W3C home > Mailing lists > Public > public-tracking@w3.org > November 2012

RE: ACTION-326 and ACTION-327 BLOCKED on ISSUE-5

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Mon, 19 Nov 2012 14:27:57 -0000
To: "'Roy T. Fielding'" <fielding@gbiv.com>
Cc: <public-tracking@w3.org>
Message-ID: <005c01cdc662$1275ff30$3761fd90$@baycloud.com>
Roy,

I agree that a simple definition of DNT:1 that stops web history acquisition
would make the first-party/third-party distinction irrelevant. Something
like:

"Do not allocate or use data in order to identify me (or my browser) when I
visit other websites."

This should apply to UUID storage as well as UA fingerprinting.

The point about third-party restrictions is that it should stop web history
gathering, but still allow legal data use by websites. It should not mean  a
free pass to some,  i.e. by allowing web history gathering by "first-parties
using declared data in a third-party context", "service providers" or "joint
first-parties".

Mike


-----Original Message-----
From: Roy T. Fielding [mailto:fielding@gbiv.com] 
Sent: 19 November 2012 12:46
To: Rigo Wenning
Cc: Shane Wiley; public-tracking@w3.org; Lauren Gelman
Subject: Re: ACTION-326 and ACTION-327 BLOCKED on ISSUE-5

On Nov 19, 2012, at 12:04 AM, Rigo Wenning wrote:

> Shane,
> 
> On Sunday 18 November 2012 21:01:54 Shane Wiley wrote:
>> I believe many of us will have issue with your proposed definition 
>> and would recommend something closer to the one Roy has offered.
> 
> which is precisely the point why the definition is to be avoided. It 
> just re-opens the discussion at day one.

How can I reopen a discussion that was never conducted, let alone closed?  I
have been here since day 1.  So has the issue that still is raised and not
open.

>> Your proposal uses fairly loaded terms that have different meanings 
>> across regions (which could be good or bad depending on how you look 
>> at it), such as "personal data" so perhaps more neutral language is a 
>> better path.
> 
> Do you mean "personal data"? What is all that privacy about? Again, a 
> perfect reason to keep our fingers away from that definition. I 
> consider the use of the term "personal data" a pure emotional problem. 
> It is the term we use since the mid sixties of the last century 
> (invented by Westin in US!) We could call it "dossier" if you find 
> that neat.
>> 
>> I'm glad to see we're at least having this conversation though.  Your 
>> proposal is expanded to any "personal data"
>> collection whereas the alternate definition from Roy is focused on 
>> cross-site (non-affiliated) data collection/use which is much closer 
>> to where the current draft stands.
> 
> But says the same.

No, not even remotely the same.

> My definition says: Scope is all collection of personal data in HTTP.

Which would be incorrect, since DNT does not cover the collection of of all
personal data in HTTP.

> This is then to be seen in the context of the Specification that
> says: Do anything if DNT:0 or first party. Do only the allowed, if
> DNT:1 and third party.  It is precisely the stated goal of my 
> definition that it doesn't change anything and makes clear that the 
> definition-discussion is a phantom/pseudo-discussion.

In other words, your definition is deliberately wrong because you don't want
to discuss it?

> Or can you imagine cross-site tracking by a first party that would not 
> fall under the first party exception? Roy's definition just doubles 
> the first/third party distinction.

No, it just describes the scope of what I believe a user would consider
tracking, and the entirety of the privacy issue that I am attempting to
solve.  The reason why the WG has failed to make more than a month's worth
of actual progress on the compliance specification, in over a year of
arguing, is because the various participants are trying to solve completely
different problems and can't understand why the five (at last count) sides
are unable to come to consensus.

If we agree to a written description of the problem that we are attempting
to solve, then we have a small chance of agreeing that proposed solutions
will solve it.  If we can't agree to the problem, then maybe we should be
working on five separate problems with five separate solutions.

I couldn't care less about 1st/3rd party distinctions. The only reason it
has any meaning to DNT is because many people believe DNT:1 won't be a
viable setting for ordinary users if it disables personalization on
first-party sites.  Likewise, we expect first party sites to have their own
user-settable preferences that are far more detailed than DNT.

I do care about context and reasonable user expectations with regard to data
sharing, and know for a fact that neither one can be cleanly delineated by
Web technology.  Hence, my solution is to allow the human operators of sites
to expand the context only if it is reasonably expected by the user.  In
other words, if there is no technical means to bound the context, then we
shouldn't even be trying -- just define what is not allowed to be shared
outside the context and let regulators inform and enforce the boundaries of
the context based on user expectations.

> In this case, where is the issue with my definition? 

It is misleading to the user and unacceptable to the folks who are being
asked to honor the DNT signal.

> I still wait to see you come out of the woods with the additional 
> scope reduction by a definition that we do not need. This is like 
> writing and executing the code two times independently because you 
> have a feeling the parser could have missed something the first time.
> 
> We can have this discussion. But I want to make clear that a/ it 
> doesn't change anything b/ I already now believe it is a waste of 
> resources c/ it is understandable from the emotional point, thus we 
> may have to discuss it to keep everybody on the same page (which is a 
> normal activity in standardization).

Do you want DNT to be implemented or not?

I would like to implement a solution to giving the user control over
technologies that they consider tracking --- anything that follows or
correlates their Web activity over time, or retains or shares profiles about
that activity without their prior consent.
I am trying to do that in the least disruptive way possible, which means I
am not interested in any requirements that prevent real-time security
checks, block personalization based on session state or non-retained user
agent characteristics, or prevent necessary retention of access logs.

I will not, under any circumstances, agree to a whitelist style of
interaction with end-users wherein this WG controls the list -- we simply do
not have the expertise or omniscience to justify such requirements.  I will
agree to declarative definitions of scope, and to turn off everything
fitting within that scope (whether we have thought of it yet or not) based
on a validly expressed preference.

I will not be responsible for every bit of personal data a user might send
to my server via HTTP, since that just invites lawsuits via data injection.
I will only take responsibility for data that I (or a customer) deliberately
cause to be sent and that is known to be personally identifiable, and for
turning off behavior that would be perceived as tracking the user based on
that data.

I am looking for definitions that fit within those lines.
The exact words are less important than the scope they define.
I've floated half a dozen already and haven't heard a solid objection to any
of them.  Iterating over them helps me understand the real problems that
need to be solved in TPE.

....Roy
Received on Monday, 19 November 2012 14:28:42 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:38 UTC