Re: Next 2 calls canceled (Oct 09 and Oct 16)

+1

I agree with Aleecia.  While I wouldn't be surprised, I couldn't imagine a
company willfully leveraging a documented registry to implement a digital
fingerprint.  That said, the FTC and EU DPAs would love the low hanging
fruit this would create for their enforcement arms.

- Shane

On Thu, Oct 19, 2017 at 2:08 PM, Aleecia M. McDonald <aleecia@aleecia.com>
wrote:

>
> > On Oct 19, 2017, at 12:48 PM, Mike O'Neill <michael.oneill@baycloud.com>
> wrote:
> >
> > I don't think a pass-thru will fly, because it is too easy to use the
> DNT header as a secret tracking cookie. We have to constrain the entropy.
>
> I think the best path is to add “thou shalt not fingerprint” in
> appropriate standards language. The irony of DNT possibly being used to
> track people is a concern, including a concern for users. We can at least
> be clear that we knew the possible risk and did not design the spec to be
> abused in that way. It’s a fig leaf, I know. But really, if someone’s going
> to be anti-social there is not a whole lot to be done by us. DNT has always
> had to assume good actors; it’s a request, not a PET.
>
> Other actors like IAB could impose requirements on their members, as they
> did with baring the use of LSOs for behavioral advertising. EFF’s DNT could
> include an FTC-actionable promise not to fingerprint based on DNT. I
> believe the stock phrase is there is a role for regulators here. Plus the
> class action lawsuits for “I used a setting for privacy and you used it to
> track me” nearly write themselves, especially in California and Europe,
> even without anyone else stepping up. So I think there *are* solutions to
> this threat, but they come from parties external to the WG.
>
>         Aleecia
>



-- 
- Shane

Shane Wiley
VP, Privacy
Oath: A Verizon Company