W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

RE: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)

From: JC Cannon <jccannon@microsoft.com>
Date: Mon, 13 Feb 2012 18:56:32 +0000
To: "Roy T. Fielding" <fielding@gbiv.com>, Jonathan Mayer <jmayer@stanford.edu>
CC: Matthias Schunter <mts@zurich.ibm.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <DB4282D9ADFE2A4EA9D1C0FB54BC3BD76E4D1512@TK5EX14MBXC139.redmond.corp.microsoft.com>
I believe we also agreed that DNT is focusing on third-party, cross-site tracking. So when DNT:1 is sent websites should not, process, pass-on or unduly retain data. Is there something else?

JC

-----Original Message-----
From: Roy T. Fielding [mailto:fielding@gbiv.com] 
Sent: Friday, February 10, 2012 2:23 PM
To: Jonathan Mayer
Cc: Matthias Schunter; public-tracking@w3.org
Subject: Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49)

On Feb 10, 2012, at 12:05 PM, Jonathan Mayer wrote:

> Matthias,
> 
> I am not willing to kick the can down the road.  As I explained in an earlier email, I see scant reason to believe businesses will suddenly begin to develop or adopt privacy-preserving technologies.  I am operating under the assumption that the DNT specification will be the final say on web tracking for years to come.
> 
> As for this notion of "good actors" and "bad actors" I've seen tossed around recently, I think it unhelpfully blurs two separate ideas.  First, what does Do Not Track do to totally malicious websites?  The answer is nothing-for them, it's the evil bit.  But, thankfully, the overwhelmingly majority of large third parties are legitimate commercial enterprises within the reach of the law.  By my last tally, in fact, around half are headquartered right here in the Bay Area.
> 
> The second idea is: What does Do Not Track do to websites that, as a matter of policy, attempt to respect the standard?  If your concerns include any combination of (unintentional conduct/malicious employee/hacking/government mandate) + (use/sharing/public disclosure) + (physical harm/economic harm/reputational harm/emotional harm), then you'll believe (as I do) that the standard should impose constraints on these websites.

Yes, it should impose constraints.  Those are all concerns on retention.
That's why we've been talking about potential ways that DNT could impose
constraints on retention and use.  Constraints, BTW, that do not exist today
and are therefore beneficial to privacy.

Collection, as you defined it, is not a tracking issue because nobody tracks
based on single points in time.  They track based on past points in time being
connected to this point in time.

It is only when the information is retained over time that it becomes vulnerable
to the types of inspection, curiosity, and mishandling disclosure to which you
refer above.  Perhaps if we focused on the problems at hand, we could devise
reasonable solutions to address those problems directly instead of arguing about
alternatives to cookies.

....Roy
Received on Monday, 13 February 2012 18:57:53 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC