RE: Identity providers as first parties

Rigo,

DNT will NEVER trump an out-of-band consent.  The user would simply withdraw from using the service they had provided prior consent to.  If the product would like to offer two levels of service, it can of course do that, but that would be completely outside the scope of DNT.

DNT is not the privacy silver bullet and answer to all privacy issues on the Internet - let's stop trying to push it in that direction.

Thank you,
- Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: Friday, June 15, 2012 1:28 AM
To: public-tracking@w3.org
Cc: Shane Wiley; rob@blaeu.com; Kimon Zorbas; ifette@google.com; Tamir Israel; JC Cannon (Microsoft)
Subject: Re: Identity providers as first parties

Shane, Kimon, 

On Thursday 14 June 2012 16:47:03 Shane Wiley wrote:
> I’ve used a few others and they appears to do the same so I’m
> confused as to what real-world identity provider scenario someone
> is considering where consent wasn’t already obtained?

I confirm that we agreed that the out-of-band agreement will trump 
the DNT:1 signal. We also agreed that the service has to signal this 
to the client. 

I guess, what Rob is trying to achieve is to say, even in this 
context, a service could offer the choice of stopping to track and 
only use information for the login/authentication purpose. This 
could be the meaning of DNT:1 if the Service sends ACK in a 
login/authentication context. If you're looking for medical 
information in a login context, you don't want your login provider 
to spawn that to your insurance. I think this is a very legitimate 
use case. The service could say: "yes, I see your point" and send 
ACK instead of "out-of-band". 

We are just defining switches. People will decide whether they 
switch stuff on or off or provide a switch at all.

Rigo

Received on Friday, 15 June 2012 14:49:31 UTC