W3C home > Mailing lists > Public > public-tracking@w3.org > November 2012

Re: ACTION-326 and ACTION-327 BLOCKED on ISSUE-5

From: Roy T. Fielding <fielding@gbiv.com>
Date: Mon, 19 Nov 2012 04:45:38 -0800
Cc: Shane Wiley <wileys@yahoo-inc.com>, "public-tracking@w3.org" <public-tracking@w3.org>, Lauren Gelman <gelman@blurryedge.com>
Message-Id: <F310DBE7-A220-4668-9592-7B1421E2C2C0@gbiv.com>
To: Rigo Wenning <rigo@w3.org>
On Nov 19, 2012, at 12:04 AM, Rigo Wenning wrote:

> Shane, 
> 
> On Sunday 18 November 2012 21:01:54 Shane Wiley wrote:
>> I believe many of us will have issue with your proposed definition
>> and would recommend something closer to the one Roy has offered.
> 
> which is precisely the point why the definition is to be avoided. It 
> just re-opens the discussion at day one. 

How can I reopen a discussion that was never conducted, let alone
closed?  I have been here since day 1.  So has the issue that still
is raised and not open.

>> Your proposal uses fairly loaded terms that have different
>> meanings across regions (which could be good or bad depending on
>> how you look at it), such as "personal data" so perhaps more
>> neutral language is a better path.
> 
> Do you mean "personal data"? What is all that privacy about? Again, 
> a perfect reason to keep our fingers away from that definition. I 
> consider the use of the term "personal data" a pure emotional 
> problem. It is the term we use since the mid sixties of the last 
> century (invented by Westin in US!) We could call it "dossier" if 
> you find that neat. 
>> 
>> I'm glad to see we're at least having this conversation
>> though.  Your proposal is expanded to any "personal data"
>> collection whereas the alternate definition from Roy is focused
>> on cross-site (non-affiliated) data collection/use which is much
>> closer to where the current draft stands.
> 
> But says the same.

No, not even remotely the same.

> My definition says: Scope is all collection of personal data in HTTP.

Which would be incorrect, since DNT does not cover the collection of
of all personal data in HTTP.

> This is then to be seen in the context of the Specification that 
> says: Do anything if DNT:0 or first party. Do only the allowed, if 
> DNT:1 and third party.  It is precisely the stated goal of my 
> definition that it doesn't change anything and makes clear that the 
> definition-discussion is a phantom/pseudo-discussion.

In other words, your definition is deliberately wrong because you
don't want to discuss it?

> Or can you imagine cross-site tracking by a first party that would 
> not fall under the first party exception? Roy's definition just 
> doubles the first/third party distinction.

No, it just describes the scope of what I believe a user would
consider tracking, and the entirety of the privacy issue that
I am attempting to solve.  The reason why the WG has failed to
make more than a month's worth of actual progress on the compliance
specification, in over a year of arguing, is because the various
participants are trying to solve completely different problems
and can't understand why the five (at last count) sides are
unable to come to consensus.

If we agree to a written description of the problem that we are
attempting to solve, then we have a small chance of agreeing
that proposed solutions will solve it.  If we can't agree to
the problem, then maybe we should be working on five separate
problems with five separate solutions.

I couldn't care less about 1st/3rd party distinctions. The
only reason it has any meaning to DNT is because many people
believe DNT:1 won't be a viable setting for ordinary users if
it disables personalization on first-party sites.  Likewise,
we expect first party sites to have their own user-settable
preferences that are far more detailed than DNT.

I do care about context and reasonable user expectations with
regard to data sharing, and know for a fact that neither one
can be cleanly delineated by Web technology.  Hence, my solution
is to allow the human operators of sites to expand the context
only if it is reasonably expected by the user.  In other words,
if there is no technical means to bound the context, then we
shouldn't even be trying -- just define what is not allowed
to be shared outside the context and let regulators inform and
enforce the boundaries of the context based on user expectations.

> In this case, where is the issue with my definition? 

It is misleading to the user and unacceptable to the folks
who are being asked to honor the DNT signal.

> I still wait to see you come out of the woods with the additional 
> scope reduction by a definition that we do not need. This is like 
> writing and executing the code two times independently because you 
> have a feeling the parser could have missed something the first time. 
> 
> We can have this discussion. But I want to make clear that 
> a/ it doesn't change anything
> b/ I already now believe it is a waste of resources
> c/ it is understandable from the emotional point, thus we may have 
> to discuss it to keep everybody on the same page (which is a normal 
> activity in standardization). 

Do you want DNT to be implemented or not?

I would like to implement a solution to giving the user control
over technologies that they consider tracking --- anything that
follows or correlates their Web activity over time, or retains
or shares profiles about that activity without their prior consent.
I am trying to do that in the least disruptive way possible, which
means I am not interested in any requirements that prevent
real-time security checks, block personalization based on
session state or non-retained user agent characteristics, or
prevent necessary retention of access logs.

I will not, under any circumstances, agree to a whitelist
style of interaction with end-users wherein this WG controls
the list -- we simply do not have the expertise or omniscience
to justify such requirements.  I will agree to declarative
definitions of scope, and to turn off everything fitting within
that scope (whether we have thought of it yet or not) based on
a validly expressed preference.

I will not be responsible for every bit of personal data a user
might send to my server via HTTP, since that just invites lawsuits
via data injection.  I will only take responsibility for data
that I (or a customer) deliberately cause to be sent and that is
known to be personally identifiable, and for turning off behavior
that would be perceived as tracking the user based on that data.

I am looking for definitions that fit within those lines.
The exact words are less important than the scope they define.
I've floated half a dozen already and haven't heard a solid
objection to any of them.  Iterating over them helps me understand
the real problems that need to be solved in TPE.

....Roy
Received on Monday, 19 November 2012 12:46:03 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:38 UTC