Re: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal from Dobbs, Brooks on 2012-11-20 (public-tracking@w3.org from November 2012)

From: Dobbs, Brooks <Brooks.Dobbs@kbmg.com>
Date: Tue, 20 Nov 2012 15:08:52 +0000
To: Shane Wiley <wileys@yahoo-inc.com>, David Singer <singer@apple.com>, "Alan Chapell" <achapell@chapellassociates.com>
CC: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <2B40EB3A3384EB4CB812241DDDC41D87089270@KBMEXMBXPR01.kbm1.loc>

David,

I would echo Shane's sentiment and add that it may be the case that
browsers do not intend to mislead but may do so anyway.  Take the current
implementation language from a popular browser - "Tell websites I do not
want to be tracked".  It seems exceedingly likely that consumers will
interpret "websites" as the provider of content filling up their browser.
The irony of course being that the "website" is the one party who can
still track you!  Obviously for the 1 millionth time, track isn't defined,
but you would have to assume some reasonable users are going to interpret
"track" as meaning e.g. the recording of identified/identifiable person
came to site at date/time 11/20/12 13:33:22 and read article about
alternative cures for colon cancer  I am not suggesting that the browser
set out to mislead, only that this is likely a very reasonable
interpretation of that language and one that is not in sync with what the
spec would disallow.


-Brooks
-- 

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
brooks.dobbs@kbmg.com



This email  including attachments  may contain confidential information.
If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message.



On 11/19/12 7:27 PM, "Shane Wiley" <wileys@yahoo-inc.com> wrote:

>David,
>
>I disagree on your observations that "browsers cannot 'hide' whatever
>their options are, and have little direct incentive to mislead anyone".
>I believe real-world events have already shown this to be a false
>statement - especially if you cascade this beyond "browsers" to all UA
>agents.
>
>- Shane
>
>-----Original Message-----
>From: David Singer [mailto:singer@apple.com]
>Sent: Monday, November 19, 2012 4:33 PM
>To: Alan Chapell
>Cc: Rigo Wenning; public-tracking@w3.org; David Singer
>Subject: Re: ACTION-212: Draft text on how user agents must obtain
>consent to turn on a DNT signal
>
>
>On Nov 18, 2012, at 10:03 , Alan Chapell <achapell@chapellassociates.com>
>wrote:
>
>> I agree -- specifying exact wording isn't a great idea - but that's
>> not what I'm suggesting.
>> 
>> Setting the expectation that UA's communicate DNT functionality
>> clearly and completely addresses the very real possibility that some
>> UA's will characterize DNT functionality in a way that is a) unclear,
>> b) filled with hyperbole, or those that c) enact DNT without even
>>telling Users.
>> 
>> While I think that public, marketplace and regulatory pressure might
>> address c), I tend to doubt that they will address a) and b).
>> 
>> I'm a bit surprised that this is so controversial. After all, the goal
>> here is to provide consumer's with informed choice, correct?
>
>Alan
>
>I take it, following this thread, that you OK with even stronger language
>for sites, when they are getting consent for an exception?  Sites have
>every incentive to get users to agree, and it's easy to call the API to
>log the exception with the UA.  In contrast, the browsers cannot 'hide'
>whatever their options are, and have little direct incentive to mislead
>anyone.
>
>
>> 
>> 
>> On 11/18/12 12:35 PM, "Rigo Wenning" <rigo@w3.org> wrote:
>> 
>>> On Thursday 15 November 2012 15:46:14 David Singer wrote:
>>>>> ³The User Agent MUST make available explanatory text to provide
>>>>> more detailed information about DNT functionality within easy and
>>>>> direct access for the particular environment prior to DNT being
>>>>> enabled.²
>>>> and all sites will, of course, be mandated to do the same or better
>>>> for exception requests?
>>> 
>>> <joke>
>>> YES! All sides MUST implement P3P to fulfill DNT! After 10 years, the
>>> magic bullet to get ubiquituous P3P adoption.
>>> </joke>
>>> 
>>> I thought we have always worked under the assumption that we do not
>>> proscribe UA GUI. Because my experience is that we can write whatever
>>> we want into a Specification, but UAs won' t necessarily honor that.
>>> UI is where browsers compete. While some simple, well-tested
>>> proscribed text would probably create some kind of a circuit where
>>> users better understand and adapt their expectations, I don't see
>>> momentum.
>>> 
>>> I rather think that it creates an eco-system where browser that
>>> promise too much can be punished by users who are deceived and by
>>> sites responding that they won't honor. And we'll see waves into one
>>> or the other direction before it stabilizes.
>>> 
>>> Rigo
>>> 
>>> 
>> 
>> 
>> 
>
>David Singer
>Multimedia and Software Standards, Apple Inc.
>
>
>

Received on Tuesday, 20 November 2012 15:09:24 UTC