- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 2 Sep 2013 16:34:02 +0100
- To: <public-tracking@w3.org>
- Message-ID: <016401cea7f1$da5c92e0$8f15b8a0$@baycloud.com>
Peter, I agree with you that the fact people are setting DNT is evidence of intent, but for now the signal is mostly being ignored by the receiving servers. We both want a way for users to express their agreement (or disagreement) for tracking but it has to mean something real. We either get that through regulatory law (not entirely successful thus far), technical enforcement by browsers or add-ons (effective, and more evidence of intent, but blunt and often not good for innovation), or trying for consensus. The last is what this group is about, and the motivation for my post. Mike From: Peter Cranstone [mailto:peter.cranstone@3pmobile.com] Sent: 02 September 2013 14:57 To: Mike O'Neill; public-tracking@w3.org Cc: 'Chris Mejia'; Rigo Wenning Subject: Re: issue-151 Mike, Here's the current MAKET reality. There are no 3rd party programs or browsers for that matter, that are turning on DNT by default, even Microsoft has removed that capability. What's happening in the marketplace is that USERS are turning on DNT in an attempt to gain some privacy. Every DNT signal being sent is VALID because its the USER setting it. That's what everyone keeps missing - without the NSA/PRISM/DEA events in the market place you could have added DNT years ago and gotten ZERO (or close to it) adoption. But USERS have now woken up to the fact that privacy is important and ergo they're finding out how to turn on a Privacy signal. California Governor Brown will most likely sign into law AB 370 this week. When 78 politicians can unanimously agree on something it should send a message - they've managed to do what nobody thought possible. And they did so because unless we start taking our Privacy seriously then at least in the USA there is no more 4th amendment. IMO you can debate Issue-151 until the cows come home - but in this case you need to know that the cows have left the barn permanently and will never be returning home - the only thing that trumps a voluntary standard is regulation - and this week Do Not Track will be regulated. A certified API/APP is not going to stop people from turning on a Privacy Signal - and for that you can thank (blame) the NSA & DEA. Peter _________________________ Peter J. Cranstone From: Mike O'Neill <michael.oneill@baycloud.com> Date: Monday, September 2, 2013 2:58 AM To: "public-tracking@w3.org" <public-tracking@w3.org> Cc: 'Chris Mejia' <chris.mejia@iab.net>, Rigo Wenning <rigo@w3.org> Subject: re: issue-151 Resent-From: <public-tracking@w3.org> Resent-Date: Monday, September 2, 2013 2:58 AM Other W3C groups are working on cross-platform standards for web apps. Web apps need access to device interfaces for such things as telephony, geo-location and contact lists so "certified" apps are being defined which those that would have access to such "sensitive" APIs. A certified app is cryptographically signed by an organisation such as an app webstore to prove it has been vetted. I wonder if we could leverage this approach to help solve the "valid DNT signal" problem. If the DNT signal (general pref. as well as the site-specific exception) could be managed by an API that was only available to certified applications, and we could agree the parameters to decide what institutions could make vetting decisions, maybe that would help us reach consensus. These certified apps could be hosted or packaged, and could reside in UAs (built-in). As it stands only packaged apps are certifiable right now but hosted apps could have this facility also (signing the manifest?) , and so why not simple web sites. Mike
Received on Monday, 2 September 2013 15:34:33 UTC