I've had Do Not Track enabled in my browser ever since it became available in Chrome. The idea behind Do Not Track (abbreviated DNT) is simple: when you load a webpage, a small piece of data will be included in your request that (in theory) tells the website not to track you. That's it. There's no content blocking, and there is no requirement that the website upholds your request. In fact, no one even knows what upholding DNT would entail.

That's because DNT is merely a request for an ambiguous ideal: not being tracked. It doesn't function like a content blocker (such as Ghostery or AdBlock). Instead, it's just a small little HTTP header that asks politely tells the website that you'd prefer if they didn't track you. Some say it works. Others (myself included) say it doesn't.


The biggest problem with the DNT request is that nobody is quite sure exactly what it means. To one site, it may mean that their visit go completely unrecorded—no trace in any of the site's history logs, and no tracking information given to third-party advertisers. To another, it may mean that the ads loaded on the page won't be targeted, but the user will still be included in any relevant analytics report, and their data may be sold to big data companies. Other sites may not even acknowledge the existence of the DNT request, and continue tracking you like normal.

I think that part of the confusion in the DNT request lies in the uncertainty as to what it means to be tracked. For example, I don't view being included anonymously in analytics reports being tracked. As long as I contribute to some total sum (and my particular visit or identity isn't referenced), I don't mind. Such a statistic could be something like last month we had 540,000 unique visitors from South America. This information doesn't individually reference any particular person, and, as a result, I don't think it's an invasion of privacy. It's necessary for a website to understand its audience, and this sort of 'tracking' is justified—provided that personally identifying information (PII) is omitted.

To me, the line is relatively clear. There are few gray areas. The collection of personally identifiable information serves as a sort of catch-all clause. Are you collecting PII? Yes? Tracking. No? Not tracking. Things do, however, get a bit more tricky when you begin to consider third-party widgets included on webpages, such as YouTube embeds or Google ads. Because this content is loaded after the page is, whether or not these widgets should oblige to the DNT request becomes much more complicated, both ethically and technically.


Do websites have an obligation to obey DNT requests? Yes, they do. Some sites are virtually necessities in the modern world (take, for example, Google Search). Since no good alternatives exist for search (sorry, DuckDuckGo), to ignore the DNT request would be to force someone to sacrifice their privacy in order to function in today's society (and that, to me, is abominable).


But this is all premature. The Do Not Track request has been extremely slow to catch on, and it's unlikely that we will see widespread adoption soon. Considering that the FCC ruled against enforcing the DNT request, the odds aren't great. So for now, the Do Not Track request remains a utopian ideal that will, in all likelihood, stay that way.