W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 7 Feb 2012 18:29:45 -0800
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <B58CCDB5-92AB-4D86-B7AD-6DD110DDDC9C@gbiv.com>
To: Jonathan Mayer <jmayer@stanford.edu>
On Feb 6, 2012, at 5:56 PM, Jonathan Mayer wrote:

> In the interest of keeping things readable, here's a consolidation of issues on the thread and my responses.

...

> 7) Where's the privacy problem if we prevent profiling?
> 
> Shane:
>> [W]hat are the counter arguments . . . for allowing the already stated exceptions?  Especially since none of these allow the profiling (tracking) of a user's activities into a profile for use to alter the user's experience.
> 
> Roy:
>> I am not following the part where it is assumed server-side frequency capping cannot be done while preserving privacy. If we are assuming that the server is a good actor, then there should be ways to store the data such that it is no more of a privacy concern than using the network.
> 
> I believe a third party's collection of a user's browsing history across unrelated websites poses serious privacy risks to users.  From the group's conversations, it's clear that I'm far from alone in that assessment.

You defined collection as merely receiving the information.  The user is
sending the information across the network.  Therefore, the third party
will collect it regardless of our protocol.  Retention, however, can be
limited in such a way that the user's browsing history cannot be discovered
from the data retained for frequency capping.  Is that sufficient?  If not, why?

....Roy
Received on Wednesday, 8 February 2012 02:33:07 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:44 UTC