W3C home > Mailing lists > Public > public-tracking@w3.org > July 2012

Re: ISSUE-4 and clarity regarding browser defaults

From: Tamir Israel <tisrael@cippic.ca>
Date: Thu, 26 Jul 2012 17:54:59 -0400
Message-ID: <5011BCB3.2050503@cippic.ca>
To: Mike Zaneis <mike@iab.net>
CC: Jeffrey Chester <jeff@democraticmedia.org>, Shane Wiley <wileys@yahoo-inc.com>, "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Hi Mike,

Please see my answers inline.

On 7/26/2012 5:24 PM, Mike Zaneis wrote:
>
> Tamir,
>
> You are simply wrong.  This group has decided that browsers should be 
> shipped with DNT turned off.  Furthermore, we have agreed that 
> browsers shipped with DNT turned on would be non-compliant with the 
> spec (Aleecia has been very public with this position).
>
You are correct, a UA shipping with DNT turned on would not be compliant.
>
> Therefore, a company can be compliant with the W3C spec and ignore a 
> signal that they know to have been sent by a default setting.  If read 
> the story, that is the scenario being discussed.
>
It is not at all clear to me that this 'therefore' ensues. As we've 
discussed here multiple times, allowing servers to claim compliance with 
the DNT spec while actively ignoring facially valid 'do not track me' 
signals is problematic for a host of reasons. These include, but are not 
limited to:

* the current spec does not make it clear that servers can claim 
compliance while ignoring facially valid DNT-1 signals;
* allowing for second guessing of facially valid signals leads to 
significant confusion on the part of users, many of whom will be using 
IE10 under the assumption that they are not being tracked;
* at least in some, if not all, jurisdictions servers open themselves up 
to significant potential liability if they ignore such signals, even if 
the browser sending them is non-compliant;
* it is essentially browser sniffing, which sets a bad precedent the 
impact of which far exceeds IE10 implications. It will allow anyone at 
any point of the exchange to basically ignore any signal they don't like 
based on purely subjective factors;
**** to name but a few.

There have been a number of suggestions for resolving some of these (the 
latest, I believe, by Rigo: 
http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0641.html).

I refer you to Issues 143, 149 and 150:
http://www.w3.org/2011/tracking-protection/track/issues/143
http://www.w3.org/2011/tracking-protection/track/issues/149
http://www.w3.org/2011/tracking-protection/track/issues/150

You'll note that none of these directly reopen the question of whether 
the spec should permit browsers to set DNT on by default. Each of them, 
however, attempts to come up with a solution to many of the problems 
that arise when a server tells users that it is 'compliant with the DNT 
spec' but decides to ignore 'do not track' signals the user is sending.

Putting aside for the moment what the outcome of this issue should be, I 
think at the least it remains an open question that still needs to be 
resolved.

Best regards,
Tamir

> There are many open questions around knowing how a signal was set and 
> what the appropriate actions may be.  Those issues are being worked 
> on, but if we cannot agree on the previous scenario, and industry is 
> going to be attacked post any W3C spec if they operate in this 
> fashion, then I question why we are continuing our work.
>
> Mike Zaneis
>
> SVP & General Counsel
>
> Interactive Advertising Bureau
>
> (202) 253-1466
>
> Follow me on Twitter @mikezaneis
>
> *From:*Tamir Israel [mailto:tisrael@cippic.ca]
> *Sent:* Thursday, July 26, 2012 5:07 PM
> *To:* Mike Zaneis
> *Cc:* Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin Brookman; 
> public-tracking@w3.org
> *Subject:* Re: ISSUE-4 and clarity regarding browser defaults
>
> Hi Mike,
>
> As I am sure you are well aware from the multiple times this has been 
> discussed recently, the issue Jeff was referring to is far from closed.
>
> You seem to be conflating two distinct issues, in fact. The one you 
> are referring to, which was, indeed, closed long ago, was whether the 
> specification would /obligate/ any form of default setting. The 
> conclusion was that it would not.
>
> The issue Jeff is referring to is one that has been quite contentious 
> and has not yet, to my knowledge, been resolved. This second issue is 
> whether servers will be permitted to simply ignore DNT-1 signals sent 
> by any IE user simply because they do not feel these are an accurate 
> representation of user preference.
>
> As we have all discussed multiple times, these two questions are quite 
> distinct.
>
> Best regards,
> Tamir
>
> On 7/26/2012 4:55 PM, Mike Zaneis wrote:
>
> Jeff,
>
> I hate to revisit an issue that has been closed at least twice before, 
> the first time being way back in September, but you again raised the 
> browser default setting issue and its place in the W3C standards 
> process - 
> http://www.chicagotribune.com/news/tribnation/chi-reporting-privacy-vs-profits-on-internet-browsers-20120726,0,5932169.story.  
> The story is about the W3C TPE Working Group and how Microsoft has 
> decided to ship IE10 with the DNT flag turned on.  I was extremely 
> disappointed to see your quote that industry would face a "bloody 
> virtual and real-world fight" if we did not honor such a default.  
> That flies in the face of your statement from last month (see below to 
> refresh your memory).
>
> I have to question whether you are negotiating at the W3C in good 
> faith.  If the industry is to be attacked and engaged in a bloody 
> fight even if we develop and adopt a W3C standard, then what is the 
> incentive for us to remain at the table?  Can you please clarify your 
> position on this vitally important issue.
>
> Mike Zaneis
>
> SVP & General Counsel
>
> Interactive Advertising Bureau
>
> (202) 253-1466
>
> Follow me on Twitter @mikezaneis
>
> *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org]
> *Sent:* Sunday, June 03, 2012 5:41 PM
> *To:* Shane Wiley
> *Cc:* Roy T. Fielding; Justin Brookman; public-tracking@w3.org 
> <mailto:public-tracking@w3.org>
> *Subject:* Re: ISSUE-4 and clarity regarding browser defaults
>
> I support what the working group agreed to, with DNT not being shipped 
> as on.  That is part of the set of compromises we have agreed to 
> within the working group.  I was surprised as everyone else with 
> Microsoft's announcement.  I was just responding the tone of some of 
> the comments in the press where various industry players suggest that 
> Microsoft is a digital Benedict Arnold.  That said, we need to 
> conclude this work with agreement on definition for policy.  I still 
> believe there is a win-win here that can be achieved.  If we can all 
> agree on meaningful final policy, it will be the norm which everyone 
> should abide.
>
> So to be clear.  I am not trying to undo the agreement and urge us to 
> stay in discussions.
>
> But it sounds like there will be a lot of sleeplessness in Seattle! 
>  Those Microsoft people better lock their doors!
>
> Regards,
>
> Jeff
>
> Jeffrey Chester
>
> Center for Digital Democracy
>
> 1621 Connecticut Ave, NW, Suite 550
>
> Washington, DC 20009
>
> www.democraticmedia.org <http://www.democraticmedia.org>
>
> www.digitalads.org <http://www.digitalads.org>
>
> 202-986-2220
>
> On Jun 3, 2012, at 4:44 PM, Shane Wiley wrote:
>
>
>
>
> Jeff,
>
> I thought we had solved this issue sometime ago at the beginning of 
> the working group:  opt-in vs. opt-out.  By moving the UA to default 
> to DNT:1 without an explicit user action, you're creating an opt-in 
> world.  I understand you like that end-point, but if you're unwilling 
> to move back to the originally agreed upon opt-out structure, I 
> suspect industry participants may leave the working group.  A pure 
> opt-in outcome will have devastating impact to the online ecosystem, 
> will prompt many to develop overly inclusive opt-in approaches, and 
> ultimately consumers lose after being barraged with a sea of opt-in 
> requests.  I'm saddened by this sudden 180 on this very key 
> perspective but hopefully saner minds will prevail.
>
>
> In my opinion, we need to resolve this fundamentally core issue prior 
> to moving forward on any other issues at the TPWG.  Please let me know 
> if you agree.
>
> Thank you,
>
> Shane
>
> *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org]
> *Sent:*Sunday, June 03, 2012 7:16 AM
> *To:*Roy T. Fielding
> *Cc:*Justin Brookman;public-tracking@w3.org 
> <mailto:public-tracking@w3.org>
> *Subject:*Re: ISSUE-4 and clarity regarding browser defaults
>
> I believe having DNT:1 turned on from the start is appropriate for 
> users.  The industry has created a ubiquitous data collection system 
> by default (which it terms an "ecosystem").  Users have little choice 
> in an online world shaped by immersive and invisible strategies 
> designed to trigger conversion, viral social marketing, lead gen and 
> related data techniques (let alone a person sold to highest bidder on 
> exchanges).  The cross-platform measurement systems being put in 
> place, which mirror the unified marketing platforms, is another 
> example of a world where users have no real choices.   With DNT on 
> from the start,  a user can make more informed decisions about their 
> data collection practices and then decide how to proceed.
>
> Groups such as mine have already taken key issues off the table--such 
> as the need to control first parties.  We believe we can have both 
> monetization and privacy.  But we need to make DNT meaningful--to stop 
> tracking and collection.  I know that the consumer and privacy 
> community is committed to strike the right balance.  I look to the 
> industry leaders in this group to help make DNT a reality.
>
> Jeffrey Chester
>
> Center for Digital Democracy
>
> 1621 Connecticut Ave, NW, Suite 550
>
> Washington, DC 20009
>
> www.democraticmedia.org <http://www.democraticmedia.org>
>
> www.digitalads.org <http://www.digitalads.org>
>
> 202-986-2220
>
> On Jun 2, 2012, at 10:45 PM, Roy T. Fielding wrote:
>
>
>
>
>
> On Jun 2, 2012, at 6:29 PM, Justin Brookman wrote:
>
>
>
>
>
> Roy, this precise issue came up on the weekly call on Wednesday, and 
> Aleecia concluded that there was disagreement among the group on the 
> precise question of whether DNT:1 could be on by default, and that we 
> would discuss the issue in Seattle.
>
> What we talked about was whether a non-specific add-on (AVG) can
>
> set the header field (ISSUE-149) and the impact of conflicting
>
> extensions and configuration (ISSUE-150).
>
>     You can obviously do whatever you like to the document, but I just
>     wanted to point out that the editors seem to disagree with your
>     statement that we have reached consensus on this point.  The
>     minutes from the last call
>     (http://www.w3.org/2012/05/30-dnt-minutes) seem to back up my
>     argument, but perhaps I am confused and misunderstood what was
>     said on Wednesday --- guidance from the chairs on this point would
>     be helpful.  (Also, FWIW, there is also another raised ISSUE-143
>     on whether "activating a tracking preference must require
>     explicit, informed consent from a user" . . .)
>
> I believe 143 is about additional requirements on user awareness
>
> of the new setting when DNT is enabled by an add-on/extension.
>
>
>
>
>
> In the meantime, if you or anyone else could shed some light on why 
> DNT:1 on by default would make the standard more challenging to 
> implement, I would very much like to hear substantive arguments about 
> how that would not be workable.
>
> It isn't more challenging to implement.  It just won't be
>
> implemented because it obscures the user's choice.  The essence
>
> of any Recommendation is to encourage deployment of a given
>
> protocol because it is good for everyone to do so, and we already
>
> established that most of industry will deploy DNT if it accurately
>
> reflects an individual user's choice.  We already discussed this
>
> and made a decision. It has not yet been reopened to further
>
> discussion, so I am not going to explain it further.
>
>       Thus far, I have only heard assertions by fiat that we can't
>     discuss the issue and tautological interpretations of the word
>     "preference."  If there are technical reasons by DNT:1 on by
>     default would pose problems, what are they (I'm not saying they
>     don't exist, I just don't know)?
>
> The technical reason is that it wouldn't match the defined
>
> semantics for the field.  That could obviously be fixed by
>
> changing the definition of the field, but since that is one
>
> of the few things we have agreed to already, we have a process
>
> that must be followed to reopen the issue.  Otherwise, we have
>
> no chance of finishing anything.
>
> ....Roy
>
Received on Thursday, 26 July 2012 21:56:03 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:32 UTC