W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2010

Re: Cookies - Raising Awareness

From: イアンフェッティ <ifette@google.com>
Date: Wed, 21 Jul 2010 09:43:07 -0700
Message-ID: <AANLkTi=o4Gw8-2KyS2sPqO6bpPjT2aor9B-r6fjF9yyU@mail.gmail.com>
To: Marcos Caceres <marcosc@opera.com>
Cc: public-privacy@w3.org, David Rogers <david.rogers@wholesaleappcommunity.com>, Karl Dubost <karl+w3c@la-grange.net>
On Wed, Jul 21, 2010 at 9:28 AM, Marcos Caceres <marcosc@opera.com> wrote:

> Hi All,
> On 7/21/10 3:10 PM, David Rogers wrote:
>> I tweeted this at the time from comedian Lee Mack, but it is really
>> reflective on 99% of users:
>> Most users do not have a clue .In the words of Lee Mack:"Have you tried
>> disabling cookies?""Well, I once bit the legs off a gingerbread man"
>> http://twitter.com/drogersuk/status/18347149194
> Jokes aside (and I know David did not mean to imply this so I am saying it
> generally), but just because users don't understand something does not mean
> they should not be entitled to a protection or control of privacy. To quote
> James Boyle [1], who discusses similar dispossession of rights in the
> context of intellectual property, this is similar to "the Supreme Court
> decisions that dispossessed the American Indians on the theory that they did
> not comprehend the concept of property and thus did not “own” the land being
> taken from them" p.54.
> I know that the above kinda goes without saying it. However, during the
> workshop certain people did argue that things like geopriv were too
> confusing for end users, and would up the cost for implementers and vendors,
> therefore users should not be entitled to such technological protections.
And car owners should not be deprived of the best MPG (or litres/100km)
possible, so we should ask them a slew of factors and ask them to solve a
differential equation to determine the optimal "driving coefficient" for
their driving style, which they should then input into the steering wheel by
turning it left to decrement a value, right to increment a value, and
honking to set the value, and they should do this before each trip in case
they gained or lost weight.

Hopefully it's obvious that the above is sarcasm, but I think it's about as
over the top as suggesting that arguing against these controls being in the
browser is akin to stripping native americans of their land.

What I have been trying to convey, and what Aza said at the workshop, is
that we have to respect the user, and respecting the user is not synonymous
with prompting them for everything, we also have to respect their time and
make sure we can build in user interactions that they understand and that
make sense for the task at hand. Asking the user on each cookie and
expecting them to read 50 comments on 50 cookies to access cnn.com is not
respecting the user. Re: attaching policy with "advanced APIs" I am
skeptical about the ability to build a good UI for this in the browser, and
i am doubly skeptical that the browser is the right place to put this in
given that I think the controls users want will ultimately depend on data
specific to the site, as well as settings/options specific to the site. I am
also skeptical the user will understand what happens when no site out there
actually takes any action based on their "preference". If someone wants to
prove me wrong, again I think this can be done today. Get the CDT to get
users to come to their website and specify their preferences, and provide
some script that third party sites can use to query the value of the user's
preference. Try it out before trying to push it into browsers.

> I personally believe that for site owners to access "advanced Web APIs"
> should incur a level of commitment to privacy: both at the technological
> level and at the legal level. That is to say, if I, as a site operator, use
> a particular API that accesses a user's private data, then I should respect
> what the user dictates are the restrictions on that data (spatial, temporal,
> etc).  For an API to not afford the end-user with any means at all to
> dictate their usage-rights over that data unfairly dis-empowers users - dare
> I say in the manner the Supreme court did in the quote I gave above. I also
> support the notion that  individual bits of data may not make up the
> tangible object to which the protections can be applied to (e.g., a
> geotagged photo, where the geolocation is stamped after the photo is taken,
> and the people in the photo are tagged from my address book).
> Lastly, I want to take issue with users not understanding stuff. I class
> myself as a user :) I don't see myself as some special person above any
> other person. If I am capable of understanding this stuff, I don't see why
> anyone else would not be... and if another user is not getting it, you are
> probably just not explaining it right.

Sorry Marcos, but anyone who works for a browser vendor in my opinion
doesn't get to say "well, I understand it so I expect others will too" :)

> [1] http://www.thepublicdomain.org/
> --
> Marcos Caceres
> Opera Software
Received on Wednesday, 21 July 2010 16:43:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:51 UTC