W3C home > Mailing lists > Public > www-archive@w3.org > April 2014

A decade later: W3C finally admits using Cookies

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 04 Apr 2014 22:36:18 +0200
To: public-privacy@w3.org
Message-ID: <1m3uj9p70aj6ao0ev2utav2ka1rc6b866g@hive.bjoern.hoehrmann.de>
Greetings,

  http://www.w3.org/Consortium/Legal/privacy-statement-20000612 is W3C's
primary privacy policy and it has not been updated in almost 14 years. A
decade ago it was clear that claims in it like "Our logging is passive;
we do not use technologies such as cookies to maintain any information
on users" are outdated and misleading, and I filed a complaint about it
in http://www.w3.org/mid/407ccc1e.356798869@smtp.bjoern.hoehrmann.de on 
12 Apr 2004 to the listed dispute address <site-policy@w3.org>.

Now http://www.w3.org/Consortium/Legal/privacy-statement-20140324.html
arrives just in time for the anniversary, "This policy is under review
by the W3C community until 14 April 2014" finally admitting that "We
use cookies for purposes including to understand usage patterns of the
site and to maintain session state for some applications." As a useful
reminder, quoting from my message,

  I assume the use of cookies on w3.org would also require to update
  the P3P documents as they currently apparently not disclose the use
  of cookies nor how they are used.

That will be interesting to watch, considering the proposed prose does
not disclose how cookies are used beyond two examples. Reviewers of the
policy should note that "Logged information may be kept indefinitely"
and that the "Do-Not-Track header" will be ignored by W3C, despite its
mass accumulation of third party tracking data through tracking pixels
(in forms like the "Valid HTML" logos and other hosted resources). The
rationale "because we do not track any users for behavioral targeting"
likely means that W3C will rename "Do-Not-Track" to "Do-Not-Target".

regards,
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Friday, 4 April 2014 20:36:44 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:44:29 UTC