W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: privacy definitions -- was: WebID questions

From: <wilton@isoc.org>
Date: Wed, 17 Oct 2012 07:10:29 +0000
Message-ID: <1463668320-1350457794-cardhu_decombobulator_blackberry.rim.net-2048955165-@b4.c6.bise7.blackberry>
To: "David Singer" <singer@apple.com>, Ian.Oliver@nokia.com
Cc: henry.story@bblfish.net, melvincarvalho@gmail.com, benl@google.com, public-privacy@w3.org, public-webid@w3.org
+1

Well put.

Robin
Sent from my BlackBerry - apologies for typos/terseness

-----Original Message-----
From: David Singer <singer@apple.com>
Date: Wed, 17 Oct 2012 14:49:03 
To: <Ian.Oliver@nokia.com>
Cc: <henry.story@bblfish.net>; <melvincarvalho@gmail.com>; <benl@google.com>; <public-privacy@w3.org>; <public-webid@w3.org>
Subject: Re: privacy definitions -- was: WebID questions

Worse, I think it's misleading to focus on a technology -- cookies -- and not the principle.

The principle is whether a site is storing data about me.  It doesn't make much material difference to me whether the site stores the data in cookies on my machine, or in a database indexed by an identifier stored in a cookie on my machine, or in a database that is indexed in some other way (e.g. by a fingerprint).

Generally, I am saying that statements of principle should avoid discussing specific technologies, or we run the serious risk that people will simply keep their practices and just change the technology.  So, for example, laws about cookies can be circumvented by the use of fingerprints as indexes.

Don't tell me that you are using cookies - they can be quite innocuous. Tell me you're tracking me.  And so on.


On Oct 17, 2012, at 14:30 , Ian.Oliver@nokia.com wrote:

> Furthermore you have to differentiate between cookies for different purposes, for example, advertising tracking, login information, certain kinds of state etc.
> 
> You have a catch-22 situation here, in order to give the user or consumer enough information about - in this case - cookie usage, the UI would become very complicated and the burden of understanding in the consequences and implications of certain cookies being turned on and off would be toˇ high; on the other hand, if you have a simple on/off then the repercussions on some basic functionality of sites would lead to a potentially (massively) degraded and frustrating user experience.
> 
> Does anyone have a reference to the typical amount of type of cookies stored by a "typical" user?
> 
> t.
> 
> Ian
> ________________________________________
> From: ext David Singer [singer@apple.com]
> Sent: 17 October 2012 09:17
> To: Henry Story
> Cc: Melvin Carvalho; Ben Laurie; public-privacy list; public-webid@w3.org
> Subject: Re: privacy definitions -- was: WebID questions
> 
> On Oct 16, 2012, at 20:40 , Henry Story <henry.story@bblfish.net> wrote:
> 
>> 
>> But that is not yet transparency I am looking for. Because you could go to a site and click mistakenly on "accept cookies forever", and you could easily forget about it later. What is
>> needed I was arguing is the ability to be able to see in your URL bar that you are using cookies
>> and be able to switch it off easily. Then you would be made aware constantly of your identity at
>> a site.
> 
> The problem is that many, if not most, sites use cookies, and a warning that is almost always on gets ignored.
> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.


Received on Wednesday, 17 October 2012 07:10:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 17 October 2012 07:10:30 GMT