W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: ISSUE-4 and clarity regarding browser defaults

From: Tamir Israel <tisrael@cippic.ca>
Date: Wed, 20 Jun 2012 23:33:53 -0400
Message-ID: <4FE29621.8080204@cippic.ca>
To: David Singer <singer@apple.com>
CC: Kevin Kiley <kevin.kiley@3pmobile.com>, "public-tracking@w3.org" <public-tracking@w3.org>, "mts-std@schunter.org" <mts-std@schunter.org>, "fielding@gbiv.com" <fielding@gbiv.com>, "rigo@w3.org" <rigo@w3.org>
Hi David,

On 6/19/2012 7:46 PM, David Singer wrote:
> Indeed, we had a compromise here:
>
> * there may be some User Agents that are specifically made and 
> marketed as being privacy-enhancing, and they could indeed have a 
> default (and maybe they use Tor, reduce fingerprinting, and so on)
> * there may be some Sites that are specifically for the purpose of 
> tracking ('TrackMyReading.com') where signing up for the site implies 
> out-of-band permission to track.
>
> General-purpose UAs cannot claim to be the first; and general-purpose 
> sites cannot claim to be the second.  They both need to take extra 
> steps (to allow the user to turn on DNT, or to ask the user for an 
> exception).
>
> This is a balance, and a compromise; if we discard one, we should 
> discard the other.  The text currently in the TPE I believe respects 
> both.  We should probably critique what is actually written...

What restrictions does the current spec place on out of band consent? I 
thought it was largely left to server discretion, so the server might 
accept notice buried in its linked TOU coupled with minimal interaction 
as out-of-band permission regardless of whether 'site.com' is 
self-evidently a tracking site or not.

I personally do not have a problem with implying consent in cases where 
tracking is self-evident from the nature of the service.


Best regards,
Tamir
Received on Thursday, 21 June 2012 03:34:40 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:31 UTC