W3C home > Mailing lists > Public > public-tracking@w3.org > November 2012

Re: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal

From: イアンフェッティ <ifette@google.com>
Date: Tue, 13 Nov 2012 20:23:33 -0800
Message-ID: <CAF4kx8cg-KMG0oMJj0=Sf8R4qegK6ebhLcvw19DXQpTfwf032Q@mail.gmail.com>
To: Justin Brookman <justin@cdt.org>
Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
I have to say that this has been one of my favorite emails this week w.r.t.
the Thundercats t-shirt. That said, being serious for a moment, I think
part of it is that we still haven't settled on what the thing should be
called. It's currently DNT but I believe we agreed that it was a
placeholder and would re-visit the name once we had figured out what we
managed to actually build.

Saying "Click here to turn on Do Not Track" is a lot like saying "Click
here to get a free pony and see puppies." It sounds great and I can't
imagine why any user wouldn't say "yes" given the text. The problem is that
the user isn't really getting ponies, puppies, or a world in which their
web browsing behaviour is magically kept private by re-inventing the way
the Internet works. Even if we applied DNT to all first parties as well,
there's still exceptions such as security, financial reporting etc that
will result in their browsing history being kept by third parties, which is
probably not what I would expect if you told me that I was "not being
tracked."

I don't think it's unreasonable to ask that if websites are being told "the
user has a preference for X" that we at least do some diligence to explore
ways to make sure that what the sites are being told is the user's
preference actually matches a decision the user would make. Asking the user
"Do you want a pony" and then telling the website "The user wants you to
mail them a Thundercats t-shirt" makes about as much sense as asking a user
"Do you want to send a Do-Not-Track header to websites you visit" and
expecting websites to believe the user made any sort of
informed decision about the issues touched on in the spec.

My $0.024

On Tue, Nov 13, 2012 at 2:34 PM, Justin Brookman <justin@cdt.org> wrote:

>  The working group has been using the term explicit and informed consent<http://www.w3.org/2011/tracking-protection/track/issues/143>to ensure that a user understands that they are performing a certain action
> (e.g., turning on DNT, or granting an exception to DNT), not to mandate a
> description of all the potential consequences of this action.  If I give my
> explicit and informed consent to Etsy to spend $500 on a one-of-a-kind
> Thundercats t-shirt, that should not require that Etsy provide me with
> information about the need to save for retirement or the fact that a
> Thundercats t-shirt may decrease my odds of attracting a suitable mate.
>
> Would you support a parallel requirement that any request for a
> user-granted exception be accompanied by a link to a list of the parade of
> horribles that privacy advocates could generate about why they are
> concerned about third-party data collection?  Remember, the group
> previously agreed that we are going to be equally prescriptive when it
> comes to specifying how "explicit and informed" consent must be for both
> turning on DNT and granting exceptions to the signal.  That agreement was
> designed in part as a buffering mechanism against these sorts of
> impractical and heavy handed requirements.
>
> Justin Brookman
> Director, Consumer Privacy
> Center for Democracy & Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969justin@cdt.orghttp://www.cdt.org
> @CenDemTech
> @JustinBrookman
>
> On 11/13/2012 4:46 PM, David Wainberg wrote:
>
> Hi Justin,
>
> On 11/13/12 2:06 PM, Justin Brookman wrote:
>
> but requiring disclosure about an unproven parade of horribles in advance
> is not something that a technical standards setting body should be
> contemplating.
>
> I believe we've already agreed that the DNT signal should reflect the
> user's explicit and informed consent. Doesn't the informed piece of that
> equation require explanation of the effects of DNT? But I can see that if
> you do not believe that provisions in this spec will have negative effects
> for the internet and internet users, then you wouldn't see the need for
> informing users of such negative effects. So, what do we need to do to
> convince you? Once we're on common ground about that, then maybe we can
> have a more productive conversation about how best to inform users.
>
> -David
>
>
>
>
Received on Wednesday, 14 November 2012 04:24:01 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:38 UTC