Online Data Privacy and Do Not Track: One Engineer’s Perspective
I value my privacy and my security; they’re important to me.
But since I’m online, you may argue, I should expect neither of those. I respectfully disagree.
Sure, incursions have been made. I realize my data has been mined and sold without my prior, express permission or knowledge many times over, but that’s no reason to be ambivalent. That’s just a convenience response: a justification to support the c’est la vie way of thinking that says there’s nothing to be done by anyone who cares.
Our attitude ought to be much more laissez-faire, where you and I as individuals enjoy the liberty to be left alone to conduct transactions unencumbered by government… or other individuals.
Still, government watches from the bleachers while marketers enjoy their wild success at monetizing our activity and snatching our privacy. That’s why they killed the idea behind the “Do Not Track” (DNT) HTTP header field, which was envisioned as the clarion call to be left alone (or at least to be left un‑tracked). Now, from the ashes of DNT another mechanism has arisen: the “Global Privacy Control (GPC).”
The browsers that supported DNT now support GPC, but the online operators that freely ignored DNT will likely also ignore your GPC signal. Absent any real legal teeth, GPC has little practical value apart from those who choose to adhere to it. Self‑policing is good, but the police force is small. It’s too easy to ignore what it’s designed to do and just say, “C’est la vie to GPC.”
But I hope you won’t do that.
As a software engineer, I find myself knee‑deep in an industry that pays little more than lip service to online privacy. I can’t change the entire industry, but I can set a pattern. I can show that privacy is important: yours and mine. That’s why I openly disclose whether your browser sends DNT or GPC. It’s why I’ll honor the intent and disable analytics tracking.
I’m not selling anything but myself here, and I don’t want to erode your trust. I also refuse to take advantage of your indifference. Whether you appreciate it or not—whether you care or not—I won’t track you just because I so easily can. Frankly, this ought to be the industry standard.
Bruce Schneier tells it like it is:
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that—either now or in the uncertain future—patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
For my part, I will not contribute to the problem. If you’re also in the industry in any capacity, I urge you to consider your own views toward online privacy. And if you really don’t care, just ask your customers, clients and visitors what they prefer. Naturally, they could install tools to prevent you tracking them.
But why should they have to?