Re: ISSUE-4 and clarity regarding browser defaults from Tamir Israel on 2012-07-27 (public-tracking@w3.org from July 2012)

From: Tamir Israel <tisrael@cippic.ca>
Date: Fri, 27 Jul 2012 10:43:06 -0400
To: Shane Wiley <wileys@yahoo-inc.com>
CC: David Singer <singer@apple.com>, Mike Zaneis <mike@iab.net>, Jeffrey Chester <jeff@democraticmedia.org>, "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <5012A8FA.5020901@cippic.ca>
Hi Shane,

On 7/27/2012 2:01 AM, Shane Wiley wrote:
>
> David,
>
> I don't believe it's a fair comparison to hold the DNT discussion 
> against a pure technical standard where I agree syntax validity is 
> typically the only factor in acceptance.  The heavy Policy aspect of 
> DNT in this conversation should be taken into consideration when 
> viewing valid vs. invalid signals.
>
> A better comparison would be to look at hardware centric standards 
> where a capability failure alerts a user to the situation and becomes 
> a forcing function for correct marketplace behavior.
>
> For example, if I make an HDMI cable that says it supports the 1.3 
> HDMI standard and when a user connects the cable to a receiver and TV 
> and they both suggest the HDMI cable is not compliant with v1.3 and 
> reject the cable, the user will need to purchase a different cable 
> that is compliant.  The original company that was not compliant will 
> of course be driven to work to update their cable design to bring it 
> back into compliance so people will purchase it.  To think a standard 
> would take the position that makers of receivers and TVs must accept 
> any HDMI cable regardless of standards compliance would make no 
> sense.  And it shouldn't in our case either.
>

The protocol exchange itself here is invalid. My TV does not get to veto 
an HDMI cable because it disapproves of the factory conditions which 
spawned the cable. It simply evaluates the signal being sent by the 
cable and sees that it is facially invalid/incompatible.

The same cannot be said about a DNT-1 signal that looks 100% valid, but 
is being rejected based on the fact some ad networks have decided the 
UA-side settings are not up to par.

> Allowing Servers to message users that their User Agent is invalid 
> (non-compliant) will drive users who care to switch to a different 
> User Agent to express their preferences in a compliant manner.  If the 
> percentage of users leaving the non-compliant User Agent reaches a 
> significant "enough" level, then one would assume the maker of the 
> User Agent would move their product into compliance to remove this 
> reason for user departures.  This is why standards in other contexts 
> have a natural forcing alignment function.  Suggesting that Servers 
> must honor "any DNT signal" -- even from non-compliant UAs -- doesn't 
> allow natural alignment to occur.
>

This is a very one-sided natural alignment. Putting aside the IE10 case 
for the moment, you're essentially letting servers veto any UA they 
don't like based on their own research and assessment.

> With respect to EU considerations, I believe the confusion is that 
> some are suggesting servers not respond to the invalid UA DNT signal.  
> To be clear the goal is to transparently share with the user their 
> User Agent (browser) of choice is non-compliant and to offer them 
> alternatives at that time (if they desire to take them).  User 
> knowledge of the situation is key.
>
> - Shane
>
> *From:*David Singer [mailto:singer@apple.com]
> *Sent:* Thursday, July 26, 2012 3:49 PM
> *To:* Mike Zaneis
> *Cc:* Tamir Israel; Jeffrey Chester; Shane Wiley; Roy T. Fielding; 
> Justin Brookman; public-tracking@w3.org
> *Subject:* Re: ISSUE-4 and clarity regarding browser defaults
>
> Mike
>
> I like it that you state your positions clearly and without 
> dissimulation (perhaps a little strongly, though?), but...
>
> I agree with Tamir: we HAVE decided that user-agents should not enable 
> DNT by default.  We have NOT decided whether sites can ignore a 
> protocol-valid DNT signal because they think it might possibly not, in 
> some cases, reflect the user's true intention.  (Nor have we decided 
> whether user-agents can disbelieve what the sites say, under some 
> circumstances).
>
> Generally, in protocols, the normal practice is that if the protocol 
> exchange itself is valid, but you think it an error for the other end 
> to be doing something, you write software that respects the protocol 
> (after all, you want your implementation to be cleanly compliant, with 
> no questions), and you write letters asking the other company to get 
> into compliance.
>
> Personally, as I have stated, I think the end-points (software) trying 
> to second-guess "did he really mean that?" is highly questionable and 
> a recipe for a downward spiral of measure/counter-measure, and so 
> on. I also feel that we have our work cut out deciding what 
> conformance exchanges entail, without trying to define how end-points 
> behave when faced with (the myriad possibilities of) non-conformant, 
> or suspected non-conformant, behavior
>
> On Jul 26, 2012, at 14:24 , Mike Zaneis <mike@iab.net 
> <mailto:mike@iab.net>> wrote:
>
>
>
> Tamir,
>
> You are simply wrong.  This group has decided that browsers should be 
> shipped with DNT turned off.  Furthermore, we have agreed that 
> browsers shipped with DNT turned on would be non-compliant with the 
> spec (Aleecia has been very public with this position).  Therefore, a 
> company can be compliant with the W3C spec and ignore a signal that 
> they know to have been sent by a default setting.  If read the story, 
> that is the scenario being discussed.
>
> There are many open questions around knowing how a signal was set and 
> what the appropriate actions may be.  Those issues are being worked 
> on, but if we cannot agree on the previous scenario, and industry is 
> going to be attacked post any W3C spec if they operate in this 
> fashion, then I question why we are continuing our work.
>
> Mike Zaneis
>
> SVP & General Counsel
>
> Interactive Advertising Bureau
>
> (202) 253-1466
>
> Follow me on Twitter @mikezaneis
>
> *From:*Tamir Israel [mailto:tisrael@cippic.ca <http://cippic.ca>]
> *Sent:*Thursday, July 26, 2012 5:07 PM
> *To:*Mike Zaneis
> *Cc:*Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin Brookman; 
> public-tracking@w3.org <mailto:public-tracking@w3.org>
> *Subject:*Re: ISSUE-4 and clarity regarding browser defaults
>
> Hi Mike,
>
> As I am sure you are well aware from the multiple times this has been 
> discussed recently, the issue Jeff was referring to is far from closed.
>
> You seem to be conflating two distinct issues, in fact. The one you 
> are referring to, which was, indeed, closed long ago, was whether the 
> specification would/obligate/any form of default setting. The 
> conclusion was that it would not.
>
> The issue Jeff is referring to is one that has been quite contentious 
> and has not yet, to my knowledge, been resolved. This second issue is 
> whether servers will be permitted to simply ignore DNT-1 signals sent 
> by any IE user simply because they do not feel these are an accurate 
> representation of user preference.
>
> As we have all discussed multiple times, these two questions are quite 
> distinct.
>
> Best regards,
> Tamir
>
> On 7/26/2012 4:55 PM, Mike Zaneis wrote:
>
> Jeff,
>
> I hate to revisit an issue that has been closed at least twice before, 
> the first time being way back in September, but you again raised the 
> browser default setting issue and its place in the W3C standards 
> process 
> -http://www.chicagotribune.com/news/tribnation/chi-reporting-privacy-vs-profits-on-internet-browsers-20120726,0,5932169.story.  
> The story is about the W3C TPE Working Group and how Microsoft has 
> decided to ship IE10 with the DNT flag turned on.  I was extremely 
> disappointed to see your quote that industry would face a "bloody 
> virtual and real-world fight" if we did not honor such a default.  
> That flies in the face of your statement from last month (see below to 
> refresh your memory).
>
> I have to question whether you are negotiating at the W3C in good 
> faith.  If the industry is to be attacked and engaged in a bloody 
> fight even if we develop and adopt a W3C standard, then what is the 
> incentive for us to remain at the table?  Can you please clarify your 
> position on this vitally important issue.
>
> Mike Zaneis
>
> SVP & General Counsel
>
> Interactive Advertising Bureau
>
> (202) 253-1466
>
> Follow me on Twitter @mikezaneis
>
> *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org]
> *Sent:*Sunday, June 03, 2012 5:41 PM
> *To:*Shane Wiley
> *Cc:*Roy T. Fielding; Justin Brookman;public-tracking@w3.org 
> <mailto:public-tracking@w3.org>
> *Subject:*Re: ISSUE-4 and clarity regarding browser defaults
>
> I support what the working group agreed to, with DNT not being shipped 
> as on.  That is part of the set of compromises we have agreed to 
> within the working group.  I was surprised as everyone else with 
> Microsoft's announcement.  I was just responding the tone of some of 
> the comments in the press where various industry players suggest that 
> Microsoft is a digital Benedict Arnold.  That said, we need to 
> conclude this work with agreement on definition for policy.  I still 
> believe there is a win-win here that can be achieved.  If we can all 
> agree on meaningful final policy, it will be the norm which everyone 
> should abide.
>
> So to be clear.  I am not trying to undo the agreement and urge us to 
> stay in discussions.
>
> But it sounds like there will be a lot of sleeplessness in Seattle! 
>  Those Microsoft people better lock their doors!
>
> Regards,
>
> Jeff
>
> Jeffrey Chester
>
> Center for Digital Democracy
>
> 1621 Connecticut Ave, NW, Suite 550
>
> Washington, DC 20009
>
> www.democraticmedia.org <http://www.democraticmedia.org/>
>
> www.digitalads.org <http://www.digitalads.org/>
>
> 202-986-2220
>
> On Jun 3, 2012, at 4:44 PM, Shane Wiley wrote:
>
>
>
>
>
> Jeff,
>
> I thought we had solved this issue sometime ago at the beginning of 
> the working group:  opt-in vs. opt-out.  By moving the UA to default 
> to DNT:1 without an explicit user action, you're creating an opt-in 
> world.  I understand you like that end-point, but if you're unwilling 
> to move back to the originally agreed upon opt-out structure, I 
> suspect industry participants may leave the working group.  A pure 
> opt-in outcome will have devastating impact to the online ecosystem, 
> will prompt many to develop overly inclusive opt-in approaches, and 
> ultimately consumers lose after being barraged with a sea of opt-in 
> requests.  I'm saddened by this sudden 180 on this very key 
> perspective but hopefully saner minds will prevail.
>
>
> In my opinion, we need to resolve this fundamentally core issue prior 
> to moving forward on any other issues at the TPWG.  Please let me know 
> if you agree.
>
> Thank you,
>
> Shane
>
> *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org]
> *Sent:*Sunday, June 03, 2012 7:16 AM
> *To:*Roy T. Fielding
> *Cc:*Justin Brookman;public-tracking@w3.org 
> <mailto:public-tracking@w3.org>
> *Subject:*Re: ISSUE-4 and clarity regarding browser defaults
>
> I believe having DNT:1 turned on from the start is appropriate for 
> users.  The industry has created a ubiquitous data collection system 
> by default (which it terms an "ecosystem").  Users have little choice 
> in an online world shaped by immersive and invisible strategies 
> designed to trigger conversion, viral social marketing, lead gen and 
> related data techniques (let alone a person sold to highest bidder on 
> exchanges).  The cross-platform measurement systems being put in 
> place, which mirror the unified marketing platforms, is another 
> example of a world where users have no real choices.   With DNT on 
> from the start,  a user can make more informed decisions about their 
> data collection practices and then decide how to proceed.
>
> Groups such as mine have already taken key issues off the table--such 
> as the need to control first parties.  We believe we can have both 
> monetization and privacy.  But we need to make DNT meaningful--to stop 
> tracking and collection.  I know that the consumer and privacy 
> community is committed to strike the right balance.  I look to the 
> industry leaders in this group to help make DNT a reality.
>
> Jeffrey Chester
>
> Center for Digital Democracy
>
> 1621 Connecticut Ave, NW, Suite 550
>
> Washington, DC 20009
>
> www.democraticmedia.org <http://www.democraticmedia.org/>
>
> www.digitalads.org <http://www.digitalads.org/>
>
> 202-986-2220
>
> On Jun 2, 2012, at 10:45 PM, Roy T. Fielding wrote:
>
>
>
>
>
>
> On Jun 2, 2012, at 6:29 PM, Justin Brookman wrote:
>
>
>
>
>
>
> Roy, this precise issue came up on the weekly call on Wednesday, and 
> Aleecia concluded that there was disagreement among the group on the 
> precise question of whether DNT:1 could be on by default, and that we 
> would discuss the issue in Seattle.
>
> What we talked about was whether a non-specific add-on (AVG) can
>
> set the header field (ISSUE-149) and the impact of conflicting
>
> extensions and configuration (ISSUE-150).
>
>     You can obviously do whatever you like to the document, but I just
>     wanted to point out that the editors seem to disagree with your
>     statement that we have reached consensus on this point.  The
>     minutes from the last call
>     (http://www.w3.org/2012/05/30-dnt-minutes) seem to back up my
>     argument, but perhaps I am confused and misunderstood what was
>     said on Wednesday --- guidance from the chairs on this point would
>     be helpful.  (Also, FWIW, there is also another raised ISSUE-143
>     on whether "activating a tracking preference must require
>     explicit, informed consent from a user" . . .)
>
> I believe 143 is about additional requirements on user awareness
>
> of the new setting when DNT is enabled by an add-on/extension.
>
>
>
>
>
>
> In the meantime, if you or anyone else could shed some light on why 
> DNT:1 on by default would make the standard more challenging to 
> implement, I would very much like to hear substantive arguments about 
> how that would not be workable.
>
> It isn't more challenging to implement.  It just won't be
>
> implemented because it obscures the user's choice.  The essence
>
> of any Recommendation is to encourage deployment of a given
>
> protocol because it is good for everyone to do so, and we already
>
> established that most of industry will deploy DNT if it accurately
>
> reflects an individual user's choice.  We already discussed this
>
> and made a decision. It has not yet been reopened to further
>
> discussion, so I am not going to explain it further.
>
>       Thus far, I have only heard assertions by fiat that we can't
>     discuss the issue and tautological interpretations of the word
>     "preference."  If there are technical reasons by DNT:1 on by
>     default would pose problems, what are they (I'm not saying they
>     don't exist, I just don't know)?
>
> The technical reason is that it wouldn't match the defined
>
> semantics for the field.  That could obviously be fixed by
>
> changing the definition of the field, but since that is one
>
> of the few things we have agreed to already, we have a process
>
> that must be followed to reopen the issue.  Otherwise, we have
>
> no chance of finishing anything.
>
> ....Roy
>
> David Singer
>
> Multimedia and Software Standards, Apple Inc.
>
Received on Friday, 27 July 2012 14:47:24 UTC