- From: David Singer <singer@apple.com>
- Date: Wed, 14 Dec 2011 14:21:44 -0800
- To: Shane Wiley <wileys@yahoo-inc.com>
- Cc: Karl Dubost <karld@opera.com>, Jeffrey Chester <jeff@democraticmedia.org>, "public-tracking@w3.org" <public-tracking@w3.org>
I wonder whether it's useful here also to distinguish between data that is present in the (HTTP) transaction, and remembered data about the user, and other world knowledge? As a strawman, how is it if we say that DNT:1 means that you put a firewall between this transaction and your stored data about this user (actually, users in general, since with the firewall there you don't know which user it is)? There is no firewall between what the user tells you in this transaction, and world knowledge. So, it's OK to work out "this guy is in San Francisco!" based on the IP address. It is not OK to record "this guys was in San Francisco on Wednesday" in the database. And it's not OK to notice "he was in London only two days ago". The first adds to the database, the second reads from it. They are 'tracking my movements'. (Since I can and will tell the 1st party more than 3rd parties, there is also a firewall between the 1st and 3rd parties in terms of data passing, but that's out of scope). This correlates with the discussion this morning: if I have agreed with an ad network that they will caption all my video ads, and they set a cookie to remember "I am a caption-needing user", then if that cookie is supplied in a transaction with DNT:1 set, it's OK (maybe even expected) to still caption video ads. (The user can turn off cookies for 3rd-party sites independently, logically). David Singer Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 14 December 2011 22:22:51 UTC