W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: ISSUE-4 and clarity regarding browser defaults

From: David Singer <singer@apple.com>
Date: Thu, 21 Jun 2012 11:20:54 -0700
Cc: Kevin Kiley <kevin.kiley@3pmobile.com>, "public-tracking@w3.org" <public-tracking@w3.org>, "mts-std@schunter.org" <mts-std@schunter.org>, "fielding@gbiv.com" <fielding@gbiv.com>, "rigo@w3.org" <rigo@w3.org>
Message-id: <D6BCDE62-97D3-4E3A-8274-BE6612E94079@apple.com>
To: Tamir Israel <tisrael@cippic.ca>

On Jun 20, 2012, at 20:33 , Tamir Israel wrote:

> Hi David,
> 
> On 6/19/2012 7:46 PM, David Singer wrote:
>> Indeed, we had a compromise here:
>> 
>> * there may be some User Agents that are specifically made and marketed as being privacy-enhancing, and they could indeed have a default (and maybe they use Tor, reduce fingerprinting, and so on)
>> * there may be some Sites that are specifically for the purpose of tracking ('TrackMyReading.com') where signing up for the site implies out-of-band permission to track.
>> 
>> General-purpose UAs cannot claim to be the first; and general-purpose sites cannot claim to be the second.  They both need to take extra steps (to allow the user to turn on DNT, or to ask the user for an exception).
>> 
>> This is a balance, and a compromise; if we discard one, we should discard the other.  The text currently in the TPE I believe respects both.  We should probably critique what is actually written...
> 
> What restrictions does the current spec place on out of band consent? I thought it was largely left to server discretion, so the server might accept notice buried in its linked TOU coupled with minimal interaction as out-of-band permission regardless of whether 'site.com' is self-evidently a tracking site or not.

We previously had suggested 'distinct, informed, consent' and I was convinced that the concept of 'informed consent' meant that the consent could not be 'bundled' in any significant way, i.e. it would be 'distinct'.  That leaves open a site for which signing-up necessarily means consent - the example I have given is a service TrackMyReading.com that tracks (via their 'Like' button) everything you read, and based on that and what you 'Like' gives you recommendations.  The entire point of being signed-in for such a service is to be tracked.

> I personally do not have a problem with implying consent in cases where tracking is self-evident from the nature of the service.

Exactly, and I think we have general consensus on that.


David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 21 June 2012 18:21:23 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:31 UTC