBA. We believe the header-based approach has the potential to be better for the web in the long run because it is a clearer and more universal opt-out mechanism than cookies or blacklists.

The Do Not Track header builds on the work the advertising networks have done to date without the cookie-based systems they make available to people online. The advantages to the header technique are that it is less complex and simple to locate and use, it is more persistent than cookie-based solutions, and it doesn’t rely on user’s finding and loading lists of ad networks and advertisers to work. We’re not the only ones who think this approach makes sense. The FTC calls for a “more uniform and comprehensive consumer choice mechanism for online behavioral advertising. In addition, the HTTP header technique has been proposed before (see the good work by donottrack.us and the UBAO add-on).

The challenge with adding this to the header is that it requires both browsers and sites to implement it to be fully effective. Mozilla recognizes the chicken and egg problem and we are taking the step of proposing that this feature be considered for upcoming releases of Firefox.

My colleagues are posting our proposal to the Mozilla community today for discussion, along with the technical patch to be considered for implementation in Firefox. We are also committed to working with the technical community to standardize the header across the industry. We ask that sites and advertisers join with us to recognize this new header and honor people’s privacy choices just as they are with opt-outs for OBA.

Additional Posts from Mozilla on DNT

• The technical proposal (available here and here) was posted by my colleague, Sid Stamm. He’s also blogged about the technical specs here
• Another Mozilla colleague, Mike Hanson, has posted a technical analysis of Do Not Track problems and solutions
• Mozilla’s FAQ on DNT

It’s important to reiterate that while our initial proposal does not represent a complete solution, this is one step of many for us to see if the header approach can work and confirm that it will provide our users a more nuanced, persistent tool for communicating privacy choices on the web. A recent op-ed in the Wall Street Journal echos this, “Technology that further customizes browsing to be responsive to user needs and preferences is a benefit to consumers and makes their online time more efficient.” We believe the HTTP header is a constructive approach and one of the many areas we’re exploring to put users in control of their web experience.