- From: Jeremy Malcolm <jeremy@ciroap.org>
- Date: Sat, 7 Jan 2012 12:19:14 +0700
- To: Lee Tien <tien@eff.org>
- Cc: public-dntrack-contrib@w3.org
- Message-Id: <3DD15A85-CB03-47B9-9132-42EF43BC5863@ciroap.org>
Sorry for the (probably too) late response, as I have been away. > Lee: I think we’re better off by flatly prohibiting any modification. We don’t want anyone to override a user’s choice without specific user consent. Obviously, however, the spec cannot technically prevent ISPs, employers, etc. from using TOS/agreements to permit intermediary modification. I agree, but perhaps just omitting the second paragraph about "There are some situations where an entity wishes to express a Do Not Track preference on the user's behalf" would be enough. > ISSUE-47: Should the response from the server point to a URI of a policy (or an existing protocol) rather than a single bit in the protocol? > A possible danger of that could be that the response points to a site privacy policy that tries to weasel out of the DNT preference that the user expressed. But if that would be non-compliant with the spec due to something else I've missed, then never mind. > ISSUE-87: Should there be an option for the server to respond with "I don't know what my policy is" > I don't think so, simpler to just respond with either a "Yes, preference will be honoured" or "No, preference will not be honoured", and for "Don't know" to default to "No". > Lee: I don’t see need for the draft’s limitation to “transactional data,” defined as “information about the user's interactions with various websites, services, or widgets which could be used to create a record of a user’s system information, online communications, transactions and other activities, including websites visited, pages and ads viewed, purchases made, etc.”—or the rest of it. I agree, but the effect of the redraft is to dissolve the first-party/third-party distinction, so won't that have significant ramifications throughout the rest of the text? I thought that it was agreed that this spec would not limit tracking by the first party within its own branded Web pages? > Less clear on “pure” offline append: first or third parties buying offline data about DNT=1 users from parties not subject to DNT (e.g., Catalina Marketing specializes in grocery store convenience card data brokering, which is mostly offline; is it beyond DNT "jurisdiction" to say that websites can't buy this data? Maybe a SHOULD NOT?) Yes, you don't want to log into Facebook and see "We saw that you bought adult diapers when you last went shopping! Want to buy some more?" At that point, it has become online data even if it didn't start that way. -- Dr Jeremy Malcolm Project Coordinator Consumers International Kuala Lumpur Office for Asia-Pacific and the Middle East Lot 5-1 Wisma WIM, 7 Jalan Abang Haji Openg, TTDI, 60000 Kuala Lumpur, Malaysia Tel: +60 3 7726 1599 Read our email confidentiality notice. Don't print this email unless necessary.
Received on Saturday, 7 January 2012 09:58:26 UTC