The folks at the Stanford Security Lab are a suspicious bunch. Since they’re studying how to make computers more secure, I guess it comes with the territory. Their current interest is tracking cookies and the Do Not Track opt-out process. Using “experimental software,” they conducted a survey to see how many members of the Network Advertising Initiative (NAI), actually complied with the new Do Not Track initiatives.
What they found is that more than half the NAI member companies did not remove tracking codes after someone opted out.
NAI member companies pledge only to allow opting out of behavioral ad targeting, not tracking. Of the 64 companies we studied, 33 left tracking cookies in place after opting out.
Ah, but we all know how stats can be twisted, so let’s keep reading. The next line says:
At least eight NAI members promise to stop tracking after opting out, but nonetheless leave tracking cookies in place.
I take that to mean that the other 25 companies never actually said they would remove tracking cookies, it’s just that they belong to a fellowship that wishes they would.
The Standford boys do emphasis that these are preliminary findings with “experimental software” so they could be way off the mark. They probably aren’t, but we can hope.
There’s probably a small percentage of companies who will blatantly ignore any attempts to stop tracking. For the rest, it’s more likely a case of not having procedures in place. Their intentions are good, but lack of manpower and the proper tech is probably what’s keeping them from following through on those good thoughts.
Since they can’t go after them with big guns, the Stanford study went with public embarrassment. They’ve published a list of the websites showing which ones are compliant and which ones aren’t. If you’re working with an ad network, you might want to check it out.