W3C home > Mailing lists > Public > public-tracking@w3.org > July 2012

Re: ISSUE-4 and clarity regarding browser defaults

From: Dobbs, Brooks <Brooks.Dobbs@kbmg.com>
Date: Fri, 27 Jul 2012 14:51:50 +0000
To: "Grimmelmann, James" <James.Grimmelmann@nyls.edu>, Shane Wiley <wileys@yahoo-inc.com>
CC: David Singer <singer@apple.com>, Mike Zaneis <mike@iab.net>, Tamir Israel <tisrael@cippic.ca>, Jeffrey Chester <jeff@democraticmedia.org>, "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <2B40EB3A3384EB4CB812241DDDC41D87016BDC@KBMEXMBXPR01.kbm1.loc>
To be clear - it is more than forcing a choice; there is the further
requirement that such choice MUST reflect the user's preference:

-->Key to that notion of expression is that it MUST reflect the user's
preference

Implicit in "preference" is that such preference refers to a user's desire
for recipient servers to process their chosen header in accordance with
the spec (by which I mean both the compliance doc and the recipient side
of the TPE).  If this isn't what preference means, please someone help me
out.

Okay so here comes the obvious questionŠ  How is it possible to have a
preference with respect to a standard that doesn't yet exist, which may
yet vary materially and with such variations having a very material impact
on the user?  

This isn't a hypothetical problem.  Consider yesterday's discussion on
data append.  If it turns out that 1st parties can't use append data with
DNT:1, a major revenue source is turned off for them and they may
foreseeably move to either charging customers or limiting their content
consumption.  This IMHO would be a very large factor in a rational actor
considering his/her preference.

-Brooks


-- 

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
brooks.dobbs@kbmg.com





On 7/27/12 9:30 AM, "Grimmelmann, James" <James.Grimmelmann@nyls.edu>
wrote:

>There is an irony here.  Whether a user agent is compliant depends on
>whether "a tracking preference expression is only transmitted [by the
>user agent] when it reflects a deliberate choice by the user."  If a
>server messages a user that their user agent is noncompliant because it
>sets DNT:1 by default, and the user continues to use the user agent when
>interacting with the server, this takes away much of the argument that
>the user agent is still noncompliant with respect to that user.  At this
>point, the user has been given an explicit statement that their user
>agent is sending DNT:1 and an explanation of what that means, and has
>chosen not to do anything about it.
>
>James
>
>--------------------------------------------------
>James Grimmelmann              Professor of Law
>New York Law School                 (212) 431-2864
>185 West Broadway 
>james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu>
>New York, NY 10013    http://james.grimmelmann.net
>
>On Jul 27, 2012, at 2:01 AM, Shane Wiley wrote:
>
>David,
>
>I donıt believe itıs a fair comparison to hold the DNT discussion against
>a pure technical standard where I agree syntax validity is typically the
>only factor in acceptance.  The heavy Policy aspect of DNT in this
>conversation should be taken into consideration when viewing valid vs.
>invalid signals.
>
>A better comparison would be to look at hardware centric standards where
>a capability failure alerts a user to the situation and becomes a forcing
>function for correct marketplace behavior.
>
>For example, if I make an HDMI cable that says it supports the 1.3 HDMI
>standard and when a user connects the cable to a receiver and TV and they
>both suggest the HDMI cable is not compliant with v1.3 and reject the
>cable, the user will need to purchase a different cable that is
>compliant.  The original company that was not compliant will of course be
>driven to work to update their cable design to bring it back into
>compliance so people will purchase it.  To think a standard would take
>the position that makers of receivers and TVs must accept any HDMI cable
>regardless of standards compliance would make no sense.  And it shouldn't
>in our case either.
>
>Allowing Servers to message users that their User Agent is invalid
>(non-compliant) will drive users who care to switch to a different User
>Agent to express their preferences in a compliant manner.  If the
>percentage of users leaving the non-compliant User Agent reaches a
>significant "enough" level, then one would assume the maker of the User
>Agent would move their product into compliance to remove this reason for
>user departures.  This is why standards in other contexts have a natural
>forcing alignment function.  Suggesting that Servers must honor ³any DNT
>signal² ­ even from non-compliant UAs ­ doesnıt allow natural alignment
>to occur.
>
>With respect to EU considerations, I believe the confusion is that some
>are suggesting servers not respond to the invalid UA DNT signal.  To be
>clear the goal is to transparently share with the user their User Agent
>(browser) of choice is non-compliant and to offer them alternatives at
>that time (if they desire to take them).  User knowledge of the situation
>is key.
>
>- Shane
>
>From: David Singer [mailto:singer@apple.com]
>Sent: Thursday, July 26, 2012 3:49 PM
>To: Mike Zaneis
>Cc: Tamir Israel; Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin
>Brookman; public-tracking@w3.org<mailto:public-tracking@w3.org>
>Subject: Re: ISSUE-4 and clarity regarding browser defaults
>
>Mike
>
>I like it that you state your positions clearly and without dissimulation
>(perhaps a little strongly, though?), butŠ
>
>I agree with Tamir: we HAVE decided that user-agents should not enable
>DNT by default.  We have NOT decided whether sites can ignore a
>protocol-valid DNT signal because they think it might possibly not, in
>some cases, reflect the user's true intention.  (Nor have we decided
>whether user-agents can disbelieve what the sites say, under some
>circumstances).
>
>Generally, in protocols, the normal practice is that if the protocol
>exchange itself is valid, but you think it an error for the other end to
>be doing something, you write software that respects the protocol (after
>all, you want your implementation to be cleanly compliant, with no
>questions), and you write letters asking the other company to get into
>compliance.
>
>Personally, as I have stated, I think the end-points (software) trying to
>second-guess "did he really mean that?" is highly questionable and a
>recipe for a downward spiral of measure/counter-measure, and so on. I
>also feel that we have our work cut out deciding what conformance
>exchanges entail, without trying to define how end-points behave when
>faced with (the myriad possibilities of) non-conformant, or suspected
>non-conformant, behavior
>
>On Jul 26, 2012, at 14:24 , Mike Zaneis
><mike@iab.net<mailto:mike@iab.net>> wrote:
>
>
>Tamir,
>
>You are simply wrong.  This group has decided that browsers should be
>shipped with DNT turned off.  Furthermore, we have agreed that browsers
>shipped with DNT turned on would be non-compliant with the spec (Aleecia
>has been very public with this position).  Therefore, a company can be
>compliant with the W3C spec and ignore a signal that they know to have
>been sent by a default setting.  If read the story, that is the scenario
>being discussed.
>
>There are many open questions around knowing how a signal was set and
>what the appropriate actions may be.  Those issues are being worked on,
>but if we cannot agree on the previous scenario, and industry is going to
>be attacked post any W3C spec if they operate in this fashion, then I
>question why we are continuing our work.
>
>Mike Zaneis
>SVP & General Counsel
>Interactive Advertising Bureau
>(202) 253-1466
>
>Follow me on Twitter @mikezaneis
>
>
>From: Tamir Israel [mailto:tisrael@cippic.ca<http://cippic.ca>]
>Sent: Thursday, July 26, 2012 5:07 PM
>To: Mike Zaneis
>Cc: Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin Brookman;
>public-tracking@w3.org<mailto:public-tracking@w3.org>
>Subject: Re: ISSUE-4 and clarity regarding browser defaults
>
>Hi Mike,
>
>As I am sure you are well aware from the multiple times this has been
>discussed recently, the issue Jeff was referring to is far from closed.
>
>You seem to be conflating two distinct issues, in fact. The one you are
>referring to, which was, indeed, closed long ago, was whether the
>specification would obligateany form of default setting. The conclusion
>was that it would not.
>
>The issue Jeff is referring to is one that has been quite contentious and
>has not yet, to my knowledge, been resolved. This second issue is whether
>servers will be permitted to simply ignore DNT-1 signals sent by any IE
>user simply because they do not feel these are an accurate representation
>of user preference.
>
>As we have all discussed multiple times, these two questions are quite
>distinct.
>
>Best regards,
>Tamir
>
>On 7/26/2012 4:55 PM, Mike Zaneis wrote:
>Jeff,
>
>I hate to revisit an issue that has been closed at least twice before,
>the first time being way back in September, but you again raised the
>browser default setting issue and its place in the W3C standards process
>- 
>http://www.chicagotribune.com/news/tribnation/chi-reporting-privacy-vs-pro
>fits-on-internet-browsers-20120726,0,5932169.story.  The story is about
>the W3C TPE Working Group and how Microsoft has decided to ship IE10 with
>the DNT flag turned on.  I was extremely disappointed to see your quote
>that industry would face a ³bloody virtual and real-world fight² if we
>did not honor such a default.  That flies in the face of your statement
>from last month (see below to refresh your memory).
>
>I have to question whether you are negotiating at the W3C in good faith.
>If the industry is to be attacked and engaged in a bloody fight even if
>we develop and adopt a W3C standard, then what is the incentive for us to
>remain at the table?  Can you please clarify your position on this
>vitally important issue.
>
>Mike Zaneis
>SVP & General Counsel
>Interactive Advertising Bureau
>(202) 253-1466
>
>Follow me on Twitter @mikezaneis
>
>
>From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
>Sent: Sunday, June 03, 2012 5:41 PM
>To: Shane Wiley
>Cc: Roy T. Fielding; Justin Brookman;
>public-tracking@w3.org<mailto:public-tracking@w3.org>
>Subject: Re: ISSUE-4 and clarity regarding browser defaults
>
>I support what the working group agreed to, with DNT not being shipped as
>on.  That is part of the set of compromises we have agreed to within the
>working group.  I was surprised as everyone else with Microsoft's
>announcement.  I was just responding the tone of some of the comments in
>the press where various industry players suggest that Microsoft is a
>digital Benedict Arnold.  That said, we need to conclude this work with
>agreement on definition for policy.  I still believe there is a win-win
>here that can be achieved.  If we can all agree on meaningful final
>policy, it will be the norm which everyone should abide.
>
>So to be clear.  I am not trying to undo the agreement and urge us to
>stay in discussions.
>
>But it sounds like there will be a lot of sleeplessness in Seattle!
>Those Microsoft people better lock their doors!
>
>Regards,
>
>Jeff
>
>
>
>Jeffrey Chester
>Center for Digital Democracy
>1621 Connecticut Ave, NW, Suite 550
>Washington, DC 20009
>www.democraticmedia.org<http://www.democraticmedia.org/>
>www.digitalads.org<http://www.digitalads.org/>
>202-986-2220
>
>On Jun 3, 2012, at 4:44 PM, Shane Wiley wrote:
>
>
>
>
>Jeff,
>
>I thought we had solved this issue sometime ago at the beginning of the
>working group:  opt-in vs. opt-out.  By moving the UA to default to DNT:1
>without an explicit user action, youıre creating an opt-in world.  I
>understand you like that end-point, but if youıre unwilling to move back
>to the originally agreed upon opt-out structure, I suspect industry
>participants may leave the working group.  A pure opt-in outcome will
>have devastating impact to the online ecosystem, will prompt many to
>develop overly inclusive opt-in approaches, and ultimately consumers lose
>after being barraged with a sea of opt-in requests.  Iım saddened by this
>sudden 180 on this very key perspective but hopefully saner minds will
>prevail.
>
>In my opinion, we need to resolve this fundamentally core issue prior to
>moving forward on any other issues at the TPWG.  Please let me know if
>you agree.
>
>Thank you,
>Shane
>
>From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
>Sent: Sunday, June 03, 2012 7:16 AM
>To: Roy T. Fielding
>Cc: Justin Brookman; public-tracking@w3.org<mailto:public-tracking@w3.org>
>Subject: Re: ISSUE-4 and clarity regarding browser defaults
>
>I believe having DNT:1 turned on from the start is appropriate for users.
> The industry has created a ubiquitous data collection system by default
>(which it terms an "ecosystem").  Users have little choice in an online
>world shaped by immersive and invisible strategies designed to trigger
>conversion, viral social marketing, lead gen and related data techniques
>(let alone a person sold to highest bidder on exchanges).  The
>cross-platform measurement systems being put in place, which mirror the
>unified marketing platforms, is another example of a world where users
>have no real choices.   With DNT on from the start,  a user can make more
>informed decisions about their data collection practices and then decide
>how to proceed.
>
>Groups such as mine have already taken key issues off the table--such as
>the need to control first parties.  We believe we can have both
>monetization and privacy.  But we need to make DNT meaningful--to stop
>tracking and collection.  I know that the consumer and privacy community
>is committed to strike the right balance.  I look to the industry leaders
>in this group to help make DNT a reality.
>
>
>Jeffrey Chester
>Center for Digital Democracy
>1621 Connecticut Ave, NW, Suite 550
>Washington, DC 20009
>www.democraticmedia.org<http://www.democraticmedia.org/>
>www.digitalads.org<http://www.digitalads.org/>
>202-986-2220
>
>On Jun 2, 2012, at 10:45 PM, Roy T. Fielding wrote:
>
>
>
>
>
>On Jun 2, 2012, at 6:29 PM, Justin Brookman wrote:
>
>
>
>
>
>Roy, this precise issue came up on the weekly call on Wednesday, and
>Aleecia concluded that there was disagreement among the group on the
>precise question of whether DNT:1 could be on by default, and that we
>would discuss the issue in Seattle.
>
>What we talked about was whether a non-specific add-on (AVG) can
>set the header field (ISSUE-149) and the impact of conflicting
>extensions and configuration (ISSUE-150).
>
>You can obviously do whatever you like to the document, but I just wanted
>to point out that the editors seem to disagree with your statement that
>we have reached consensus on this point.  The minutes from the last call
>(http://www.w3.org/2012/05/30-dnt-minutes) seem to back up my argument,
>but perhaps I am confused and misunderstood what was said on Wednesday
>--- guidance from the chairs on this point would be helpful.  (Also,
>FWIW, there is also another raised ISSUE-143 on whether "activating a
>tracking preference must require explicit, informed consent from a user"
>. . .)
>
>I believe 143 is about additional requirements on user awareness
>of the new setting when DNT is enabled by an add-on/extension.
>
>
>
>
>
>In the meantime, if you or anyone else could shed some light on why DNT:1
>on by default would make the standard more challenging to implement, I
>would very much like to hear substantive arguments about how that would
>not be workable.
>
>It isn't more challenging to implement.  It just won't be
>implemented because it obscures the user's choice.  The essence
>of any Recommendation is to encourage deployment of a given
>protocol because it is good for everyone to do so, and we already
>established that most of industry will deploy DNT if it accurately
>reflects an individual user's choice.  We already discussed this
>and made a decision. It has not yet been reopened to further
>discussion, so I am not going to explain it further.
>
>  Thus far, I have only heard assertions by fiat that we can't discuss
>the issue and tautological interpretations of the word "preference."  If
>there are technical reasons by DNT:1 on by default would pose problems,
>what are they (I'm not saying they don't exist, I just don't know)?
>
>The technical reason is that it wouldn't match the defined
>semantics for the field.  That could obviously be fixed by
>changing the definition of the field, but since that is one
>of the few things we have agreed to already, we have a process
>that must be followed to reopen the issue.  Otherwise, we have
>no chance of finishing anything.
>
>....Roy
>
>
>
>David Singer
>Multimedia and Software Standards, Apple Inc.
>
>
>
Received on Friday, 27 July 2012 14:52:25 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:32 UTC