W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

From: Rigo Wenning <rigo@w3.org>
Date: Sun, 01 Apr 2012 20:44:41 +0200
To: public-tracking@w3.org
Cc: JC Cannon <jccannon@microsoft.com>, Shane Wiley <wileys@yahoo-inc.com>, David Singer <singer@apple.com>
Message-ID: <2768206.VpHcuMVz64@hegel.sophia.w3.org>

On Wednesday 28 March 2012 15:30:20 JC Cannon wrote:
> I'm more inclined to agree with Shane here. I always want to vote on the
> side of greater flexibility for the consumer.

unfortunately, our agreement from 3 weeks ago is gone. 

I think what David Singer and I are saying is that if some spurious "out of 
band agreement", for whatever that means, trumps the DNT header totally and 
without distinction, then we are mainly back to blocking tools, private mode, 
cookie deletion etc as the only meaningful defense.  

Shane's text does not define "out of band agreement" This can mean whatever, 
especially in a common law context. You've sent me a get request earlier. By 
sending, you agreed to our general conditions that contain a tracking 
agreement in clause 143. 

I gave a use case in 

Shane's text simply ignores that attacking scenario. I find this a bit weak. I 
found your idea good I can understand that Shane doesn't want to implement yet 
another distinction. I am convinced that we must address this scenario to 
prevent a higher degree of blocking tools. If any weak "out-of-band" kills the 
efficiency of DNT, than DNT itself gets too weak. I don't think even Shane 
wants that to happen. 

One possibility is to define "logged-in" in a much more narrow way. E.g. there 
is a lot of parallel to location based services here. And there, the Directive 
2002/58EC requires that the terminal MUST show if the location system is 
active. Being logged in is something similar here, I think..


Received on Sunday, 1 April 2012 18:45:11 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:47 UTC