Respect User Choice ~ Do Not Track

“private signage door” by Dayne Topkin on Unsplash

Note: This was originally posted on November 6, 2015 ~ Alas my original blog is no more 😦 As people has been asking about this article, and seeing that it is linked to from the repository, I thought it high time to bring it back to life.

Two of the cornerstones of the open web is choice, and trust. Recently more and more attention has been focused on a practice that’s eroding these cornerstones. I am here of course referring to online tracking as done by, among others, behavioural advertising companies, governments, mobile carriers, ISPs online. Not only are they breaking user trust by tracking them without permission, they do not offer users a choice in this regard.

In fact, it is even worse than that.

Thanks to work initiated by Mozilla, users have a way of telling the above mentioned players that they wish to not be tracked online. This mechanism is known as Do Not Track. Going over the mechanism of how Do Not Track works and is implemented, is outside the scope of this post. Read the EFF article above if you wish to learn the details.

What this post is about, is giving you a simple JavaScript utility that will enable you to respect your user’ choice, by honouring their Do Not Track status.

“But I do not have any advertising on my site.”, you might say. Well, if you use tools such as Google Analytics or Google Tag Manager to users access statistics or, to track user behaviour, your users are being tracked. If you are using Optimizely, to do A/B testing on your site, you users are being tracked.

If you embed social buttons, or use something like AddThis for social sharing, your users are being tracked. Even after they have left your site.

You may also sight a recent article on Ars Technica regarding a FCC ruling that websites can continue to ignore Do Not Tack. You could even argue that users have a multitude of options to protect themselves if they wish to not be tracked, such as uBlock, Privacy Badger, Ghostery and more recently, using Firefox’ Private Browsing with Tracking Protection. But the onus should not be on the user.

As with accessibility and a good user experience, honouring the choices made by your users is the right thing to do, with the positive side effect of increasing user trust. With all of that said, let’s move on to the how of this post.

The core of this is a JavaScript function that returns the current status of the Do Not Track flag. You can thus use this to wrap for example, your GA scripts.

That’s it. You will now only be adding Google Tag Manager/Google Analytics, if the current user has not enabled Do Not Track.

The Technical Details

Let’s step though some of the details regarding the implementation of the helper. The first part is actually getting the status of the doNotTrack property. Now, it should be a simple process but, due to browser differences, it turns out to a bit more effort than it needs to be.

According to the Tracking Preference Expression(DNT) specification, the property should be on the navigator object and, it is thus in Firefox, Chrome and newer versions of Opera(using blink).

For some time, whilst the specification was not yet a recommended standard and, Microsoft’s implementation differed from the draft, it existed as a prefixed navigator.msDoNotTrack property in Internet Explorer. That was until, in Internet Explorer 11, Microsoft decided to embrace the specification and not enable Do Not Track by default but, what they also did, was to move the property from navigator to window. And here we are, having to jump through hoop after hoop to simply get the value of this property.

Note: The property is also set on the window object in Safari.

Next we need to talk about the following line:

As mentioned above, there was a lengthy period where Microsoft’s implementation did not follow the standard and enabled Do Not track by default. This meant, it was no longer an indication of user choice. Thus, it makes it impossible to honor the setting and this is why we need the Arrayof affected Windows versions above.

Skipping over the regular expressions bits we get to a pretty large conditional block. Here we then need to figure out the real status of Do Not Track before returning the result to the caller. First up, we handle old versions (lte IE8) where this flag did not exist.

No point in doing anything more, we can simply return false and be done with it. Now, Firefox has not been entirely innocent here either:

For versions of Firefox prior to version 32, there was a bug with the return value of the doNotTrack property. The tl;dr is that the “yes” value meant that the user has expressed an intent, but not what the intent was. Therefore we need to set the return value as Unspecified. Next up is handling the anomalous Windows versions where Do Not Track was set to true by default.

As mentioned earlier, in these cases we cannot trust the setting of the Do Not Track flag to be user specified and thus need to default to “Unspecified” i.e. false.

With all of that out of the way, we can handle the last happy case where we simply use the value returned by the browser but, handling possible outlier cases where the value is undefined. The only thing left is to return true or false if we have not already returned in an earlier step.

I sincerely hope people find this little utility useful, and will use it on their sites. When we respect our user’ privacy and choices, users, and the open web, wins and that, is always a good thing.

I look forward to your comments.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Schalk Neethling

Schalk Neethling

I write about mental health, addiction, sober living, living your best life through an active lifestyle and a whole food plant-based diet. Psychedelic curios :)