- From: Bryan Sullivan <blsaws@gmail.com>
- Date: Fri, 5 Oct 2012 08:50:08 +0200
- To: public-tracking@w3.org
In DC I raised a number of concerns and solutions expressed as "Alternative 6" [1]. The current F2F has only strengthened my opinion that a proscriptive compliance framework based upon poorly-defined core concepts is a bad idea. I am all for small steps toward progress, and believe that unfettered from over-reaching specification of compliance to usage permissions and party contexts, the TPE will establish a useful specification of user agent and server signaling. But as I heard and commented upon yesterday, the TCS discussion continues to veer toward proscriptive requirements on Web service architecture elements and players across the spectrum, without considering the true complexity of some of its core concepts. These include the concepts of "user", "user agent", and "identity" (especially as it relates to "privacy"), for a few. If we were to consider for example that real "users" of computers/phones/etc are often not the owners of those devices or in control of the software settings of the device-based user agents, and that users of multiple devices most likely will not want to have to manage settings in each device/user-agent [2], and that as services migrate to the cloud that users will access them from an increasingly diverse set of devices and network contexts, it becomes clear that the 1-to-1 association of user to device and user-agent to "web browser" is a severe conceptual limitation. User agents are in fact more broadly and truly distributed concept, under which numerous software and network entities can act on behalf of a user, and in many cases serve the real user's preferences more accurately and effectively than a single device or software component can. Thus as discussed yesterday, the notion that intermediaries (e.g. proxies, a component in distributed user agents) should be forbidden from expressing the true intent of the "user" by modifying or adding DNT header information, is short-sighted and obscures a broad range of implementation/deployment approaches as it views the problem only through the narrow lens of browser-controlled preferences. Similarly, the current focus on "identity", especially as it relates to the privacy implications of "identifiable" attributes, does not serve overall privacy goals well. Analyses of approaches to anonymization (e.g. [4]) show that approaches such as k-anonymity can provide only a transient/comforting sense that collected data cannot be associated to an "individual" (meaning here any discrete entity, not just a user). Thus rather than chasing permitted uses and unlinkability down an illusory rabbit-hole, we should focus on user awareness of and participation in the bargain that they engage in with every click. Related to the "what are we trying to do" discussion in DC, promoting user engagement in choosing how they are advertised to as well as how much information can be retained about their activities should be our focus for "tracking protection". But that set of goals are much more complex than can be achieved by the narrow focus on data collection/retention, permitted uses, and unlinkability in the TCS. Those may be aspects of potential solutions, but I believe that only by establishing the broad outlines of tracking protection intent, and then letting the market bring innovative solutions to those goals, can we truly achieve progress in tracking protection without massively disrupting the developing Web economy. Thanks, Bryan Sullivan
Received on Friday, 5 October 2012 06:50:36 UTC