December 2, 2010
Stanford students create 'do not track' software
Their idea allows web browsers to send a message that Internet users don't want to be tracked as they go from site to site.
By Adam Gorlick
As a government agency pushes for a "do not track" mechanism to protect online consumer privacy, a pair of Stanford graduate students is developing the technology to make it work.
For about four months before Wednesday's release of the Federal Trade Commission's recommendations for increasing Internet privacy, Jonathan Mayer and Arvind Narayanan have been creating software that would let users opt out of third-party web tracking and tell advertisers to stop following them online.
"People get creeped out by some of the advertising that happens online," said Mayer, who is working toward a PhD in computer science and a law degree. "What concerns us is if you're on a site like Amazon and you go looking for shoes, then someone tells a behavioral advertising service that you've been looking for shoes. So the next time you're off on another shopping site, they'll ask if you're still looking for shoes. It feels invasive."
The students' idea for their Do Not Track program is fairly straightforward. Whenever a web browser such as Firefox requests content or sends data using HTTP the protocol that underlies the web it can optionally include extra information called a "header." Do Not Track adds a header that signals the user does not want to be tracked.
The technology can now be installed as an add-on for Firefox, and Mayer and Narayanan are working to make it operate with Chrome. Safari and Internet Explorer do not support their software. Once the add-on is installed, the user doesn't have to do anything else. Each time a website is visited, a do-not-track message is automatically sent.
The students, who have been working with computer science Professor John Mitchell, are also creating ways to configure web servers to honor their code.
Sending businesses and advertisers the message that you don't want to be tracked is one thing. But getting them to respect your privacy is another and it's something that hinges on government enforcement.
"At the end of day, Congress would probably have to pass a law empowering the FTC to enforce this," said Ryan Calo, director of the Consumer Privacy Project for Stanford Law School's Center for Internet and Society. Mayer is a student fellow at the center, and Narayanan a postdoctoral researcher in computer science is a junior affiliate scholar at the center.
"The FTC could also say they are responsible for policing the Internet for deceptive and unfair practices, so if a consumer says he doesn't want to be tracked and you track him, that can be seen as an unfair practice," Calo said. "But to get the proper amount of teeth behind something like this, you really need Congress to act."
The FTC's recommendations contained in a 79-page report that was approved unanimously by the five-member commission are open to public comments through the end of January.
The students already have received attention from Internet companies, behavioral advertisers and government officials, and Mayer and Narayanan will continue weighing in with their ideas for how to best protect privacy for online users.
"We always thought Do Not Track was a great technical idea, and it has a real impact that's feasible," Mayer said. "Now having the FTC say it's a good idea you just can't ask for more than that on a research project."