W3C home > Mailing lists > Public > public-tracking-comments@w3.org > August 2015

Re: Turn Inc.'s TPE Last Call Comments

From: Nick Doty <npdoty@w3.org>
Date: Wed, 12 Aug 2015 00:36:16 -0700
Cc: "public-tracking-comments@w3.org" <public-tracking-comments@w3.org>
Message-Id: <CBF08E75-54FF-4D05-84E7-736E13716664@w3.org>
To: Max Ochoa <Max.Ochoa@turn.com>
Mr. Ochoa,

Thank you for your comments (last June) on the Tracking Preference Expression Last Call Working Draft.

We have previously responded to some of those comments; please see:
https://lists.w3.org/Archives/Public/public-tracking-comments/2015Jun/0008.html

While your lengthy and considered response does not raise new issues for the group to consider before moving TPE to Candidate Recommendation, we appreciate your organization's concerns about the work of the Tracking Protection Working Group.

The group has previously deliberated at length whether and how to distinguish among first parties and third parties, and whether to place limits on unique, pseudonymous identifiers; you do not offer new information to justify reopening those issues.

Competition issues are outside the purview of the W3C, but your concern about an exception for first party data is mistaken. The definition of tracking applies to all cross-context data collection and usage, and the group has determined that the use of data previously collected as a first party to target ads in a new context is not consistent with a Do Not Track request.  Similarly, collection of data from widgets distributed around the web are defined as cross-context data collection in the specification, and thus are subject to DNT:1 requests. We hope this clarification addresses your concerns.

Section 4 of the TPE provides requirements for user agents in ensuring that signals reflect the preference of the user.  Additional requirements were suggested during the Last Call process; however, a proposal to include information about DNT-setting party within the DNT signal was rejected by the Working Group.  You do not propose any other alternative approach.

Conflicts with other privacy controls are addressed in the separate TCS document. If you have a specific proposal to revise that language, please submit Last Call comments on that document. The Tracking Compliance and Scope Last Call Working Draft, including instructions for submitting Last Call comments, is available here: http://www.w3.org/TR/tracking-compliance/

Caching of tracking status resources is described in detail in Section 6.4.4: http://www.w3.org/TR/tracking-dnt/#status-caching
Servers which use the interactive "U" response value, as described in Section 6.3.3, would send it as a response header value only when the server knows the operation is changing, for example, in a preference manager portion of a site. Tracking status values are not intended to be exposed directly to the end user; Section 6.7 lists some ways that values may be used by user agents:
http://www.w3.org/TR/tracking-dnt/#using-tracking-status

While a server may use, for example, the dynamic tracking status value to indicate tracking values that may differ depending on the server-to-server communication, the TPE was also updated to explicitly address the issue of gateway or other server-to-server use cases. For more info, see:
http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-G
https://www.w3.org/2011/tracking-protection/track/issues/262
https://lists.w3.org/Archives/Public/public-tracking/2014Dec/0013.html

In order to be fully conformant with this specification, user agents are required to implement the exception mechanism.

While the Working Group has discussed alternative mechanisms for communicating a Do Not Track preference, sending headers in HTTP requests has been pursued because it allows for easy user control and communication of preferences, which may change, to to all mechanisms that might perform or initiate tracking.

The charter of the Tracking Protection Working Group defines success criteria for the group's work:
http://www.w3.org/2011/tracking-protection/charter
In particular, success depends upon completion of Recommendation-track specifications and adoption of those specifications. Related, and specific to the TPE, the TPWG will collect information on implementations of the specification as part of testing during the Candidate Recommendation phase.

Collection of data about DNT adoption does not necessarily violate this standard. Such data could be collected and reported on a deidentified basis.

Please let us know whether these explanations resolve your concerns.

Thanks,
Nick Doty, W3C
(for Tracking Protection Working Group Co-Chairs: Carl, Justin and Matthias)

Received on Wednesday, 12 August 2015 07:36:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 12 August 2015 07:36:31 UTC