When Mozilla announced a plan to improve its system for blocking third-party cookies, it didn't seem like the kind of thing that would make waves. But it didn't take long for the Internet advertising industry to react — furiously. The Digital Advertising Alliance called the proposal "draconian," while the Interactive Advertising Bureau's Randall Rothenberg pronounced it a "kangaroo cookie court."
What are the advertisers so worried about?
It's the "Cookie Clearinghouse" Mozilla proposes to use to improve the accuracy of Firefox's cookie-blocking function. Most browsers already offer varying levels of cookie-blocking — particularly aimed at cookies that allow "third parties" (analytics companies, marketers, etc.) to tag your computer so they can recognize you on other websites.
But cookie-blocking is a blunt instrument, and when you turn it on, some sites don't work right. Mozilla's lead privacy engineer, Sid Stamm, says he wants to build a better cookie-blocker, "[one] that blocks only the bad stuff and allows only the good stuff."
That master list will be the Cookie Clearinghouse, which will be hosted at Stanford. Experts will curate the list, with an eye to transparency and user privacy, while looking for certain technical problems that only human beings can sort out. (Here's a geeky explanation.)
It's those humans Rothenberg doesn't trust. "[They're] academic elites who have no relationship whatsoever with the business of advertising, making Star Chamber decisions about what gets blocked and what doesn't get blocked," he says.
Advertisers worry about the financial consequences. If Mozilla's super-cookie-blocker catches on, it could undermine the business of targeted advertising — particularly the third-party ads that sustain "the mommy blogs and the libertarian political sites," as Rothenberg puts it.
But there's a bigger fight here, too.
For the past few years, the online advertisers have been negotiating with browser makers and privacy groups over the details of the "Do Not Track" system. The DNT option is already built in to most of the newest browsers. You can check if yours is on by visiting this test page.
The problem is DNT doesn't do much, yet. The parties haven't been able to agree on what websites should do when they see that you've set the Do Not Track option on your browser (or your mobile device). The negotiations, hosted by the W3C organization, have been bogged down by a lot of details. But the core difference is that advertisers believe DNT should limit which ads you see, while privacy groups think DNT should block websites from collecting your information.
The current uproar over spying by the National Security Agency has increased public concern about privacy, which in turn has turned up the pressure on all sides to finally agree to a DNT standard. Browser manufacturers are especially worried about blowback from the public; just a week after the first NSA leaks, Microsoft ran big Sunday newspaper ads that tried to reassure the public about privacy — and it touted Internet Explorer's Do Not Track function as evidence of the company's concern for user privacy.
Browser makers are showing increasing willingness to go it alone on privacy — that is, to disregard the concerns of the ad industry. Last year, the advertisers' rage was directed at Microsoft, when it made Do Not Track the default setting on its newest browser. Default DNT is the last thing the advertisers want, since most people leave the default settings on.
"It's kind of like an arms race," says Ashkan Soltani, a consultant who worked on Internet issues at the Federal Trade Commission. He's an avid user of these privacy tools.
"Each step you take — by blocking cookies, by blocking ads, by deleting cookies on a regular basis — each step makes it a little more difficult to identify you," Soltani says.
But he says the websites also keep inventing new ways to track people, so he's not sure this is an arms race that either side can really win.
The IAB's Rothenberg says ad-supported Internet companies support user education about privacy options, and he wants people to make informed decisions. But he's also worried about the rise of what he calls "the fairly reactionary point of view that all third-party cookies are bad."
Still, between Edward Snowden's NSA revelations and the new privacy tools being developed by Mozilla and other browser makers, Rothenberg is facing an uphill battle to convince people that they should feel good about third-party companies that put tracking cookies on their hard drives.