W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

ISSUE-129: What are the concerns/issues with blanked exceptions

From: Matthias Schunter <mts-std@schunter.org>
Date: Wed, 28 Mar 2012 20:13:51 +0200
Message-ID: <4F7354DF.9030904@schunter.org>
To: "public-tracking@w3.org" <public-tracking@w3.org>
Hi!

I'd like to explore what privacy/transparency issues are triggered by the
current proposal of having blanket exceptions. This will be the first
step towards
addressing them....

Privacy Ccncerns on my radar are:
- Lack of transparency: How can an individual find out what third
parties are actually used?
- Lack of control: A large number of potentially unknown or undesired
third parties
    being able to track (or otherwise collect data) about an individual.
- Risk of data breach: By allowing large ranges of unknown third parties
to collect data,
    the risk of data breaches is higher.

I also see the points that speak for blanket exceptions:
- Usability: Granting exceptions to 100 potentially used third parties
(or more) is not useful.
    [Scenario: Publisher asks for exemption for the huge number of third
parties that might be used]
- Usability: Having an individual exception call for each of the 30
actual third parties
    [Scenario: Each third party asks on its own]
- Cost of implementation: The current proposal allows a site to operate
without
    major changes once a user has granted a blanket exception

I currently do not see a viable way how to address these privacy
concerns given today's ecosystems:
Even if a site knows all its _potentially used_ third parties,
exceptions for such lists will be hard to manage.


Feel free to respond with more concerns (that I've overlooked) or
alternative solutions how to resolve the privacy concerns (while
maintaining some usability).

Regards,

matthias
Received on Wednesday, 28 March 2012 18:14:18 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC