The Microsoft IE10 “Do Not Track” Issue In Plain English

The Microsoft IE10 “Do Not Track” Issue In Plain English

There’s been significant discussion around Microsoft’s announcement that Internet Explorer 10 (IE10) would be pre-loaded with the “Do Not Track” (DNT) setting turned ON by default. But what does it really mean for you, a regular user of the internet? Here’s a quick rundown, in plain English, on what all the buzz is about.

If you’d prefer to hear if straight from the horse’s mouth, simply mark your calendar for November 15th from 10:30AM – 11:00AM PST and join me for a free 30-minute webinar where I’ll discuss the misconceptions around Do Not Track and also be available to answer any of your questions.

You can register to attend at

What is IE10?

IE10 is the latest version of Microsoft’s web browser. As of June 2012, IE10 is in beta and has not yet been formally released.

What is Tracking?

The word “tracking” can sound a little scary, but tracking is simply an anonymous record of you visiting a web page. It’s recorded in order to make your website visit more convenient, or to make sure that you’re seeing advertising that’s relevant to you personally.

An example of making your website visit more convenient is showing you popular content or popular products. Your favorite websites wouldn’t be able to count how many people have read an article unless they can “track” each visit to count the number of times an article was read. The same applies to an internet retail website.

What is “Do Not Track”?

“Do Not Track” is an internet browser setting that allows people to decide whether they want their online activity recorded as they visit different websites.

How Does “Do Not Track” Work?

Most websites are actually made up of multiple sites: there’s the site you visit, the site that has the images on the pages you visit, the site that serves advertisements, and the site that provides analytics to the website operator. Every time you visit a web page, your browser communicates your “Do Not Track” preference to each website that is part of that web page visit.

Who enforces “Do Not Track”?

Enforcement is handled by each website, not the web browser, and currently enforcement is voluntary. The web browser’s only role in enforcement is to store your “Do Not Track” preference and then communicate that preference to each website.

The United States and some other countries are debating whether to create laws that would cover enforcement of the policy in the future, but even without legislated enforcement currently, it’s likely that the sites that choose not to conform to your “Do Not Track” preference are not able to display trusted website logos, which are a powerful incentive for websites to conform.

Why is “Do Not Track” Enforced by Websites Rather Than Web Browsers?

When you visit a website, what you do on the site is used to enhance your experience or help pay for the site by using anonymous data. If a web browser tried to enforce “Do Not Track,” the result would be unpredictable because the website would have no way to gracefully decide what your experience on the site should be like.

Is “Do Not Track” Opt-in or Opt-out?

Do not track is an opt-out standard. Your web visits are tracked by default unless you turn on “Do Not Track,” which then opts you out of tracking.

Is “Do Not Track” Commonly Turned On by Users?

The “Do Not Track” option is turned on by less than 1% of all internet users. Imagine going into a store that you visit often and every time you went there they forgot who you were. You would never receive discounts. You would never be treated as a loyal customer. That’s what turning on “Do Not Track” is effectively telling a website, and for that reason, very few people are likely to turn “Do Not Track” on.

The other reason that very few people turn on “Do Not Track” is because there’s really not much tracking going on. Your personal identity on the internet is very secure. The reason you hear about things like phishing attacks and other security attacks is because it’s nearly impossible to obtain your personal identity on the internet without you providing it. A phishing attack is a fraudulent attempt to get you to voluntarily provide your personal information. Any reputable website is not attempting to commit fraud, and unless you voluntarily provide your personal identity, they have no way to get it from you.

Another way to look at this is supermarket loyalty programs that give you discounts in return for tracking your shopping habits. When you received a loyalty program card, they asked you your name, address, phone number, and it’s likely they may also have your debit card number. You voluntarily provided that information in return for the resulting discounts.

Websites provide you discounts, free content, serve you targeted ads and remember your preferences without asking for your personal identify, which makes you less tracked than in a supermarket program. Unlike in the grocery store, on the internet there isn’t even the possibility of violating your privacy because you haven’t provided your personal identity, which is nearly impossibly to obtain without committing fraud.

Why is Microsoft’s “Do Not Track” Announcement Controversial?

Microsoft is trying to implement “Do Not Track” differently than what other computer industry consortiums and the United States Government are proposing. The United States Government is pursuing an opt-out “Do Not Track” policy. The fundamental difference is whether “Do Not Track” is an opt-in standard or an opt-out standard.

In Europe, the European Union (EU) and member countries of the EU, including the UK, passed an opt-in law. The result has been that no website, including the government sites, has been able to successfully implement their new opt-in standard. The UK government has subsequently decided that they will not enforce the law as it is written and intend to pursue an opt-out strategy.

Microsoft’s direction is counter to that of the US, governments in Europe and industry standard groups, and the IE10 “Do Not Track” setting is likely to be ignored by websites because it’s not standard compliant. This means that IE10 effectively has no “Do Not Track” support at all. Again, it’s the website that enforces “Do Not Track”; not the browser. The browser only communicates the users “Do Not Track” preference to each website.

To Learn More

If you’re interested in learning more about the Do Not Track privacy issue, please join me on November 15th from 10:30AM – 11:00AM PST for a free 30-minute webinar where I’ll discuss the misconceptions around Do Not Track and be available to answer questions.

Please register to attend here:

by Mark Douglas, CEO


Computer World