Should The Government Set Up A "Do-Not-Track" List?

One of the most popular sentiments expressed by readers on our blog is “be a smart consumer.” Now two privacy advocacy organizations are calling for the creation of a “do-not-track” list that would protect registered users from online data collection. They argue that a list is needed because too many consumers won’t or can’t understand the methods behind online tracking. To illustrate, one of the organizations “pointed to a 2005 University of Pennsylvania survey in which only 25 percent of respondents knew that a Web site having a privacy policy doesn’t guarantee that the site refrains from sharing customers’ information with companies.” But a do-not-track list is overkill, and a fearful reaction against emerging technologies.

If such a list became popular, would it reduce the ad model of the web to the blind shotgun blasts of TV advertising? That would suck—personally, if I’m going to see an ad, I want it to be about something that interests me. I don’t like the idea of a third-party harvesting my data and packaging it with other users’ data to profit from it, but I do think targeted advertising is an improvement over traditional advertising. Besides, how would such a list work with the rapidly evolving technologies used for data tracking? NebuAd’s deep-packet-sniffing collects lots of detailed info but doesn’t connect it directly to an ISP customer’s account—would that be permissible?

Being a smart consumer is deeply relevant to this issue. Ultimately, the individual consumer has to understand the basics of online advertising before choosing to engage in any online behavior. Telemarketing, and to a lesser extent junk mail, take public info that by necessity has to be public (telephone numbers and addresses, for example), then exploits that info to contact you without your permission. When you’re online, however, you’re leaving a data trail behind you like heat exhaust, and anyone who knows how to read it can gain information on you. But you can also learn to reduce that data trail, or cloak it, or even disguise it as a different data trail. It’s an arms race, but then everything in the information age is.

When companies try to take control of your data trail from you—like what Facebook did with its Beacon program—then we have a real problem; suddenly your self-protection schemes no longer work and you’re left open to privacy loss. So far the public has reacted swiftly and decisively against such overreaching stunts.

My hope is that the public side of the market remains a more efficient way of dealing with company misbehavior—and that Average Web User X gets over his technophobia (or more likely plain disinterest) and learns the basics of online privacy if he values his part in the demographic data pool so much.

“Privacy Advocates: Consumer Education Isn’t Enough” [PC World]

“UK advertising-tech fight shows complexity of privacy battle” [Associated Press]
(Photo: Getty)


Edit Your Comment

  1. FrugalFreak says:

    Count me in on the out. Privacy online and off should be protected. I see Google having issues with this though. It is in their future revenue plans I’m sure.

  2. ByeBye says:

    Quick answer: YES!

  3. sikantis says:

    I’m quite sure that these kinds of behavior won’t last.

  4. AndyMan1 says:

    I’m voting yes.

    In the meantime, I’m using Adblock, and blocking all 3rd party cookies. If companies can’t play nicely, they don’t get to play at all.

  5. @AndyMan1: using Adblock cuts the revenue that this site (and many others that you enjoy) dont get revenue. I have no problem with ads or tracking. I get free access to information/entertainment in exchange for it, a trade Im willing to make.

    I imagine the solution will be to have a free site with tracking and ads and a paid access version without it.

  6. Buran says:

    @Steve Trachsel, Ace: It’s easy to except sites you want to support from the blocking.

  7. AndyMan1 says:

    @Buran: Agreed. I probably ended my comment too soon. I still let certain stuff through, such as some of google’s ads, which are unobtrusive and related to the content of the site. But it will be a cold day in hell when I see another punch the monkey ad on my browser.

  8. Joedel263 says:

    ok stupid question.. in order for said “do not track” list to work, wouldn’t the website have to collect the users personal info so they can reference it with the list??

  9. prameta1 says:

    i love the irony of these opt-out lists. seriously, a “do not track” list? are you serious? you have to submit more information to it! someday, somehow, that nice long list of emails and addresses will become nothing more than a big marketing and spamming cash cow for some company or government organisation.

    while you’re at it, why not go through your entire spam folder and “opt-out” of all that spam you’re getting by opening it all up and clicking all the “unsubscribe” links? haha.

  10. Hmm force tracking to be opt-in rather than opt-out. Centralized site that you must go to in order to allow your online habits to be tracked.

    Over the years I have stopped using many companies that force opt-out on me. Screw em, greedy bastids.

  11. mike says:

    @Steve Trachsel, Ace: I imagine the solution will be to have a free site with tracking and ads and a paid access version without it.

    Some paid sites still have ads. I think it’s because companies get your money AND ad revenue.

    Way back when the Interlog was still brand new, I remember people saying that they didn’t want to pay for content online because they already pay for access.

    Today, many people hate seeing ads because it clutters the web site.

    Very few web sites do ads well. Google is the only one I see that uses ads that are not obstructive and are relevant (case in point: search for “car parts”).

    But going to a web site and seeing that 30-50% of the page space is ads…is discusting. This is why I hate newspapers. I’m sure if you took out all the ads in a regular news paper, you’d have about 10-15 pages.

  12. bohemian says:

    Having ads within reason on a website is less of an issue to me. I blame the content producers if the site had multiple animated ads of people dancing because they got a sub prime mortgage and punch the monkey ads. What I don’t want is all the unnecessary data tracking online and offline. Nobody should be able to pass on my surfing or purchasing information to any outside party ever. Even for “marketing”. Marketing is not a core infrastructure of this country, it can and should be restricted. All of this crap is done supposedly for the sake of marketing, what it really is, is a massive identity data theft.

    Choicepoint probably knows more about me than my family does because so many retailers give them data. Also, nothing is stopping the government or any other motivated group from buying data for other purposes. Talk about spying.

  13. Before I say yes or no, I’d like to know how it would be enforced…

  14. aikoto says:

    I swear. Companies are always whining for “self regulation” but looks what happens when they do it. Case example: google with their 18 month policy. Oh they did us SUCH a big favor by dropping it from 24. BullS! They have no right and no reason to keep our personally identifiable information connected to their aggregate search data after they’ve served us the search results. Unless of course they want to market to us or sell the data.


  15. Bladefist says:

    @aikoto: regulation is best done with the consumer. The government can get involved, cost the tax payers a ton of money, screw it up 10 times before they finally get something close to right.

    Or, we can not shop at places do not have an acceptable privacy policy. Consumer power will always work better. It speaks directly to the executives in a big way

  16. hi says:

    All the while our government is tracking us more and more… yeah I’m sure they would go for this. No offense gov. :)

  17. AstroPig7 says:

    Regardless of the merits of such a list, how would it be enforced? IP addresses are frequently dynamic, not every site requires a username, and some people access the Web strictly through public systems.

  18. aikoto says:

    @Bladefist: Oh yeah. Because that’s working so well with the airlines, and with the telcos, and with rampant data brokering.

  19. Bladefist says:

    @aikoto: Why do you have to come back with such a negative sour attitude? Cant you handle debate?

    Well the reason you are partly right is, American consumers are idiots. This blog, consumerist, has such a small percent of Americans, and yet, you see how much it accomplishes? I mean you put a complaint on here, and 2 days later you see another post how that company fixed all the problems, and went above and beyond.

    The problem is Americans (and I am one) are dumb and lazy, don’t check into privacy policies, don’t care, and therefore the company don’t really need to worry about it.

    And thats the exact same reason why the government shouldn’t regulate it. If the people are too worthless to care about their privacy, why spend our tax money on it? There has to be some kind of liability on the people. Everyone who comes here, is making the American market better.

  20. Bladefist says:

    @aikoto: And the airlines, telcos, already have massive regulation. And as you’re complaining shows, government regulation doesn’t work.

    Now if the American idiot, I mean consumer, would just not use those services, it would be fixed by Tuesday.

  21. @prameta1: Exactly. The privacy-minded don’t want to be on ANY lists, or have to keep a permanent cookie around saying not to set more cookies. I’ll stick to things like /etc/hosts, dynamic IP, and cookie managers.

  22. SkokieGuy says:

    I would be totally in favor of this.

    So if a beauty products company knows that celebrity X uses their products and mentions this (profits from the use of data collection), the celebrity can sue, even though the information is truthful.

    If doubleclick sells my demographic information, and profits from it, I receive no compensation and have no basis to sue, whether the information is truthful or not. Is my worth as a person less than celebrity X?

    Since my personal information has value, it seems only logical that the decision to offer that information for sale rests with me.

  23. unklegwar says:

    What exactly will the “do not track” be based on?

    IP address? Doesn’t stay the same.
    email? Your email address doesn’t follow you around to every site you visit.

    What exactly is the universal identifier they should use to tell that one person shouldn’t be tracked, no matter where they go and what computer they use?

  24. unklegwar says:

    besides, knowing the government, and our current state of insecurity of all sensitive information (see the sprint article about how easy it is to assume someone’s account – tech also used by the government)…this will end up as follows:

    Everyone signs up for this list
    List is compromised
    spammers and shady folks have one-stop shop for getting millions of emails/ips/whatevers.

  25. mac-phisto says:

    i don’t necessarily think we need a “do not track” list, but i do think the privacy act should be amended to require businesses to be a little more transparent in who they are giving data to (including “partners”) & what that data includes.

    right now, a privacy notice basically says “we won’t share any of your information to anyone if the law specifically disallows it, but if the law allows it (or more accurately doesn’t disallow it), we will sell it to anybody & everybody. hell, we’ll give it away for free if no one is willing to buy it.”

    i would be more in favor of a graph that lists every partner/third party that received information & what information they receive in particular.

  26. SkokieGuy says:

    We can’t guarantee data privacy, due to thefts (and The Patriot Act), but the creation of this list would at least establish rights.

    This system would also logically require companies to maintain a record of HOW data was aquired, so companies could prove compliance.

    Once rights are established, legal recourse is available when information is sold or distributed without our consent.

    Let’s play the what-if game. You’re in the middle of a bitter divorce and custody dispute. You go online to buy your mother a blouse for her birthday. Your data (male + buys women’s clothing) is sold and you receive a catalog for cross-dressers. Your wife gets the catalog and this information is used against you and you lose custody.

    If there was a universal opt-out, then the company that sold your data would have potentially face legal consequences.

  27. redwall_hp says:

    No, no, no, and once again, no.

    There should be no list. Yes, you should be able to opt-out of tracking systems, but can you imagine the implications of a governmental do-not-track list from a developer’s standpoint?

    Here’s an example: Those ad networks that track you from page to page, and tweak the ads displayed accordingly would have to consult the do-not-track database on every pageload (and it would have to somehow recognize you as someone in the database…impossible unless you have a static IP). This would slow down your pageload by a lot, and put a huge load on the list’s servers with all the sites querying it.

    Sorry, this just won’t work. Politicians don’t understand technology, and they should consult people who know what the heck is possible and/or an acceptable idea before suggesting $@%&@!# like this.

  28. aikoto says:

    @Bladefist: Don’t take any negativity personally. I don’t know who you are :)

    That aside, without government regulation, we would be screwed. Granted many of our regulatory bodies are seriously broken and regulation can (and often is) overdone, but look at the whole identity theft issue. ID theft is a problem that the industry created and would never have seen any light of hope because everyone was making money but the end consumer.

    If it wasn’t for a ton of states passing credit freeze laws, we’d still be at the mercy of all the credit companies.

    Or for a simpler example, if every company that provides a service does it the same way, my not using their service doesn’t change anything. Especially if it’s a needed service.

  29. Bladefist says:

    @aikoto: Like I said before, you are partially right. You’re look at each issue, and seeing the benefit of government relation. I’m doing the same thing, only on private regulation.

    As for the ID theft, have you paid attention to all the commercials for credit cards. I mean, identity theft is the new thing. All of them fight over who will keep you the safest, who will pay you back if someone steals your identity, etc etc etc. I mean it’s just crazy. So once again, the market saw a profit center, took off with it, now you’re safer. Now, if it all happened because of the government made them, they may be. I don’t know know the history of how the protection started, but I know now, they compete over who will protect your identity the most.

  30. Bladefist says:

    sorry for all the typos, wow.

  31. Techguy1138 says:

    There should be no list as the list would require to much information.

    There should be a requirement for any website that collects personally identifiable data to explicitly tell you when you are being tracked.

    I remember that this used to happen. I would get a pop-up message say that by agreeing to go forward on a website that they would access my browser activity and track my activity on their site.

    I liked that. Sometimes I would agree, sometimes not but I got to choose who saw what.

  32. Techguy1138 says:


    You aren’t talking about private regulation. You are talking about publishable features.

    Not the same.

    The government has the responsibility to keep the infrastructure of the country in good repair and the only way that can be done is via regulation.

    The fact that regulations seem in effective can be for many reasons. A big one is that businesses try their best to subvert these regulations. The second is that the federal government lacks sufficient resources to check and ensure compliance.

    The food infrastructure benefits greatly from FDA regulations and guidelines. In your example what meat packing industry would proudly report to the consumer over 1 million pounds of questionable beef destroyed. Even with these regulation in place food distributors bend the rules and overlook their own infractions.

    Air infrastructure is another area where we have recently seen the corporate will to subvert regulations.

    What happens in a for profit marketplace is that corporation give the illusion of self regulation to the customer to boost sales while doing what they can to reap profits.

    That is why we had a credit crisis. There was very little regulation and the investment places ran with it. Even though it may have been against long term stability they hid the truth of risks from investors, the customers, in order to garner massive profits.

    What industries have gotten more reputable since their deregulations? I can only think of the failures.

    Can you please name successes, in all seriousness I can not think of any.

  33. Bladefist says:

    @Techguy1138: What industries have gotten de-regulated?

    And no one in their right mind would say all regulation is bad. Some is good. I would like to say that the market would keep fresh beef in my fridge, but the fact that there is some oversight on that, seems like a good thing.

  34. Techguy1138 says:

    I can only think of the basic industries that got de-regulated

    Phone, Air, energy and banking, all of t hem went through significant de-regulation, made a few years of great profits then ran in to significant troubles.

    I was hoping you had an example of de-regulation helping a market.

    I think that internet ‘privacy’ should get some government oversight. Sufficient data mining is equivalent to unreasonable search.

  35. Mr. Gunn says:

    AndyMan1: Exactly. Play nice, advertisers, or just go ahead and fuck the hell off. I’ve just about had it with your profiling and tracking and targeting. Facebook’s beacon is going too far. Choicepoint goes too far. Even Google probably goes too far.

    I say all this as a early-adopter consumer, who is exposed to ads and also advertises. For nothing in return, I tell people about products and services I like, because if I like it, someone else might. I even filled out the fairly invasive Gawker survey from last week. I’m not anti-advertising at all, but there’s a point that is consistently crossed by the marketing types. You’re too aggressive. From commercials on TV played louder than the program, to product placements as part of the plot of a story, to intrusive profiling. It’s really all just too much.

    Just too fucking much.

    There’s a certain line that marketing types

  36. banmojo says:

    What comes into my viewing space at all times should be determined by ME, provided that I’m an adult, not incarcerated, and have not joined a cult :^) (in that case, it would still be my choice in the end).

    I’m sick and tired of agendas and ads and commercials and politicians and every other nosy son of a bitch getting in my face and either a. telling me how to live my life or b. trying to sell me something/someone.

    Tired, tired, tired!

  37. baristabrawl says:

    I have to wonder why it’s a big deal that Kroger (grocery store) tracks what I purchase. We used to go to Kroger all the time and they would send us coupons for things we used the most and also give out discounts for gas. You had to hit $100 to get $ .10 off/gal of gas, but who doesn’t do that weekly?

    I’m sure that someone’s tracking would eventually get on my nerves, but how bad can it get? Really?

    I’m just sayin’.

  38. baristabrawl says:

    @Mr. Gunn:

    See, now this is silly to me, because I don’t get it. If you don’t want your shit tracked by/on facebook, then don’t give them the information. I have Facebook, but it’s completely benign. The only thing on there is my email address. How the eff does BlockBuster even get access to your facebook account? (not that I care, I don’t participate)

    Also? It’s CAKE to produce and upload your own website. (Says the Mac user.) It’s easy and it’s pretty and I have my own. If you want to contact me, feel free. If you don’t, then I don’t have to wade thru the emails.

    That is all.