Mozilla's Fowler thinks that DAA parallel effort, which industry groups need to pursue anyway for their own internal self-regulatory programs, might bear fruit. "If they get it right, the opportunity for the W3C to move quickly on a spec is there. It will make the job for the W3C a lot easier," he says.
Jonathan Mayer thinks a solution will need to come from elsewhere. He is now working on Tracking Not Required, a project that stores browsing history data locally "instead of [on] some site you've never heard of," and enables users to determine who gets to see that data.
Increasing numbers of users have been taking matters into their own hands by using anti-tracking browser add-on tools such as Disconnect, based on the add-on download statistics from the major browser vendors. And Mozilla recently released Lightbeam for Firefox, an add-on that attempts to raise consumer awareness by letting users see visually who is tracking them as they surf the Web.
Lightbeam for Firefox lets users see visually who is tracking them as they surf the Web.
In addition, Fowler says that Mozilla has been debating different approaches to blocking third-party cookies -- cookies placed by parties other than the publisher of the site -- including turning the feature on by default in Firefox. According to Alan Chapell, a similar move by Firefox or another major browser vendor would represent a tipping point that could break down the current system. (Apple's Safari browser, which has a relatively small market share, already blocks third-party cookies by default.)
Fowler adds that Mozilla is looking at a range of options, including limiting blocking in certain contexts. For example, third-party cookies might be blocked except when used in conjunction with a shopping cart, or when the user has a relationship with a given third-party site. Or it might create and use a third-party tracking protection list that ships with the browser. "It really is pretty open," he says.
However, Zaneis believes that third-party cookie blocking will only make matters worse. "If they turn off cookies today," he says, "tomorrow you will have a less transparent identifier out there. Companies will switch to statistical identification techniques, which are invisible to the user." And that, he adds, would undermine what Mozilla is trying accomplish.
Mayer isn't too worried. "The consumer control train has left the station," he says. "It's clear that we're heading for something very different, and I'm optimistic about it."
Downey, on the other hand, sees the newer, more sophisticated tracking methods such as browser fingerprinting as a big concern. "There are unique identifiers out there today and it's getting worse. We can't protect against that," she says. Only the browser vendors are in a position to solve the problem, she argues.
Sign up for CIO Asia eNewsletters.