W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2010

Re: Cookies - Raising Awareness

From: Marcos Caceres <marcosc@opera.com>
Date: Thu, 22 Jul 2010 10:48:04 +0200
Message-ID: <4C4805C4.1090402@opera.com>
To: ifette@google.com
CC: public-privacy@w3.org, David Rogers <david.rogers@wholesaleappcommunity.com>, Karl Dubost <karl+w3c@la-grange.net>
Hi Ian,

On 7/21/10 6:43 PM, Ian Fette (イアンフェッティ) wrote:
> On Wed, Jul 21, 2010 at 9:28 AM, Marcos Caceres <marcosc@opera.com
> <mailto:marcosc@opera.com>> wrote:
>
>     Hi All,
>
>
>     On 7/21/10 3:10 PM, David Rogers wrote:
>
>         I tweeted this at the time from comedian Lee Mack, but it is
>         really reflective on 99% of users:
>
>         Most users do not have a clue .In the words of Lee Mack:"Have
>         you tried disabling cookies?""Well, I once bit the legs off a
>         gingerbread man"
>
>         http://twitter.com/drogersuk/status/18347149194
>
>
>     Jokes aside (and I know David did not mean to imply this so I am
>     saying it generally), but just because users don't understand
>     something does not mean they should not be entitled to a protection
>     or control of privacy. To quote James Boyle [1], who discusses
>     similar dispossession of rights in the context of intellectual
>     property, this is similar to "the Supreme Court decisions that
>     dispossessed the American Indians on the theory that they did not
>     comprehend the concept of property and thus did not “own” the land
>     being taken from them" p.54.
>
>     I know that the above kinda goes without saying it. However, during
>     the workshop certain people did argue that things like geopriv were
>     too confusing for end users, and would up the cost for implementers
>     and vendors, therefore users should not be entitled to such
>     technological protections.
>
>
> And car owners should not be deprived of the best MPG (or litres/100km)
> possible, so we should ask them a slew of factors and ask them to solve
> a differential equation to determine the optimal "driving coefficient"
> for their driving style, which they should then input into the steering
> wheel by turning it left to decrement a value, right to increment a
> value, and honking to set the value, and they should do this before each
> trip in case they gained or lost weight.

Lets take some real world examples: Google, for instance, respects on 
user-by-user basis whether it should retain the search history. It only 
took a couple of clicks for me to work that out. Facebook, as another 
[not so great] instance, respects my expressed desire to not make 
certain things public in my profile (e.g., my birthday). With one click, 
I made everything relating to my profile visible only to "friends". It's 
not that hard to make an interface to do the right thing: no 
differential equations were solved by me in the process:)

> Hopefully it's obvious that the above is sarcasm, but I think it's about
> as over the top as suggesting that arguing against these controls being
> in the browser is akin to stripping native americans of their land.

It was an analogy: the point I am making is that we must not see 
ourselves as not belonging to the group of people to which our decisions 
affect. To do so risks adversely impacting both ourselves and others in 
detrimental ways (stripping people of their right to land serves as an 
extreme reminder of what can happen when we differentiate ourselves from 
those to which our choice impact). The solutions we come up with here 
should work just as well for us (people in this forum) as they would for 
anyone else - no exception, we are in the same boat and it's dangerous 
to pretend otherwise.

> What I have been trying to convey, and what Aza said at the workshop, is
> that we have to respect the user, and respecting the user is not
> synonymous with prompting them for everything, we also have to respect
> their time and make sure we can build in user interactions that they
> understand and that make sense for the task at hand.

Firstly, you are using language that dissociates people working on 
technology ("we") with those that use the technology ("their"). As I 
said above, I refuse to disassociate myself as a user and I please urge 
you to stop that too. I'm sure you use more than one browser over which 
you have limited direct influence.

Secondly, everyone knows that constant prompting is annoying and does 
not work. I never said that prompting was a solution to any problem. I'm 
interested in exploring alternative solutions to the problem that 
"respect the user" (including you and me). Not exploring solutions, or 
denying there is a problem, would be totally disrespectful to the user.

> Asking the user on
> each cookie and expecting them to read 50 comments on 50 cookies to
> access cnn.com <http://cnn.com> is not respecting the user.

I agree.... It might be that cookies are already broken by design and we 
just have to live with that (they were certainly not built with privacy 
in mind). However, new technologies, such as the DAP APIs, can learn 
from the mistake that is cookies.

> Re:
> attaching policy with "advanced APIs" I am skeptical about the ability
> to build a good UI for this in the browser,

Apologies, and with no disrespect, I was not aware that you were are a 
user experience or GUI designer. Even if you are an expert GUI designer, 
this does not mean that an alternative is not available despite your 
skepticism to come up with a better solution. Thought I do respect your 
experience and knowledge of browsers, and your skepticism, it might just 
be that you yourself cannot come up with a solution; but that should not 
discourage this forum from exploring solutions.

> and i am doubly skeptical
> that the browser is the right place to put this in given that I think
> the controls users want will ultimately depend on data specific to the
> site, as well as settings/options specific to the site.

I agree that this might be site/context/data specific: that is a 
challenge to investigate further. Regardless, the web browser, as an 
agent for the user, already respects the expressed desires of web sites 
about how long content can be kept before it expires, if content can be 
cached, etc. through HTTP headers and mechanisms like HTML5's manifest. 
Is it really that unrealistic that websites should respect the desires 
of users in the form of some rule-set or reverse cookie? Interactions 
between browser and server already happen mostly transparently. There is 
no reason why that transparency cannot happen from the client 
communicating with the server.

> I am also
> skeptical the user will understand what happens when no site out there
> actually takes any action based on their "preference".

There are two approaches to this: one is technological and another is 
legal. Technologically, can a server assume that a client will respect 
HTTP headers and not behave maliciously? As a server cannot assume that, 
a client must also make similar assumptions. Even though both parties 
cannot trust each other, the whole internet continues to function and 
commerce continues to take place.

Legally, penalties can be put in place that serve as deterrents to those 
that do not respect user preferences/privacy. Of course, a delicate 
balance needs to be reached to not scare adopters of the technology: 
it's why we have people that are working with regulatory authorities, 
such as the EU, on this list. There are always going to be bad people 
who don't play nice, so regulatory authorities certainly have a role to 
play here in protecting the individual while being liniment with 
companies who make honest mistakes that have privacy implications 
(*cough* street-view cars collecting WIFI data *cough*).

> If someone wants
> to prove me wrong, again I think this can be done today. Get the CDT to
> get users to come to their website and specify their preferences, and
> provide some script that third party sites can use to query the value of
> the user's preference. Try it out before trying to push it into browsers.

I'm all for that. And I'm certainly not for "pushing it into browsers" - 
it's why we are having these discussions outside the DAP list. I'm 
trying to have a discussion about it. Creating a proof of concept is an 
even better idea.

>     I personally believe that for site owners to access "advanced Web
>     APIs" should incur a level of commitment to privacy: both at the
>     technological level and at the legal level. That is to say, if I, as
>     a site operator, use a particular API that accesses a user's private
>     data, then I should respect what the user dictates are the
>     restrictions on that data (spatial, temporal, etc).  For an API to
>     not afford the end-user with any means at all to dictate their
>     usage-rights over that data unfairly dis-empowers users - dare I say
>     in the manner the Supreme court did in the quote I gave above. I
>     also support the notion that  individual bits of data may not make
>     up the tangible object to which the protections can be applied to
>     (e.g., a geotagged photo, where the geolocation is stamped after the
>     photo is taken, and the people in the photo are tagged from my
>     address book).
>
>     Lastly, I want to take issue with users not understanding stuff. I
>     class myself as a user :) I don't see myself as some special person
>     above any other person. If I am capable of understanding this stuff,
>     I don't see why anyone else would not be... and if another user is
>     not getting it, you are probably just not explaining it right.
>
>
> Sorry Marcos, but anyone who works for a browser vendor in my opinion
> doesn't get to say "well, I understand it so I expect others will too" :)

You've twisted my words here. I certainly was not saying that I "expect 
others will too" - I was saying that we can't give up trying to explain 
things. Also, you can't disqualify people just because they work for a 
browser company (do you disqualify the tens of thousand of people that 
work at Google as users just because they work at Google? of course you 
don't.).

Furthermore, I don't have anything to do with the actual code that goes 
into Opera (I have never even seen any of the source code of Opera). I 
am a mere user of the browser. I don't see how working at some place 
automatically disqualifies someone from having a say.

Kind regards,
Marcos
-- 
Marcos Caceres
Opera Software
Received on Thursday, 22 July 2010 08:49:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:51 UTC