W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

From: David Singer <singer@apple.com>
Date: Wed, 28 Mar 2012 16:35:10 -0700
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <08107C44-71E5-4FEA-AAE9-22B7893B9C1D@apple.com>
To: John Simpson <john@consumerwatchdog.org>

On Mar 28, 2012, at 16:22 , John Simpson wrote:

> David,
> 
> I'm trying to understand what your suggesting.  Is this essentially  the scenario you have in mind:  When I register for a service and login I would be presented with a series of choices of how the site's widgets would interact with me when I'm off the site.  If one explicit preference was track me, then that would be OK if I had checked it.  Another option might be JC's goal of show me my friends' likes, but don't show them mine.  I suppose another could be Do Not Track me unless I explicitly interact with the widget...  Is the sort of scenario you have in mind?

Yes, that's it. I think we need to consider whether this choice needs to be separately offered to the user, not set for everyone by the service and bundled into the overall policy.

> 
> Thanks,
> John
> 
> 
> On Mar 28, 2012, at 3:51 PM, David Singer wrote:
> 
>> There are several levels to disconnecting yourself from a service:
>> 
>> 1 logout;
>> 2 uncheck the 'remember me' so that your identity is no longer remembered;
>> 3 delete cookies etc. just in case there is a lingering cookie that still remembers you;
>> [4 start using TOR :-(]
>> [5 go off-the-net :-(]
>> 
>> I actually have experimented with myself, trying to do up to (1), (2) or (3), and I found it a pain in the neck. So, as Shane says, let's focus on 'consent'.
>> 
>> The model I am exploring is saying that the consent to being tracked when logged-in or remembered needs to be a distinct, separate, choice for the user - which, as you say, gives the user more flexibility.  In this model, that consent cannot be simply "well, you agreed to our policy and here it is on page 8", because that's (a) hard to find for most users and (b) IMHO, insufficiently granular; it basically says you have to stop using the service if you don't want 'social buttons' to track you, which is harsh (and for many users, not a meaningful choice).
>> 
>> As I say, I am not terribly keen on the rather subtle option "yes, you can know who I am and tell me about my friends, but no, you cannot track what I am doing (and hence, not tell my friends about it)" -- I fear it's rather subtle, but it seems to be what JC prefers. I don't see a problem with offering it as an option such as "Identify me and tell me relevant info, but don't record anything about me".
>> 
>> so, here is a strawman:
>> 
>> “User registration and login often are bundled with a set of preferences for the user.  If a preference directly address interactions with users off of the 1st parties direct web site, such as through Widgets or other interactions with a user in a logged-in or 'remembered' state, in an open and transparent manner, then this is considered an out-of-band user consent and DNT requests may be met with a response that consent has been given, and tracking to the extent expressed by the preference performed.”
>> 
>> On Mar 28, 2012, at 8:30 , JC Cannon wrote:
>> 
>>> I’m more inclined to agree with Shane here. I always want to vote on the side of greater flexibility for the consumer.
>>> 
>>> David, by following your model I would have to click on the Like button to determine if my friends Liked an article, at the same time permitting FB to track me, which is what I don’t want. Show me how in your model I can have the level of flexibility and privacy I describe.
>>> 
>>> JC
>>> 
>>> From: Shane Wiley [mailto:wileys@yahoo-inc.com] 
>>> Sent: Tuesday, March 27, 2012 7:52 PM
>>> To: David Singer; public-tracking@w3.org (public-tracking@w3.org)
>>> Subject: RE: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>> 
>>> David,
>>> 
>>> I disagree that asking users to manage their logged-in state is a non-starter.  What leads you to that conclusion?  Facebook charges $700K/day to post an ad on their logout page.  J  (I hope I’ve quoted that from recent press articles correctly.)
>>> 
>>> But I believe that’s a red herring for this discussion and would instead focus on the “consent” element.
>>> 
>>> First, I didn’t intend to state that UAs won’t continue to send DNT:1 for a logged-in user, I’m stating that if its sent and the party has out-of-band consent from the user for tracking in that circumstance that the DNT signal will be ignored.  Also, why are we discussing cookies here?
>>> 
>>> Second, on the concepts of bundling and product features, while I agree that “open and transparent” notices are best practice, I don’t believe it’s appropriate for this group to attempt to set standards of acceptable consent paradigms that will vary significantly based on situation.  As we’ve discussed on similar topics, it’s more appropriate to allow local legal structures to continue to manage the required level of disclosure.  For example, in the US we have the Sears Consent Order to draw upon. 
>>> 
>>> I’d ask that we focus on the core issues with DNT and resist the temptation to solve the broader set of online privacy debates in one pass.
>>> 
>>> Thank you,
>>> - Shane
>>> 
>>> From: David Singer [mailto:singer@apple.com] 
>>> Sent: Tuesday, March 27, 2012 7:50 PM
>>> To: public-tracking@w3.org (public-tracking@w3.org)
>>> Subject: Re: ACTION-152 - Write up logged-in-means-out-of-band-consent
>>> 
>>> 
>>> On Mar 27, 2012, at 5:54 , Shane Wiley wrote:
>>> 
>>> 
>>> Per my action item from last week, here is a position statement with respect to setting new business rules for “logged-in users” with respect to personalization off of the 1st party site and DNT.
>>> 
>>> “User registration and login often are bundled with a set of sign-up flow notices, Terms of Service, and Privacy Policy by which a 1st party will operate.  If these notices directly address interactions with users off of the 1st parties direct web site, such as through Widgets or other interactions with a user in a logged-in state, in an open and transparent manner, then this is considered an out-of-band user consent and DNT signals will be ignored.”
>>> 
>>> Shane
>>> 
>>> I don't think we can tell users "if you want privacy, remember to log out all the time".  That's a non-starter. So I agree, a general "logged-in exception" doesn't fly, for me.
>>> 
>>> Nor do I think we can tell UAs "don't send cookies with DNT:1" because then trivial things will stop working (e.g. a cookie that selected the language or size of the 'like' button itself).  Sites will have to expect to get DNT and cookies, and we need to say what that means if the cookies are actually identifying the user.
>>> 
>>> 
>>> I think the text needs to be more explicit, and say that permitting the site to track the user has to be a distinct choice, not 'bundled' with any other (e.g. a check-box in the preferences).  Otherwise I fear that sites will say that merely by signing up you made that choice.  I would prefer it not even be a choice, I think, but I am open to debate.
>>> 
>>> Otherwise, what Jonathan has said holds - that if you set DNT, and not the preference (if any), then you'll need to interact directly with the third party before they will recognize you and track you. I don't think it's too bad; click on the button, and now it can track you, for example.
>>> 
>>> Treating me as someone you know, but about whom you *remember* nothing, is intriguing but (IMHO) excessively subtle.
>>> 
>>> 
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
> 
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 1750 Ocean Park Blvd. ,Suite 200
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
> 

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 28 March 2012 23:35:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC