Co-founder of the Apache HTTP Server Project Roy Fielding is under attack for designing a patch that makes Microsoft’s impending do-not-track command useless.
If the patch – which annuls the default do-not-track settings planned for Internet Explorer 10 – becomes part of Apache, it will have a sweeping effect because Apache is used by nearly 600 million websites, Netcraft reported.
Fielding posted the patch code to Github with a reminder: “Apache does not tolerate deliberate abuse of open standards.”
“The only reason DNT exists is to express a non-default option,” Fielding wrote on Github. “That’s all it does. It does not protect anyone’s privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization. Microsoft deliberately violates the standard. They made a big deal about announcing that very fact.”
Microsoft, a member of the Tracking Protection working group, is “fully informed of these facts,” Fielding added.
“They are fully capable of requesting a change to the standard, but have chosen not to do so,” he wrote. “The decision to set DNT by default in IE10 has nothing to do with the user’s privacy. Microsoft knows full well that the false signal will be ignored, and thus prevent their own users from having an effective option for DNT even if their users want one. You can figure out why they want that. If you have a problem with it, choose a better browser.”
Fielding is one of a group of computer programmers who have “commit” privileges at Apache. This means his patch will be included in the next version of the software unless overturned.
Microsoft said in May it planned to initiate do-not-track by default in Internet Explorer 10 but announced a change of plan last month.
“DNT will be enabled in the express settings portion of the Windows 8 set-up experience,” Brendon Lynch, Microsoft chief privacy officer said in an Aug. 7 blog post.
“There, customers will also be given a customize option, allowing them to easily switch DNT “off” if they’d like,” Lynch wrote. “This approach is consistent with Microsoft’s goal of designing and configuring IE features to better protect user privacy, while also affording customers control of those features. It also underscores that the privacy of our customers is a top priority for Microsoft.”
Although Fielding posted the patch last month, it went largely unnoticed until late last week, when other programmers began chatting about it online.
According to posts on GitHub, Fielding has garnered little support.
“There’s just so many things wrong with this commit,” one post reads on GitHub. “You don’t find it just a little wrong that users are going to think this is turned on, yet you guys are just turning it off? Why are you punishing users too?”
Another critic wrote: “This checkin is very obviously laced with your personal bias and has nothing to do with anything other than your opinion. It does nothing to protect user interest. It singles out a particular browser, and it damages the idea of open source.”
“You sir, are misusing your power in this project to support your personal bias and opinion,” wrote yet another critic. “That is a clear sign your rights within the project should be removed for the sake of users and to avoid damaging Apache reputation.”