Re: issue-151 from Peter Cranstone on 2013-09-02 (public-tracking@w3.org from September 2013)

From: Peter Cranstone <peter.cranstone@3pmobile.com>
Date: Mon, 2 Sep 2013 13:57:14 +0000
To: Mike O'Neill <michael.oneill@baycloud.com>, "public-tracking@w3.org" <public-tracking@w3.org>
CC: 'Chris Mejia' <chris.mejia@iab.net>, Rigo Wenning <rigo@w3.org>
Message-ID: <CE49F252.4327%peter.cranstone@3pmobile.com>

Mike,

Here's the current MAKET reality. There are no 3rd party programs or browsers for that matter, that are turning on DNT by default, even Microsoft has removed that capability. What's happening in the marketplace is that USERS are turning on DNT in an attempt to gain some privacy. Every DNT signal being sent is VALID because its the USER setting it.

That's what everyone keeps missing - without the NSA/PRISM/DEA events in the market place you could have added DNT years ago and gotten ZERO (or close to it) adoption. But USERS have now woken up to the fact that privacy is important and ergo they're finding out how to turn on a Privacy signal.

California Governor Brown will most likely sign into law AB 370 this week. When 78 politicians can unanimously agree on something it should send a message - they've managed to do what nobody thought possible. And they did so because unless we start taking our Privacy seriously then at least in the USA there is no more 4th amendment.

IMO you can debate Issue-151 until the cows come home - but in this case you need to know that the cows have left the barn permanently and will never be returning home - the only thing that trumps a voluntary standard is regulation - and this week Do Not Track will be regulated.

A certified API/APP is not going to stop people from turning on a Privacy Signal - and for that you can thank (blame) the NSA & DEA.



Peter
_________________________
Peter J. Cranstone


From: Mike O'Neill <michael.oneill@baycloud.com<mailto:michael.oneill@baycloud.com>>
Date: Monday, September 2, 2013 2:58 AM
To: "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Cc: 'Chris Mejia' <chris.mejia@iab.net<mailto:chris.mejia@iab.net>>, Rigo Wenning <rigo@w3.org<mailto:rigo@w3.org>>
Subject: re: issue-151
Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Monday, September 2, 2013 2:58 AM

Other W3C groups are working on cross-platform standards for web apps. Web apps need access to device interfaces for such things as telephony, geo-location and contact lists so “certified” apps are being defined which those that would have access to such “sensitive” APIs. A certified app is cryptographically signed by an organisation such as an app webstore to prove it has been vetted.

I wonder if we could leverage this approach to help solve the “valid DNT signal” problem. If the DNT signal (general pref. as well as the site-specific exception) could be managed by an API that was only available to certified applications, and we could agree the parameters to decide what institutions could make vetting decisions, maybe that would help us reach consensus. These certified apps could be hosted or packaged, and could reside in UAs (built-in). As it stands only packaged apps are certifiable right now but hosted apps could have this facility also (signing the manifest?) , and so why not simple web sites.

Mike

Received on Monday, 2 September 2013 13:57:42 UTC