- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 25 Jul 2013 09:40:06 +0200
- To: Shane Wiley <wileys@yahoo-inc.com>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>, Vinay Goel <vigoel@adobe.com>, John Simpson <john@consumerwatchdog.org>, Mike O'Neill <michael.oneill@baycloud.com>, "rob@blaeu.com" <rob@blaeu.com>
On Thursday 25 July 2013 04:39:35 Shane Wiley wrote: > Rigo, > > I feel like we're talking past one another. We are not. The DAA tells the world that "the World Wide Consortium sputters and spits trying to negotiate a Do Not Track standard to protect consumer privacy online, the digital advertising business is forging ahead with expanding its self-regulation program to mobile devices." http://www.adweek.com/news/technology/ad-industry-expands-privacy-self-regulation-mobile-151386 This is unfair. If W3C would stop having a process and discussions about a process and either throw out the industry, the consumer or the privacy experts, respectively, we could advance within weeks. No more sputters and spits. > > 1. DNT can be set easily by any technology with access to the page > request header outside of user control The french call that "dialogue de sourds", the dialog of the deaf. If you can test the presence of an UGE mechanism, your assertion is just wrong. Repeating it doesn't make it become true. > 2. This means we'll likely > have a high percentage of DNT=1 traffic on the internet (some say as > high as 80%) Does that mean you fear that the opt-out system could actually work? And that you are deeply concerned that users could opt-back in? If we stall, you can time-travel into the next 5 years and talk to the people from German IT-publisher Heise: They lost large parts of their revenue due to blocking tools. It will be 80% of blocking tools instead of DNT-Headers. They would LOVE to have a way to opt their audience back in. IMHO, if the industry ignores the golden bridge of DNT, they will have to cross the rocky valley a few years later. As I said, the issue is the unrest in the marketplace, that people will buy whatever promises them more privacy, even a DNT-spitting router. To your point: you may see 80% of DNT:1 headers, but how many of them will be valid according to the W3C Specifications? > 3. This means sites will need to ask users if they set > the DNT signal and/or ask for a UGE for a large majority of visitors As I explained: You don't. You just test the user agent. We both know that DNT has two technological enemies: 1/ Cookies + implied consent and 2/ DNT:1 spitting routers and dumb extensions. Now the united internet expertise in this group can't distinguish between those and a valid browser? And you need a lawyer to tell you what to do? Come on! > 4. This is an "opt-in" paradigm - which we agreed in the beginning > was inappropriate (DNT=<null>, user makes an explicit choice) Who is responsible for DNT:1 spitting routers? W3C? Is this conformant to the current state of our specifications? Nobody in this group wants DNT:1 spitting routers. That's why we have ISSUE-151. > > To adopt DNT under the Swire/W3C Staff Proposal (aka June Draft), > industry would be agreeing to shift to an opt-in model vs. agreeing > to support a more hardened opt-out choice for users that is stored in > the web browser safely away from cookie clearing activities (which > remove opt-out cookies today unless the user has installed an opt-out > preservation tool). This is a significant shift and will not likely > be supported by industry. Hence the reason we're pushing back so > hard on the current situation. Your assertion of an opt-in model is a myth and a perceived danger, not a real shift in the Specification. The routers are shifting, not the Specification. This is just the first sign of market unrest. If you can't distinguish between a browser and a router, I wonder about the quality of all that tracking anyway. Are we discussing giant dumps of rubbish quality data? If so, consumers and privacy experts may relax a bit. For the moment, they assume that you can do profiles and things and distinguish between users and their devices etc. > > I believe I'm being as fair, open, and honest about the core issue. And I do not question that. We even agree that there is an issue. And we have a number for that issue. I tell you that your conclusions and suggestions will lead to a totally nullified DNT, not worth our time. And I encourage you to consider a reasonable solution to the problem, not a short-circuiting of the system with an industry-opt-out behind. > Hopefully we can work together to look for solutions to this > unfortunate outcome (unfortunate for industry as I can imagine some > on the advocate side would be very happy with an opt-in world). Again, opt-in/out is a myth. DNT installs a control, a switch. This is much more than opt-in/out. BTW, I do not believe, given the dynamics of the Web and the Internet, that we can predict the percentage of DNT headers for the next 3 years; let alone the percentage of valid DNT headers. Finally, the only ways a company can be forced to honor a DNT:1 header is: 1/ By our feedback making a promise it does 2/ By a self-regulation like DAA or Truste or Europrise 3/ By law I would be totally surprised by a law that would force you to accept "any" DNT:1 header. So lets work on distinguishing the good from the bad headers. We had very good discussions in Sunnyvale with the browser makers. They are also interested in a solution. There must be a way. --Rigo
Received on Thursday, 25 July 2013 07:40:41 UTC