- From: Peter Swire <peter@peterswire.net>
- Date: Wed, 17 Jul 2013 06:05:51 -0700
- To: "public-tracking@w3.org" <public-tracking@w3.org>
> >A lot of people assume that DNT is only going to affect advertising. >While that is certainly where the money has been talking, my >concerns are about third party subrequests in general, including >the use of shared UI frameworks at well-known locations (e.g., >common URIs for CSS or jQuery that are shared by many sites to >reduce average initial latency) and the use of security services >that do not qualify as service providers because they use patterns >derived from data sent to multiple unaffiliated sites. > >The extent of what is reasonably necessary tracking for the >permitted use of security is going to vary depending on what >service is being protected and what attacks are encountered, >which in turn will vary over time. I don't think it is useful >for the WG to claim that can be further limited by DNT. > >....Roy Following up on Roy's comment: For "third party subrequests in general", how much could an overall short-term collection provision in DNT take care of those requests? The June Draft allows "short-term, transient collection and use of data." The Short Term change proposal page has several approaches, including a two-week limit or David Singer's permitted use. I'm trying to understand this issue better, but combining the security language with the short-term language, it would seem: (1) Data gets collected under the short term rules, helping with "third party sub requests in general". (2) Data relevant to the security permitted use would then be governed by the permitted use rules. Thank you for helping others and me understand this better. Peter Prof. Peter P. Swire C. William O'Neill Professor of Law Ohio State University 240.994.4142 www.peterswire.net Beginning August 2013: Nancy J. and Lawrence P. Huang Professor Law and Ethics Program Scheller College of Business Georgia Institute of Technology >
Received on Wednesday, 17 July 2013 13:06:59 UTC