Online Data Privacy and Do Not Track: One Engineer’s Perspective
But since I’m online, you may argue, I should expect neither of those. I respectfully disagree.
Sure, incursions have been made. My data has been mined and sold without my prior, express permission or knowledge many times over, but that’s no reason to be ambivalent. That’s just a convenience response: a justification to support the c’est la vie way of thinking that concedes there’s nothing anyone concerned can do about the disagreeable situation at hand.
Our attitude ought to be much more laissez-faire, where individuals enjoy the liberty to be left alone to conduct transactions unencumbered by government… or other individuals.
Still, marketers are wildly successful in their efforts to monetize the online activity of individuals, while government watches from the bleachers. That’s why the “Do Not Track” (DNT) HTTP header field, envisioned as the clarion call to be left alone (or at least to be left un-tracked), is for the moment well nigh worthless.
All modern browsers support DNT. And most online operators freely ignore it. They say so in their privacy policies. Or they pretend it doesn’t exist by not mentioning it at all. Absent any legal teeth, DNT has little practical value apart from those who choose to adhere to it. Self-policing is good, but the police force is small. It’s too easy to ignore what it’s designed to do and just say, “C’est la vie” to DNT.
But I hope you won’t do that.
As a full-stack engineer, I find myself knee deep in an industry that pays little more than lip service to online privacy. I know I can’t change the entire industry, but I can set a pattern. I can demonstrate that privacy is important: yours and mine. That’s why I openly disclose whether your browser sends DNT. And that’s why I’ll honor the intent and disable analytics tracking when you send it.
I’m not selling anything here but myself, and I don’t want to erode your trust. I also refuse to take advantage of your possible indifference. Whether you appreciate it or not—whether you care or not—I will not track you just because I so easily can. The entire industry ought to adopt this approach. When the pitch is honorable, you’ll consider the offer, if for no other reason than it flies in the face of the market-driven, track-you-at-all-costs status quo.
Bruce Schneier expresses it like this:
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that—either now or in the uncertain future—patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
For my part, I will not contribute to the problem. If you’re also in the industry in any capacity, I urge you to consider your own views toward preserving online privacy. And if you really don’t care, just ask your customers, clients and visitors what they prefer. Naturally, they could install tools to prevent you tracking them.
But why should they have to?