RE: Agenda for 07 November 2012 call - V01

> From: mike@iab.net
> ...
> Subject: Re: Agenda for 07 November 2012 call  - V01
> 





> Fred,
> 


> Thanks for being honest regarding your personal agenda here. To better understand, can you expand on this threat:

> "for example advertising measurements that depend on covert monitoring of the UA will go dark soon."

One option being considered by the PUA CG to protect user privacy would allow JS to execute but with restrictions, or user controls, on the sharing of defined private UA state to the web.  This is expected to still block covert monitoring of advertisement placement and skimming of DOM content to detect the context etc - but may allow rich advertising to be delivered, and could be much better than a UA with JS disabled!  For more information please see: http://www.w3.org/community/pua/wiki/Draft

I am not anti-advertising, and have already given it some thought in the draft proposal, see the above link, in particular the 'shared context' which might suit scripts delivering advertising.    However, covert and invasive UA monitoring does not seem compatible with user privacy expectations in my humble opinion, sorry, and obviously users could choose to opt in or out of restrictions so you are welcome to negotiate terms with users that include some form of verification.

The proposed PUA CG restrictions may impact DNT in the area of 'collection' - something the group does not appear to have been specific about yet.  I would also like to see an effective DNT proposal because if users are concerned about being tracked then they will still not likely enable advertising, even with technological restrictions on collection at the UA!
 


> Are you saying it is your intention to offer tools that would effectively shut down web Analytics across the Internet?

Until a major browser vendor adopts the changes, at least as an option for users, then yes I am prepared to publish a browser fork that enhances security of user private state.

Most browsers already include support for disabling JS and many support extensions to control tracking by web Analytics.   The PUA extensions would allow JS to run with some extra security protections, so it's not all negative.

Look at the positives: combined with a functional DNT proposal, you might be able to convince more users to allow advertising.

I am open to opt-in user choice, and would be keen to be made aware of impacted services, but services depending on *covert* sharing of UA state may not be compatible with the goals of the PUA CG.  You are welcome to join the PUA CG or to email technical concerns to the public-pua mailing list.  For meta issues there are other lists more appropriate.

> I'm also curious about this earlier statement:
> 


> "A
 UA will
 likely want an interface with user trusted third party curated ratings of websites, and will want to
 give users other options such as 'don't even touch this website' or 'this website works fine without this
 tracker, don't believe their marketing crap' etc and they are not going to get this from the website itself,
 now are they?"

Sorry, these comments were a little sarcastic - it's frustrating that the privacy needs of users seem not to be represented in decisions.  Please, let me try again:

Please consider the state of the art in browser extensions for controlling tracking.  You will see that they use curated lists of sites to block, often with an independent opinion on the sites, and some extensions even allow specific proxy scripts to be inserted to keep pages working.  It is not realistic to believe that a website requesting users to add exclusions would offer this range of options to the user, or that users would trust the sites statements, and defining DNT to operate in a manner that frustrates such browser extensions may not be productive for users concerned about being tracked.

Before allowing their UA to enable a 3rd party resource, users do not have to put all their trust in a first party websites representation, and they can use other sources of information to make an informed decision.  The proposed DNT exception API appears designed to channel users into trusting the 1st party websites representation, which is a step backwards from the current state of the art.

It should be mediated via the UA in my option, and this would support the development of UA tools to better inform and protect users.

> Is
 this a product that you intend to sell or offer to the public?  Do you have a business interest in such products or services?

My work on the PUA CG is all open, public, and free.  Do I need to give up any more of my rights to comment here?

cheers
Fred

Received on Tuesday, 6 November 2012 06:45:05 UTC