W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2011

Re: UK commissioner has privacy suggestions, and supercookies in use

From: Aleecia M. McDonald <aleecia@aleecia.com>
Date: Thu, 18 Aug 2011 12:14:46 -0700
Message-Id: <E8DA6781-2E58-4001-BADF-524DDC534E8A@aleecia.com>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
I can corroborate what Ashkan, Chris, et al found from situations a year prior. Corporations hire contractors. The contractors get great results with LSO tracking, no one thinks to question the methods (the engineers / management within the corporation may never have even heard of LSOs,) and everyone is happy. Well, until the lawsuits. Surprise! 

There are times I have been deeply skeptical when companies claim their data gathering practices were due to a "bug" (my favorite: a company making this claim when that same "bug" was somehow part of their well-documented API. Cough.) But I have also seen ernest people scratching their heads trying to figure out things like: how many HTTP cookies do we set? What data do we collect? Why? What is this backend database of customer data from, or for, and why was it created in the first place? LSOs are even more likely to go unnoticed within a company. 

This is not to offer excuses for companies that do not know their own data practices. Rather the opposite. 

	Aleecia

On Aug 18, 2011, at 4:58 AM, Hannes Tschofenig wrote:

> Hi Richard, Hi David, 
> 
> I also believe that sounds quite reasonable to me. 
> 
> If you consider that many folks use some form of content management framework or blog and I doubt that they really understand what is going on under the hood. You have to know the technology in a fair level of detail to understand what the implications of each and every plugin is (not mentioning that they get updated regularly or even reference JavaScript code hosted on some other site).
> 
> Once you use certain tools (e.g., analytics tools, and other forms of plugins) it is obviously difficult to switch to turn them off and use something else because you may need a fair amount of time to re-organize your site. 
> 
> Ciao
> Hannes
> 
> On Aug 18, 2011, at 2:46 PM, Richard Barnes wrote:
> 
>> It's not all that implausible that the sites didn't know what was
>> going on, for some definition of "the sites".  At least a couple of
>> scenarios come to mind:
>> 1. Ad company's instructions say "paste this code into your site", and
>> a developer does it without investigating thoroughly
>> 2. Management asks developers to implement features that require
>> tracking (e.g., persistent sign-on), and developers add the required
>> tracking
>> 
>> 
>> On Thu, Aug 18, 2011 at 4:07 AM, David Singer <singer@apple.com> wrote:
>>> the suggestions story: <http://www.bbc.co.uk/news/technology-14557364>
>>> 
>>> and supercookies: <http://www.mercurynews.com/business/ci_18704381?source=rss>
>>> 
>>> contains the apparently surprising statement;  "Many of the companies say they didn't know they were using the new techniques and stopped after the researchers contacted them."
>>> They didn't know what techniques they were using?
>>> 
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>> 
>>> 
>>> 
>> 
> 
> 
> 
Received on Thursday, 18 August 2011 19:15:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:53 UTC