Re: June Draft of the DNT compliance spec

Hi!

my 2cents:
- From a user expectation point of view, I would expect that whatever is 
turned on by private browsing (e.g., turning on DNT;1)
is then undone when I exit this mode (i.e., returning DNT to the prior 
state).

- The original intent (AFAIR) of the language I cited was to allow 
installation of privacy tools (such as the anonymous browsing tool "Tor")
   and - since this is a very strong expression of a desire for privacy 
- these tools may send DNT;1 by default.
   Naturally, these tools MUST still need to implement the exception API 
and provide a feature to return from DNT;1 to unset or DNT;0.


Matthias


On 13/06/2013 16:27, Alan Chapell wrote:
> Thanks Craig -
>
> I probably wasn't being clear enough in my question. As I understand 
> it, Safari turns on DNT automatically during a Private Browsing 
> session. I'm asking if DNT remains on, or is turned off when the 
> Private Browsing session ends.
>
>
> From: Craig Spiezle <craigs@otalliance.org <mailto:craigs@otalliance.org>>
> Date: Thursday, June 13, 2013 10:18 AM
> To: Alan Chapell <achapell@chapellassociates.com 
> <mailto:achapell@chapellassociates.com>>, 'Justin Brookman' 
> <jbrookman@cdt.org <mailto:jbrookman@cdt.org>>, 'David Singer' 
> <singer@apple.com <mailto:singer@apple.com>>
> Cc: 'Shane Wiley' <wileys@yahoo-inc.com 
> <mailto:wileys@yahoo-inc.com>>, 'Peter Swire' <peter@peterswire.net 
> <mailto:peter@peterswire.net>>, <public-tracking@w3.org 
> <mailto:public-tracking@w3.org>>
> Subject: RE: June Draft of the DNT compliance spec
> Resent-From: <public-tracking@w3.org <mailto:public-tracking@w3.org>>
> Resent-Date: Thu, 13 Jun 2013 14:19:33 +0000
>
>     This is really determined by the browser vendor and or user
>     setting if "private browsing" (InPrivate, Incognito...)  is a
>     session based or persistent setting.
>
>     *From:*Alan Chapell [mailto:achapell@chapellassociates.com]
>     *Sent:* Thursday, June 13, 2013 7:07 AM
>     *To:* Justin Brookman; Craig Spiezle; David Singer
>     *Cc:* 'Shane Wiley'; 'Peter Swire'; public-tracking@w3.org
>     <mailto:public-tracking@w3.org>
>     *Subject:* Re: June Draft of the DNT compliance spec
>
>     Thanks Justin. I was unaware of the Private Browsing feature.
>
>     David, does Private Browsing turn on DNT automatically during a
>     private browsing session, and then turn it off automatically once
>     the private browsing session is over?
>
>     *From: *Justin Brookman <jbrookman@cdt.org <mailto:jbrookman@cdt.org>>
>     *Date: *Monday, June 10, 2013 12:37 PM
>     *To: *Craig Spiezle <craigs@otalliance.org
>     <mailto:craigs@otalliance.org>>
>     *Cc: *'Shane Wiley' <wileys@yahoo-inc.com
>     <mailto:wileys@yahoo-inc.com>>, Alan Chapell
>     <achapell@chapellassociates.com
>     <mailto:achapell@chapellassociates.com>>, 'Peter Swire'
>     <peter@peterswire.net <mailto:peter@peterswire.net>>,
>     <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>     *Subject: *Re: June Draft of the DNT compliance spec
>
>         Previously, I thought we had agreement that selection of a
>         special privacy-protective product or setting could imply
>         consent to send DNT:1  This agreement is currently reflected
>         in the TPE in Section 3:
>         http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining.
>          For example, I believe that Safari turns on DNT:1 whenever
>         someone engages "Private Browsing" mode, despite no specific
>         language about Do Not Track:
>         http://www.apple.com/safari/features.html
>
>         However, that language/agreement may have been subsumed by
>         more recent discussions.
>
>         On Jun 10, 2013, at 11:15 AM, "Craig Spiezle"
>         <craigs@otalliance.org <mailto:craigs@otalliance.org>> wrote:
>
>
>
>         I apologize for possibly bringing up a closed issue, but do
>         you see a distinction between a browser or a privacy /
>         security enhancing product? I agree with what is proposed by a
>         browser, but see there might be other scenarios where the
>         consumer is making an implied decision when acquiring a third
>         party security / privacy add-on?.
>
>         Conceptually let's call the product Privacy and Data Protector
>         which by default out of the box offers "maximized protection
>         of your data collection and privacy".   Could one argue that
>         one who purchases such a product in effect is making an
>         implied decision to use such functionality. Better yet
>         Ad-Block Plus?
>
>         *From:*Shane Wiley [mailto:wileys@yahoo-inc.com
>         <http://yahoo-inc.com>]
>         *Sent:*Monday, June 10, 2013 7:17 AM
>         *To:*Alan Chapell; Peter Swire;public-tracking@w3.org
>         <mailto:public-tracking@w3.org>
>         *Subject:*RE: June Draft of the DNT compliance spec
>
>         Friendly amendment suggestion:
>
>         "...unless they have otherwise obtained consent from the user
>         to do so."
>
>         - Shane
>
>         *From:*Alan Chapell [mailto:achapell@chapellassociates.com]
>         *Sent:*Monday, June 10, 2013 6:31 AM
>         *To:*Peter Swire;public-tracking@w3.org
>         <mailto:public-tracking@w3.org>
>         *Subject:*Re: June Draft of the DNT compliance spec
>
>         Thanks Peter. I'm still generally uncomfortable that DNT
>         doesn't place requirements on First Parties.
>
>         One item of particular concern that seems to have fallen off
>         the radar is the scenario where a party collects data in a
>         first party context and attempts to use it in a third party
>         context when DNT is enabled. I thought there was agreement on
>         this issue. However, I keep raising it, and it doesn't seem to
>         make it into the drafts. Perhaps its implied in the language
>         "... customize the content, services, and advertising in the
>         context of the first party experience." However, it is not
>         clear enough, IMHO.
>
>         To address, I offer the following language to Section 4 (First
>         Party Compliance). The new language is below.
>
>         First Parties /must not/ use data collected while a First
>         Party when acting as a Third-Party when DNT = 1.
>
>         Nick -- if I need to open up another issue on this, please let
>         me know. Thanks!
>
>         Alan
>
>         *From:*Peter Swire <peter@peterswire.net
>         <mailto:peter@peterswire.net>>
>         *Date:*Monday, June 10, 2013 7:47 AM
>         *To:*"public-tracking@w3.org <mailto:public-tracking@w3.org>"
>         <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>         *Subject:*June Draft of the DNT compliance spec
>         *Resent-From:*<public-tracking@w3.org
>         <mailto:public-tracking@w3.org>>
>         *Resent-Date:*Mon, 10 Jun 2013 11:47:58 +0000
>
>             To the Working Group:
>
>                     Attached please find a June Draft of the
>             compliance spec.  The spec is also available at:
>
>             http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.html
>
>             This draft builds directly on the Consensus Action Summary
>             from the Sunnyvale F2F. Working closely with W3C staff,
>             and based on numerous discussions with members of the WG,
>             this June Draft is my best current estimate of a document
>             that can be the basis for a consensus document in time for
>             Last Call.
>
>                     The June Draft includes a number of_grammatical
>             and stylistic edits_to various provisions of the previous
>             working drafts.  These sorts of edits were done in hopes
>             of adding clarity and good writing to the provisions.  In
>             the spirit of humility, W3C staff and I recognize that
>             members of the WG may spot substantive objections to these
>             stylistic edits -- let us work within a constructive
>             spirit of the working group process to examine and, where
>             appropriate, make changes to these edits.
>
>                     The Draft also addresses the_four task
>             areas_included in the Consensus Action Summary.  In
>             proposing language in the June Draft, my intent and belief
>             was to make good substantive judgments about an_overall
>             package_that may achieve consensus, as well as
>             item-by-item judgments about what is substantively most
>             defensible within the context of the WG.  Clearly, the
>             group will need to work through each piece of the text,
>             members can suggest alternatives, and we will need to
>             determine where and whether consensus exists.
>
>                     The June Draft contains_normative text but not
>             non-normative text_. In part, this reflects my view that
>             we have the best chance to work constructively on a
>             relatively short amount of normative text.  Proposed
>             non-normative text can be proposed for provisions in time
>             for Last Call.  As a potentially useful alternative, W3C
>             has various mechanisms for publishing notes or other
>             documents that illuminate a standard.  The best time for
>             detailed discussion of most non-normative text quite
>             possibly will be after Last Call.
>
>                     The June Draft discusses_only items that the W3C
>             WG can address_. Clearly, the actions of others on these
>             issues may be relevant to the overall outcome.  For
>             instance, the DAA has discussed changes to its code,
>             including on its market research and product development
>             exceptions.   There has been discussion of a potentially
>             useful limit on any blocking of 3d party cookies for sites
>             that comply withDNT.  There may also be new and useful
>             technical measures that would be important to the future
>             of advertising in a privacy-protective manner.  The text
>             here, as indicated, addresses what would be within the
>             compliance spec itself.
>
>                     W3C staff and I are working on further explanatory
>             materials that will seek to clarify the changes here, and
>             link the June Draft to the issues on the WG site.
>
>                     The regular call this Wednesday will be an
>             opportunity for the Group to have an initialdiscussion of
>             the June Draft.  To give everyone a chance to review this
>             material, we will not be seeking to close compliance
>             issues during this Wednesday's calls.
>
>                     Thank you,
>
>                     Peter
>
>             Prof. Peter P. Swire
>
>             C. William O'Neill Professor of Law
>
>             Ohio State University
>
>             240.994.4142
>
>             www.peterswire.net <http://www.peterswire.net>
>
>             Beginning August 2013:
>
>             Nancy J. and Lawrence P. Huang Professor
>
>             Law and Ethics Program
>
>             Scheller College of Business
>
>             Georgia Institute of Technology
>

Received on Thursday, 13 June 2013 15:49:53 UTC