In 2009, as people grew concerned about the pervasiveness of web tracking, the idea of adding a Do Not Track (DNT) setting to browsers gained traction across the web. By enabling it, the browser attaches “DNT: 1” to a web request, effectively telling websites that the user does not wish to be tracked.

Initially, the concept was applauded for solving the pernicious problem of invisible online tracking. All the major web browsers added the DNT setting to their configuration. It was on the radar of the Federal Trade Commission, and the Electronic Frontier Foundation created a semi-standardized approach.

WIRED OPINION ABOUT Lukasz Olejnik is an independent security and privacy researcher and advisor, W3C TAG member, and research associate at the Center for Technology and Global Affairs at Oxford University.

But there was a catch: DNT is a voluntary agreement. Users need to trust that the sites they visit honor the setting. And at first some sites, like Twitter, did. But if a site chooses not to honor the setting, there is no punishment and no regulatory backing to enforce the standard.

In the 10 years since DNT was initially proposed, it's been heading toward the history book of failed technical ideals. In 2019 the World Wide Web Consortium (W3C) discontinued work of Tracking Preferences Expression, the successor of DNT. Sites, including Twitter, reversed their stance. DNT was rightly criticized for doing essentially nothing, gradually losing the favor of public opinion.

But now DNT is having a renaissance of sorts, after it caught the interest of regulators in Europe. In January 2017 the European Commission announced an initiative to update the ePrivacy Regulation, a proposal that would revisit a 15-year-old directive dealing with privacy protections and how users consent to being tracked by cookies (websites served to citizens of the European Union are required to ask for consent for the use of cookies).

The process of creating EU regulations is complex, involving the European Parliament and the Council of European Union, and the 2017 proposal had its issues. It did not, for example, include any form of automatic or universally standardized mechanisms for users to consent to being tracked. Without a universal standard, the patchwork of varying pop-ups that polluted a user’s web browsing experience would remain in effect. (In May 2018, when the EU enacted the General Data Protection Regulation, the problem with pop-ups was reinforced, which in retrospect was easy to predict.) Among the goals of the new ePrivacy Regulation was cleaning up this exact mess by requiring some sort of standardized and automatic process that is transparent to users. So in 2017, the European Parliament pushed hard toward making the browser mechanisms for user privacy preferences and consent expressions legally binding, and it issued a report that explicitly endorsed Do Not Track settings as a way of expressing consent. Ten years after the original proposal, DNT suddenly became integral in the debate over regulating privacy protection in the biggest economy in the world.

From a purely technical standpoint, DNT is somewhat redundant. The default settings of major web browser vendors like Apple Safari and Mozilla Firefox actively fight tracking. And, in a further twist, Apple decided to remove the DNT function from Safari 12.1, citing “fingerprinting risk.” Fingerprinting allows a site to identify a user based on traits specific to their devices or browser, and as Apple tried to argue, DNT could be one more setting used to track you. While the particular fingerprinting risk cited by Apple is extremely low (as Firefox’s telemetry data suggest), the message risks demonizing DNT.

DNT has suffered from users' misunderstanding of how it works. People don’t seem to know that DNT doesn’t make you invisible; it merely informs websites that you would prefer not to be tracked. But just because its purpose might be misunderstood doesn’t mean DNT should go away. (Research indicates that people don’t fully comprehend what “private browsing modes” do either; for example, they don’t mask your location or IP address.) DNT could have great value if it has regulatory backing.