Re: Confused by DAA's messages. Please explain

On Jul 5, 2013, at 6:47 AM, John Simpson <john@consumerwatchdog.org> wrote:

> Colleagues,  
> 
> I am trying to reconcile Mike Zaneis' description of the new industry position during Wednesday's call with what is actually written in the DAA proposal document.
> 
> Here is Mike's characterization as recorded in the minutes:
> 
> "zaneis: My members seeing 20-25%     of user base sending flag. Early on, our position had been: perhaps the W3C could standardize the DNT signal, and we would treat that as an industry opt-out.
> ... That is no longer tenable.
> ... We expect DNT:1 signals to approach 50% in short-term.
> 
> <johnsimpson> you have 25 percent DNT flags because people do not want to be tracked.
> 
> zaneis: No longer want to try to distinguish between what DNT:1 signals are legitimate and which are not.
> 
> <jmayer> I also agree with David. We worked *very* hard to quickly compile issue-by-issue proposals and rationales, as the chairs requested. The stakeholders who declined to follow that constructive and substantive process are being rewarded with extra time and focus.
> 
> zaneis: Now, within industry, we've decided to take a different approach, and focus on deidentification. Hope that could be a way to make consensus.
> ... Yes, we had fought tooth and nail on the default and UI issue, and we're now willing to take those off the table in the name of progress. Now the question is what level of deidentification is appropriate and implementable. We want to have that discussion."
> 
> 
> Yet in Section 4 -- First Party Compliance,  the authors of the "DAA" text (whoever they are) have inserted "Parties that disregard a DNT signal MUST respond to the user agent, using the response mechanism defined in the [TRACKING -DNT] specification."
> 
> This seems to flatly contradict what Mike said is the industry's new position.  If you don't distinguish between DNT:1 signals why would you disregard one and send a message that you are doing so?
> 
> Can someone please explain this discrepancy?

I can't speak to the DAA proposal (having not even read it yet while on vacation), but I can say that I will continue disregarding semantically invalid HTTP signals no matter what anyone else's opinion might be. As I have said before, senders that lie over HTTP will be ignored for the sake of the Web not becoming a festering pile of vendor-specific sewage. That principle is far more important than all of the privacy concerns combined.

Whether or not a disregard response is sent back does not matter to me. I thought that would be good for transparency. It won't make any difference to what is being disregarded.

....Roy

Received on Saturday, 6 July 2013 17:21:23 UTC