I use a privacy guard tool to protect my identity on the Internet. What's interesting to me are the number of sites out there that require that I provide this information before they will show their site to me. But instead of saying that I am blocking a request they want to make of my browser, most sites say something like "You are using an older browser that does not support the tools on this site. Please upgrade to IE 6 or Firefox 1 to view this site." Of course, since I'm using Firefox 1, this error message is wrong and annoying.
The idea that Web developers have is that since older browsers don't support these calls, if you are blocking them, you must be using an older browser. The assumption is, if your browser doesn't reply with answers to these privacy calls, you need to upgrade, and you'll get a message to that effect rather than the Web page you want.
What Requests Might be Considered an Invasion of Privacy
- Referer
The Web page you were on directly before you came to the current page.
Unless it was on the exact site you are currently on, it's really none of your business where the customer was. Granted, as a Web developer, it's interesting to know, but there are other ways to collect that information.
- User-Agent
The type of browser, version, and operating system it's running on.
The justification here is that Web browsers aren't standards compliant, but there are ways to check if the browser can support your site without actually finding out what browser they're using. Plus, many browsers lie when asked what they are. For example, Opera used to send that it was Internet Explorer, and IE for a while was sending that it was Mozilla.
- From
The email address associated with the Web browser.
This is probably the most egregious. While many people might not care if you have their referrer or browser information, they generally don't want to give out their email address unless they know they are doing so.
Before You Require These Calls
- It's no longer old browsers who don't report this information.
There are many programs available, such as Norton Internet Security, which will block these privacy calls from Web sites.
If your site collects this information, your error messages should reflect what is exactly wrong. In other words, don't say "please use a modern browser" or otherwise imply that they are not up-to-date. I browse with IE 6 and Firefox 1, and have been accused of using 3.0 versions because I block these privacy calls.
- How are you going to use this information?
There is one situation where I wrote a CGI that required the referer information in order to work correctly, but 90% of my scripts and programs don't need any of these privacy calls.
If you're collecting this information for marketing research, then I wouldn't require it to get into your site. In fact, even if you require it, you should give your customers the chance to supply it themselves if the information is blocked.
- Some of the information might not be accurate
Especially the "from" request. It relies on the browser to pass information, and some browsers don't store the information or they pass inaccurate information. In fact, some browsers deliberately pass incorrect user-agent information to bypass browser detection scripts.
I wouldn't recommend using the from request. It is often not supported by browsers, and so the information you get from it is suspect. And, as I've mentioned above, the user-agent can be falsified as well.
Honesty with your readers is vital if you're going to keep them. Post a privacy policy that details what types of information you collect and why. If information is required, don't collect it through subterfuge, but instead allow your customers to provide it directly. And if you provide valid reasons for needing the information you'll find that they will be happy to give it to you.
