W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

Re: do not track list?

From: Karl Dubost <karld@opera.com>
Date: Thu, 18 Nov 2010 06:39:37 -0500
Message-Id: <4EEB7408-D758-4F43-A861-8DAAC8A616DB@opera.com>
Cc: "Chappelle, Kasey, VF-Group" <Kasey.Chappelle@vodafone.com>, "Thomas Roessler" <tlr@w3.org>, public-privacy@w3.org
To: Rigo Wenning <rigo@w3.org>

Le 18 nov. 2010 à 06:07, Rigo Wenning a écrit :
> the ID allows you to put a magnifying 
> glass on this one user in the middle of the crowd whatever the context is. And our computers are powerful enough to keep the focus on that one individual. 

Yes saying same thing here ;). 
"keep the focus" = time density context in aggregation.

> And here the "no tracking" does something very intelligent. It is a message 
> from the user to the service. "Do not track me". And the service can honor the  request from the user.. or not.

That is a good thing.
Agreed but that will make plenty of Web services unusable, exactly the same way than when you remove Javascript and Cookies. I'm not saying it should not be done, just that you have to be ready for the consequences. 

Granularity is hard to manage (contexts). [I have done a few longterm real experiments for this with js/cookies.]

> So there is a combination of how a protocol is designed and what legal 
> consequences can be derived from a protocol. 

I think the strong side of the stick must be on the other side but that might be even harder to achieve. P3P relies on people with the interests to do the right thing. Socially, it never flies very far, except if there are strong penalties in return. The network is distributed, then systems relying on central authority will be harder to put in place. 

See the mail for example, there are quite a number of laws in place, but the best way to fight the spam is on the receiver side. Eventually we will evolve to a system where you can receive mails only from people you know (whitelisting). There might be one reason why people like instant messaging/microblogging. Easier to control the spam.

In my experiment with the indexing of my server content by external entities, I have realized the same thing. The only way to effectively enforce a "do not index my content" is to
 
    "block and not say", 

which is different from 

    "say to not block".

So yes the protocol has to be carefully design for helping the user to just block things. So instead of do not track me, there should be a do not send anything (user agent, font, screen size). 

But then we are back to the initial point, certain sites are becoming not usable and granularity is hard to manage. Maybe we are asking the question the wrong way. Does it matter that we are tracked? We are all the time in the physical world. What are our values with regards to this tracking? What are our abilities to escape it, in which ways? 

If people have read until here ;) Do this exercise today:

	In the *physical* world today or tomorrow, 
	write down when you have been identified,
	Imagine what you could have done (or not)
	for not being identified. What made you 
	traçable?

"Do not track me" is far too wide in scope to lead to any good results. 

* Identifying
* Aggregating
* Forgetting

-- 
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software
Received on Thursday, 18 November 2010 11:40:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 18 November 2010 11:40:16 GMT