Developers Take Up The Fight For Privacy

It was only a matter of time before protection from online tracking went mainstream.

Once the province of the more tech-savvy web surfers, tracking has become a hot-button issue as the Federal Trade Commission and privacy advocates have pushed for laws restricting what information web sites can gather and how they do it.

Thus far the focus has been on creating a whitelist on the browser. A common misconception, said Jonathan Meyer, member of the Security Lab at Stanford Computer Science, is that 'Do Not Track' operates like the old 'Do Not Call' lists. It is actually likely to be a piece of software installed on the broswer. People could opt out of tracking, by sending the 'Do Not Track' header to a site. He has seen substantial interest from browser vendors, ad networks, regulators and legislators in the concept.

Browser add-on developer Brian Kennish said he doesn't see it as an ideal solution. The problem with 'Do Not Track' is, it's a very poor approach to the problem, he said.

The FTC was successful with the 'Do Not Call' list and I think they are blinded by that... The problem is telemarketing is fundamentally different from online tracking. When you get telemarketed, the phone rings and you are left a message. With the internet, tracking is completely invisible. Most people don't even know they are being tracked, and won't have the incentive to opt out.

That's why Kennish developed Disconnect, a browser add-on available on Google Chrome, which disables tracking by third parties and depersonalizes search. Kennish said Disconnect has the ability to show users real time what is being blocked. He said if a user goes to a page with third party resources, the software can still show what is being blocked from there. The add-on also has the ability unblock certain services and maintain usability.

I think online tracking should be opt in, Kennish said. That's what I'm hoping to do with this project, create a butterfly effect going on in the government and in browser circles, and show that there's a better way for this to be implemented, than a 'Do Not Track' registry.

In his initial test run with Disconnect, Kennish, a former engineer at Google, decided to focus on blocking tracking on social widget sites such as Digg, Facebook, Google, Twitter and Yahoo!. He said those sites carry the most dangerous resources, since they are the most ubiquitous. For instance, the social connect plug-ins to something like Facebook or Twitter are advertised on millions of sites.

Search depersonalization was a way for Kennish to maintain usability for browsers for essentials, while still eliminating tracking cookies that take private information. To do this, Kennish said he reverse engineered single sign on to multi sign on. This meant the browser could take a generic cookie, and share that with certain services the user has opted into.

Kennish said he is currently working on Safari and Firefox versions of Disconnect. Safari will be ready pretty soon, while Firefox is a little more complex and will take more time.

Like Kennish, Encrypt Stick offers software that can block third party data tracking. The Vancouver-based company says its Encrypt Stick 5.0 Private Browser, available on a USB drive, leaves behind no cookies or any trail of where a user has been on the web.

Terry Johnston, head of media relations at Encrypt Stick, said, If someone is traveling and needs to log into Facebook from a Wi-Fi internet café, this reduces their vulnerability.

Encrypt Stick includes a key logging protected virtual keyboard, said Johnston. This keyboard is set to various levels of securities, the highest of which scrambles a letter or number anytime it gets entered. This works against key loggers, who use screen capturing to see what a person is typing.

While third-party developers have looked to create an alternative to 'Do Not Track,' with add-ons, Microsoft recently announced there will be a new opt-in Tracking Protection feature in its new version of Internet Explorer.

We believe that the combination of consumer opt-in, an open platform for publishing of Tracking Protection Lists, and the underlying technology mechanism for Tracking Protection offer new options and a good balance between empowering consumers and online industry needs, the company said in a blog post.

The opt-in technology will allow users to control what third-party site content can track them when they're online. It will contain a Tracking Protection List, which will have web addresses that browsers will visit only if the consumer visits them directly by clicking on a link or typing their address.

The other major browsers have yet to announce a 'Do Not Track' technology of their own.