Context Aware DoNotTrack

Context-Aware DoNotTrack is a particular implementation of Do Not Track initiative, a movement aimed at stemming the widespread use of user tracking by third party ad-networks as users surf through the web. Instead of completely opting the user out of any tracking or managing a list of approved or banned websites, Context-Aware DoNotTrack forges a middle road that enables tracking while putting simpler control in the hands of the users because it bases the opt-in (or out) on the type of content a website has. It uses categories drawn from existing frameworks (ad networks categories used by Google, Yahoo! and Microsoft) and content analysis to manage which sites users will allow themselves to be tracked on. Users can also associate profiles with particular categories grouped under that profile. Profiles will be kept separate and should not be able to be linked by third parties through policy.

Installation:

1.  Context-Aware DoNotTrack is currently available as a Firefox extension.
2.  User selects categories where they permit tracking and categories where they do not want to be tracked. Several profiles can be up, such as Sports and Autos & Vehicles under Profile A, Arts & Entertainment, People & Society and Travel under Profile B and so on.
3.  After setting his/her preferences, the user starts surfing the web. During each visit to a website, the browser first determines the category or topic under which the website is under through content analysis  The browser then matches this category to the user preference set in the profile. If a preference for this particular category is found, the browser will load the page with the corresponding cookies of that profile. If no profile is found, the browser enters ‘Do Not Track’ mode.

Why We Created Context-Aware DoNotTrack

The DoNotTrack mechanisms are designed to empower users by offering them tools that could selectively prevent information from being recorded about them. Each of the major browser vendors already imple-ments different DNT mechanisms providing users with different degrees of control over the data that can be collected by third parties: (a) Internet-Explorer blocks the content from black-listed third parties, (b) Chrome replaces the identifying cookie sent to third parties by a generic “opt-out” cookie and (c) Firefox sets a DNT header in every request sent by the browser.

A study done by CMU highlights that users have difficulties to use opt-out mechanisms. This study evaluated nine exiting opt-out solution, these solutions were either cookie based or were directly implemented at the browser level and allow expressing tracking or behavioral targeting preferences. They conclude from their study that “none of the nine tools [..] empowered study participants to effectively control tracking and behavioral advertising according to their personal preferences”.

This study identified key issues in existing opt-out mechanisms including:

1. Users can’t distinguish between trackers: Users are unable to set opt-out on a per-company basis.
2. Communication problems: Overall, tools were ineffective at communicating their purpose and guiding users to properly configure them. The investigated tools tended to present information at a level that is either too simplistic to inform a user’s decision or too technical to be understood.
3. Need for feedback: Tested tools provided insufficient feedback to users.
4. Confusing interfaces: Most tools suffered from major usability flaws.

With regard to the drawbacks of existing approaches, we propose an alternative where users opt-back to context rather than single websites or larger domains.

Contextualization of Web Browsing

Our approach provides users with a simple control over the information that can be inferred from their browsing habits without compromising their privacy. With this solution users could specify on which categories of website (context) they agree to be tracked. We believe that a webpage Category (i.e its main topic) is a good proxy to reflect a user’s browsing concept.

A website category is determined by content analysis and – depending on users DNT preference for the matching context – the DNT mechanism would be used when downloading third-party ads and trackers published on this website. If a webpage belongs to a ‘not trackable’ category, usual tracking prevention mechanisms are employed when downloading ads and trackers. In fact users could even manage several ‘trackable’ profiles, each of them containing different categories and being associated to different cookies (see Figure). In such situation, there should be no possibility for ad-networks to link these different profiles as they would be seen through two different cookies (linking based on the IP address should be prevented by policy).

In this approach, we could reuse the set of categories adopted by ad-networks (and based on ODP) to categorize websites and facilitate the migration of users who have already been tracked and profiled by ad-networks.