Every major Internet browser has a feature that lets you tell a website that you don’t want it to collect personal information about you when you visit.
And virtually every website ignores those requests. Tracking your online activities — and using that data to tailor marketing pitches — is central to how Internet companies make money.
Now California’s attorney general, Kamala D. Harris, wants every site to tell you — in clear language — if and how it is respecting your privacy preferences. The guidelines, published on Wednesday, are intended to help companies comply with a new state privacy law that went into effect on Jan. 1. That law requires sites to prominently disclose all their privacy practices, including how they respond to “do not track” requests.
“This guide is a tool for businesses to create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions,” Ms. Harris said in a statement.
The California guidelines for the Jan. 1 privacy law are voluntary. Other efforts to establish more binding privacy protections — either through federal or state laws or through industry self-regulation — have failed to win enough support to pass.
Jeff Rabkin, special assistant attorney general on technology and privacy matters, said that Ms. Harris’s office would review companies’ privacy policies and work with them to make sure they followed the new law. Those who don’t comply will receive 30-day warnings before facing potential litigation from the state.
The history of the “do not track” issue is a case study in how difficult it is to truly protect users’ privacy on the Internet.
The Federal Trade Commission first proposed “do not track” rules in 2010. Nothing happened. Two years later, the White House announced a “Consumer Privacy Bill of Rights,” which stated that individuals should have control over their private information, including how they were tracked online. However, that document was just a statement of intent, with no teeth.
In an attempt to nudge the process along, two of the leading web browsers, Mozilla’s Firefox and Microsoft’s Internet Explorer, began giving users the option of sending a signal that tells all websites they visit that they don’t want to be tracked. Apple’s Safari and Google’s Chrome later added similar options.
But despite pledges by the advertising and technology industries to find a way to honor such requests — and endless discussions at an industry standards group, the World Wide Web Consortium, that was supposed to come up with a common set of rules — little progress has been made. This month, a White House advisory group again called for limits on tracking.
Today, virtually no site respects “do not track” requests coming from web browsers. The only major company that honors the signals is Twitter.
Yahoo, which was one of the first companies to respect “do not track” signals, announced last month that it would no longer do so. Part of the company’s turnaround strategy depends on personalizing its services and advertising, which requires — you guessed it — tracking you across the web.
“As the first major tech company to implement Do Not Track, we’ve been at the heart of conversations surrounding how to develop the most user-friendly standard,” Yahoo wrote in a blog post. “However, we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.”
Officials at Yahoo, Google and Facebook all stressed that they offered their users various other tools to limit the amount of tracking that occurred when users wandered to other sites.
Microsoft said Ms. Harris’s guidance on best practices would be helpful as companies interpreted the California law. “We appreciate the willingness to engage industry in developing some of the thinking,” the company said in a statement.
But a simple, one-click method of opting out of web tracking remains elusive.
The crux of the problem is that no one agrees on what “do not track” actually means. “It’s like I give you a dollar, and you decide what a dollar is worth to you,” said Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, an advocacy group that has closely followed the debate.
Most sites assume that you’re fine with being tracked while you’re on the site. If you’re on Facebook, for example, the company figures you are comfortable with it knowing what you do while you’re there.
But beyond that, it gets murky fast. Does “do not track” mean that Facebook shouldn’t follow you to other sites to show you ads based on what it knows about you? Does it mean that Facebook should stop the tracking needed so that its users can visit a news site and click a button to like or share an article with their Facebook friends?
The Digital Advertising Alliance, which encompasses virtually every company involved in online advertising, is working on its own “do not track” technology that would apply only to tracking for ad purposes.
“Other than for some limited exemptions, it would stop the creation of dossiers of the sites you’ve visited,” said Stuart Ingis, a partner at the Venable law firm and counsel to the alliance. But he said sites would still be able to figure out that you were shopping for a new car, for example, based on other information, so it’s not clear what exactly would be blocked.
Nor is it clear whether this effort, too, will even see the light of day. “It might never come out,” Mr. Ingis said. “We’re trying to get consensus. It’s a very broad industry.”
In the meantime, what can you do to protect your privacy online?
At the most extreme end, you can turn off all cookies, the little bits of software that companies drop into your web browsers that do everything from remembering your login for a specific site to tracking your every move on the web.
Be warned: Many sites won’t operate properly with all cookies blocked. But if you want to do it anyway, Wikihow has a handy illustrated guide for how to adjust your settings on each of the major browsers, or you can search the help pages within your particular browser.
If you are mostly concerned about the tracking being used to deliver personalized advertising, the ad industry has created a page where you can opt out of tracking by participating companies. However, the site is slow and buggy, and I’ve found that even when I opt out, some companies quickly start tracking me again. Third-party tools like Adblock Plus and Ghostery can also be helpful.
To limit tracking that happens on individual sites like Google or Facebook, you can also visit their privacy pages and adjust your settings from there, to the extent they allow it.
Mr. Tien’s group, the Electronic Frontier Foundation, is working on its own solution. It recently released software called Privacy Badger that tries to selectively block tracking by the companies that the group finds the most objectionable. The tool is still in testing, however, and many sites don’t work properly when it’s turned on.
One more thing: Most of the current “do not track” options don’t apply to smartphones and mobile apps, which are becoming far more important paths to getting online. Tracking technology — and ways to block it — is much more nascent on mobile.