Making Social Plugins Privacy Friendly

I am currently at the Online Tracking Protection workshop in Brussels and during the technical part of the discussion the participants ran into the question of what the Do Not Track (DNT) header means in context of Web pages we all use today. The example of Facebook (with the Like button) was mentioned.

Here are my thoughts and I am wondering whether someone had analyzed the topic in more detail.

Imagine you go to my Webpage http://www.tschofenig.priv.at and there is the Facebook Like button on each post. Now, the latest Mozilla browsers sends the DNT header and so there are a couple of additional decisions my Webpage could make (depending on the how the definition of “tracking” will be defined).

Here are possible options:

1) Tracking in the sense of not collecting.

When setting a DNT header a user may want to avoid collection of information by Facebook altogether. Hence, the Facebook Like button (and the JavaScript code underneath) would have to be replaced by a regular static picture. Only when the user actively clicks on the icon communication with Facebook would be established.

Note that this would prevent certain features of the Facebook like button to be available. For example, it would not be possible for the user to see who of their friends like a specific blog post (since this requires an interaction with Facebook under the real of the user’s account). Showing how many user’s like a specific page (as a pure number) would be possible by direct communication between Facebook and my webpage (without involving the user’s browser).   

2) Tracking in the sense of usage restriction.

This case is pretty easy. My Webpage would have to do nothing new. It just works as it works today.

When the browser then contacts Facebook it would send the DNT header and Facebook would then look at the header and would collect information as it always did but wouldn’t use it for behavioral advertising (or other purposes).

Many of the tracking definitions exclude certain uses of collected data. As an example, security and fraud protection is often excluded.

Are there other options? What is your desired approach?

Leave a Reply

Your email address will not be published. Required fields are marked *