Re: definition of (cross-site) tracking from Bjoern Hoehrmann on 2012-01-12 (public-tracking@w3.org from January 2012)

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 13 Jan 2012 00:48:30 +0100
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Tom Lowenthal <tom@mozilla.com>, public-tracking@w3.org
Message-ID: <3ipug754q6ionutaogfpe2ohj3idr4hhkq@hive.bjoern.hoehrmann.de>

* Roy T. Fielding wrote:
>As I said, and we have discussed before, the reason for that is simply because
>the input documents redefined or limited the scope of the single word "tracking"
>to mean tracking from same-branded set of sites to some other-branded set of
>sites (i.e., cross-site tracking).  The reason for that is because content
>providers will not implement DNT (or at least will require opt-back-in before
>site usage) if the scope of DNT includes first-party data collection for the
>sake of web analytics or personalized customer experience.  Non-shared
>tracking data and non-shared data collection is so central to how commercial
>websites operate that they simply won't turn it off.  That is why attempts
>to limit or marginalize Cookies failed in 1995-98.

There is a difference between Amazon storing on their servers that you
loaded product page A and then product page B and then telling you the
product sites you have recently visited, and a site probing your system
for all the fonts you have installed to covertly re-identify you even
though you changed browsers, cleared all cookies, switched IP addresses,
and so on.

If the user indicated they do not want to be tracked, and a site does
the latter, then that is very clearly not in keeping with the wishes of
the user. The Working Group might decide that this distinction between
kinds and degrees of first-party tracking is out of scope of its work,
but the argument for doing so can't be that all first party tracking is
the same and limiting first party tracking in any way would result in
failure.

If, for instance, the Working Group decides to say, if you attempt to
re-identify users based on the fonts they have installed on their system
then you do not comply with the group's specifications, then I do not
think that would cause many, if any, sites to ignore "dnt" completely,
even though such a restriction would rule out limiting the mechanism to
"cross-site tracking". It would be helpful if you could explain how you
see "dnt" in the context of unusual and intrusive first-party behavior
like re-identification through installed fonts.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

Received on Thursday, 12 January 2012 23:55:43 UTC