- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Wed, 24 Jul 2013 17:59:33 +0000
- To: Rigo Wenning <rigo@w3.org>, Vinay Goel <vigoel@adobe.com>
- CC: John Simpson <john@consumerwatchdog.org>, "Mike O'Neill" <michael.oneill@baycloud.com>, "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>
Rigo, I believe the TPE UGE is a valid mechanism/approach but the underlying issue here is more significant. When the working group first came together, we had a key discussion about opt-in vs. opt-out. We unanimously agreed that an opt-out paradigm was more appropriate and adopted the requirement that users must explicitly activate the DNT signal. The technical reality that its far too easy to activate a DNT signal outside of user action and there are few options to correct this behavior is undermining our agreed up position. Any application or network device that has access to modify the page request header is incentivized to add the bare minimum ~13 lines of code as a "privacy friendly" product feature so they can list this among the benefits of their product without truly supporting the entire standard (default on - of course). This comes with no risk of enforcement in requiring that product change its approach to come into compliance with the W3C DNT standard. Where does this leave us? No way to confirm (outside of interruption) if a user has truly activated any DNT signal anywhere. So we have several choices: - Correct the technical implementation such that we lock down that ability for other parties to inject an invalid signal (certs/signatures?) - Move to a de-identification approach (data hygiene) and pair AdChoices w/ DNT to cover all possible uses (part of the industry proposal although admittedly assembled in haste and not as clear as it needed to be) - Flip on the original agreement within the working group and move to a de-facto opt-in world across the board (we've seen how well that played out in the EU) It appears the W3C Staff/Swire Proposal clearly supported the 3rd option as I know that group understands the underlying tech issue here. - Shane -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: Tuesday, July 23, 2013 12:14 PM To: Vinay Goel Cc: John Simpson; Mike O'Neill; public-tracking@w3.org; rob@blaeu.com Subject: Re: Change proposal: new general principle for permitted uses On Tuesday 23 July 2013 11:37:31 Vinay Goel wrote: > I suspect that companies are likely hesitant to use DNT as their opt > out preference because they cannot detect/tell whether it was set by > the user. There is a proposition on the table to require the implementation of the TPE exception mechanism from a valid DNT client. Why don't you support that to have a tool that tells you whether it was set by the user. This would at least be constructive. --Rigo
Received on Wednesday, 24 July 2013 18:08:49 UTC