Everybody knows we here at EFF are big fans of Do Not Track (an HTTP header users can have their web browsers send to websites, indicating that they don’t want the websites to track them). That’s why we developed Privacy Badger, a browser extension that blocks third parties that don’t honor Do Not Track (DNT) requests. It’s also why we continue to expand our DNT Coalition—a group of companies and organizations who have committed to honor DNT requests on their websites.
So when the FCC announced last week that [PDF] it would not create regulations requiring Internet “edge providers”1 like Google, Facebook, or Amazon to honor DNT requests, you might expect us to be outraged, arguing that the FCC had abandoned users’ privacy to the proverbial wolves. But in this case we think the FCC actually made the right call.
Simply put, while the FCC can and should have rules of the road for ISPs, the agency should not be in the business of regulating websites – no matter how laudable its intentions.
Why the distinction between websites and ISPs? Because ISPs occupy a much more privileged position on the network. They carry all of a user’s traffic. That gives them the power to act as gatekeepers, deciding what sorts of traffic users can send and receive. It also gives them the opportunity to modify user traffic, adding privacy-destroying tags like Verizon’s UIDH super-cookie.
Edge providers, on the other hand, don’t have quite as much power. It’s a lot easier for users to “vote with their feet” and use a different edge provider for search, social networking, blogging, etc., than it is to change ISPs. Users also have more control over what information they send to edge providers—that’s why tracker blockers like Privacy Badger work. And of course, there’s the matter of jurisdiction; while ISPs operate in specific geographical areas, websites are accessible (and hosted) all over the world, which would raise all sorts of terrible jurisdictional issues.
So while we agree that websites should honor DNT requests, and we will continue to develop tools that will enforce DNT requests at a technical level, we don’t think FCC regulation is the right approach right now.
- 1. In FCC parlance, “edge provider” refers to any operator of a website or web service that’s not an ISP.