Shostack + Friends Blog Archive


Mozilla's Vegan BBQ

The fine folks at Mozilla have announced that they’ll be hosting a BBQ in Dallas to thank all their supporters. And the cool thing about that BBQ is it’s gonna be vegan by default. You know, vegan. No animal products. It’s good for you. It’s the right default. They’ll have dead cow burgers, but you’ll have to find the special line.

Obviously, I’m just kidding. Mozilla isn’t hosting a vegan BBQ in Dallas, but they are hosting one for your browsing privacy, by their choice for the “Do Not Track” (DNT) setting.

Poll after poll shows that people around the world prefer privacy, in the same sort of way they prefer cow burgers. This preference is stable, extending back decades, and being shown in nearly every poll. So why is Mozilla defaulting to not setting DNT?

Meanwhile, [some participants in] the W3C [working group are] is suggesting that the best we can possibly do is whenever you install a new browser, it goes through an Eliza-like process of interviewing you about weird technical settings, rather than having a great first-run experience.

Now it’s true, some people are ok with a tradeoff between what advertisers want (to trade content for ads) and what they want (privacy). Some advertisers go so far as to claim that there would be no content without ads, and they are, simply, flatly wrong. There is and will continue to be, content like this, which I hope you’re enjoying. I’ll draw to your attention that this blog is ad-free. We write because we have ideas we want to share. I’m sure that with fewer ads, we’d see less Paris Hilton ‘content’. But more importantly, the advertising industry is good at spreading messages. If they need DNT “off”, perhaps they could spread the message of why that’s a good thing for people, and, as is their wont and charter, convince people to make that change.

But the simple truth, known to the ad industry, the W3C and to Mozilla, is that most people prefer not to be tracked, in the same way most people prefer beef burgers. The “please let us track you” people have a hard message to spread, which is why they prefer to fight in relative obscurity over defaults.

Some additional background links: “Ad industry whines while privacy wonks waffle,” “Could the W3C stop IE 10’s Do Not Track plans?

I should be clear that my distaste at the idea of a vegan BBQ is mine. Even if my employer and I both prefer beef burgers, my opinions are mine, theirs are theirs, and I didn’t cook this blog up with them.

[Update: Clarified that I didn’t mean to imply the decision was that of the W3C as a whole.]

5 comments on "Mozilla's Vegan BBQ"

  • Janice says:

    Correction to your interpretation of Alex Fowler’s blog post. It seems to me that Mozilla’s default setting is that the user has not made a choice yet. This is not the same as what I interpreted your statement “defaulting to not setting DNT” to mean. Maybe it’s just my reading of that statement that is faulty, but not presuming what the user wants is not as objectionable as “setting to allow tracking” which is how I parsed your statement (NOT setting DNT = allowing DNT if this was a binary flag). Alex explains that it is not binary and the default setting basically leaves the question (are you wanting to be tracked?) unanswered for servers who may be looking for it.

    Is it possible that Mozilla’s settings are not fully DNT by default because they are waiting for their extensive customer base to upgrade and get used to the idea in the first place? Certainly those users who are most aware will be setting their DNT flags to the ones they are keen on immediately, but what about users who allow tracking by some sites because it eases their use of same and would like a way to set this per site or with some set of exceptions? Could it be this is in the works but not yet deployed to users waiting for a released version of Firefox? (Confess I have not delved into all of this, but your post doesn’t mention what release of Firefox you are referring to, so I pose these questions and possibilities as an explanation, because it is my understanding the Mozilla as an organization is very concerned with the ability of their users and users of the internet in general to be able to control tracking of their use of sites.)

  • Josh says:

    ” It seems to me that Mozilla’s default setting is that the user has not made a choice yet. This is not the same as what I interpreted your statement “defaulting to not setting DNT” to mean”

    So is FF going to prompt you immediately upon installation for a choice? No. Then are the advertisers going to respect that the user hasn’t made a choice and not track them? No. Then how is that remotely different than a default that signals to advertisers it is ok to track the user? Whether you want the situation to be binary or not it comes down to the fact that there are only two ultimate outcomes (assuming that any advertisers even respect the flag to begin with) – the user is either tracked, or they are not. There isn’t a third option. So either Mozilla opts for an approach that will signal not to track their users by default or they won’t, and it looks a whole lot like they won’t. Right now they are talking like a politician rather than an organization with any conviction.

    Though on the topic of conviction, I really wish Microsoft had enabled their tracking black list by default as well. That would basically settle the argument of whether the flag would be ignored, because IE just would block the tracking cookies to begin with.

  • Nicko says:

    Incidentally, the beta release of Safari 6 for the Mac implements DNT, and it defaults to on (or at least it did in my case; I have every other privacy setting on too so it’s possible that it looked at those and guessed).

  • Chris says:

    I’ve read your post twice and I still can’t tell whether you are in favor of DNT defaulting to on or off.

    Mozilla’ position for defaulting to off is pretty clear. If Firefox defaulted to “send DNT:1”, advertisers would not take it seriously. By defaulting to off, any DNT:1 header was an explicit opt-in by an informed user.

    When Mozilla introduced DNT, Firefox was the only browser with DNT. By defaulting to “do not send DNT:1”, Firefox was NOT making its users more vulnerable to tracking than any other browser at the time.

    • Seriously, Chris? says:

      Do you believe that anything that anyone can do, short of passing a law, will make advertisers respect DNT in any meaningful way?

Comments are closed.