- From: Marcos Caceres <marcosc@opera.com>
- Date: Thu, 22 Jul 2010 10:48:04 +0200
- To: ifette@google.com
- CC: public-privacy@w3.org, David Rogers <david.rogers@wholesaleappcommunity.com>, Karl Dubost <karl+w3c@la-grange.net>
Hi Ian,
On 7/21/10 6:43 PM, Ian Fette (イアンフェッティ) wrote:
> On Wed, Jul 21, 2010 at 9:28 AM, Marcos Caceres <marcosc@opera.com
> <mailto:marcosc@opera.com>> wrote:
>
> Hi All,
>
>
> On 7/21/10 3:10 PM, David Rogers wrote:
>
> I tweeted this at the time from comedian Lee Mack, but it is
> really reflective on 99% of users:
>
> Most users do not have a clue .In the words of Lee Mack:"Have
> you tried disabling cookies?""Well, I once bit the legs off a
> gingerbread man"
>
> http://twitter.com/drogersuk/status/18347149194
>
>
> Jokes aside (and I know David did not mean to imply this so I am
> saying it generally), but just because users don't understand
> something does not mean they should not be entitled to a protection
> or control of privacy. To quote James Boyle [1], who discusses
> similar dispossession of rights in the context of intellectual
> property, this is similar to "the Supreme Court decisions that
> dispossessed the American Indians on the theory that they did not
> comprehend the concept of property and thus did not “own” the land
> being taken from them" p.54.
>
> I know that the above kinda goes without saying it. However, during
> the workshop certain people did argue that things like geopriv were
> too confusing for end users, and would up the cost for implementers
> and vendors, therefore users should not be entitled to such
> technological protections.
>
>
> And car owners should not be deprived of the best MPG (or litres/100km)
> possible, so we should ask them a slew of factors and ask them to solve
> a differential equation to determine the optimal "driving coefficient"
> for their driving style, which they should then input into the steering
> wheel by turning it left to decrement a value, right to increment a
> value, and honking to set the value, and they should do this before each
> trip in case they gained or lost weight.
Lets take some real world examples: Google, for instance, respects on
user-by-user basis whether it should retain the search history. It only
took a couple of clicks for me to work that out. Facebook, as another
[not so great] instance, respects my expressed desire to not make
certain things public in my profile (e.g., my birthday). With one click,
I made everything relating to my profile visible only to "friends". It's
not that hard to make an interface to do the right thing: no
differential equations were solved by me in the process:)
> Hopefully it's obvious that the above is sarcasm, but I think it's about
> as over the top as suggesting that arguing against these controls being
> in the browser is akin to stripping native americans of their land.
It was an analogy: the point I am making is that we must not see
ourselves as not belonging to the group of people to which our decisions
affect. To do so risks adversely impacting both ourselves and others in
detrimental ways (stripping people of their right to land serves as an
extreme reminder of what can happen when we differentiate ourselves from
those to which our choice impact). The solutions we come up with here
should work just as well for us (people in this forum) as they would for
anyone else - no exception, we are in the same boat and it's dangerous
to pretend otherwise.
> What I have been trying to convey, and what Aza said at the workshop, is
> that we have to respect the user, and respecting the user is not
> synonymous with prompting them for everything, we also have to respect
> their time and make sure we can build in user interactions that they
> understand and that make sense for the task at hand.
Firstly, you are using language that dissociates people working on
technology ("we") with those that use the technology ("their"). As I
said above, I refuse to disassociate myself as a user and I please urge
you to stop that too. I'm sure you use more than one browser over which
you have limited direct influence.
Secondly, everyone knows that constant prompting is annoying and does
not work. I never said that prompting was a solution to any problem. I'm
interested in exploring alternative solutions to the problem that
"respect the user" (including you and me). Not exploring solutions, or
denying there is a problem, would be totally disrespectful to the user.
> Asking the user on
> each cookie and expecting them to read 50 comments on 50 cookies to
> access cnn.com <http://cnn.com> is not respecting the user.
I agree.... It might be that cookies are already broken by design and we
just have to live with that (they were certainly not built with privacy
in mind). However, new technologies, such as the DAP APIs, can learn
from the mistake that is cookies.
> Re:
> attaching policy with "advanced APIs" I am skeptical about the ability
> to build a good UI for this in the browser,
Apologies, and with no disrespect, I was not aware that you were are a
user experience or GUI designer. Even if you are an expert GUI designer,
this does not mean that an alternative is not available despite your
skepticism to come up with a better solution. Thought I do respect your
experience and knowledge of browsers, and your skepticism, it might just
be that you yourself cannot come up with a solution; but that should not
discourage this forum from exploring solutions.
> and i am doubly skeptical
> that the browser is the right place to put this in given that I think
> the controls users want will ultimately depend on data specific to the
> site, as well as settings/options specific to the site.
I agree that this might be site/context/data specific: that is a
challenge to investigate further. Regardless, the web browser, as an
agent for the user, already respects the expressed desires of web sites
about how long content can be kept before it expires, if content can be
cached, etc. through HTTP headers and mechanisms like HTML5's manifest.
Is it really that unrealistic that websites should respect the desires
of users in the form of some rule-set or reverse cookie? Interactions
between browser and server already happen mostly transparently. There is
no reason why that transparency cannot happen from the client
communicating with the server.
> I am also
> skeptical the user will understand what happens when no site out there
> actually takes any action based on their "preference".
There are two approaches to this: one is technological and another is
legal. Technologically, can a server assume that a client will respect
HTTP headers and not behave maliciously? As a server cannot assume that,
a client must also make similar assumptions. Even though both parties
cannot trust each other, the whole internet continues to function and
commerce continues to take place.
Legally, penalties can be put in place that serve as deterrents to those
that do not respect user preferences/privacy. Of course, a delicate
balance needs to be reached to not scare adopters of the technology:
it's why we have people that are working with regulatory authorities,
such as the EU, on this list. There are always going to be bad people
who don't play nice, so regulatory authorities certainly have a role to
play here in protecting the individual while being liniment with
companies who make honest mistakes that have privacy implications
(*cough* street-view cars collecting WIFI data *cough*).
> If someone wants
> to prove me wrong, again I think this can be done today. Get the CDT to
> get users to come to their website and specify their preferences, and
> provide some script that third party sites can use to query the value of
> the user's preference. Try it out before trying to push it into browsers.
I'm all for that. And I'm certainly not for "pushing it into browsers" -
it's why we are having these discussions outside the DAP list. I'm
trying to have a discussion about it. Creating a proof of concept is an
even better idea.
> I personally believe that for site owners to access "advanced Web
> APIs" should incur a level of commitment to privacy: both at the
> technological level and at the legal level. That is to say, if I, as
> a site operator, use a particular API that accesses a user's private
> data, then I should respect what the user dictates are the
> restrictions on that data (spatial, temporal, etc). For an API to
> not afford the end-user with any means at all to dictate their
> usage-rights over that data unfairly dis-empowers users - dare I say
> in the manner the Supreme court did in the quote I gave above. I
> also support the notion that individual bits of data may not make
> up the tangible object to which the protections can be applied to
> (e.g., a geotagged photo, where the geolocation is stamped after the
> photo is taken, and the people in the photo are tagged from my
> address book).
>
> Lastly, I want to take issue with users not understanding stuff. I
> class myself as a user :) I don't see myself as some special person
> above any other person. If I am capable of understanding this stuff,
> I don't see why anyone else would not be... and if another user is
> not getting it, you are probably just not explaining it right.
>
>
> Sorry Marcos, but anyone who works for a browser vendor in my opinion
> doesn't get to say "well, I understand it so I expect others will too" :)
You've twisted my words here. I certainly was not saying that I "expect
others will too" - I was saying that we can't give up trying to explain
things. Also, you can't disqualify people just because they work for a
browser company (do you disqualify the tens of thousand of people that
work at Google as users just because they work at Google? of course you
don't.).
Furthermore, I don't have anything to do with the actual code that goes
into Opera (I have never even seen any of the source code of Opera). I
am a mere user of the browser. I don't see how working at some place
automatically disqualifies someone from having a say.
Kind regards,
Marcos
--
Marcos Caceres
Opera Software
Received on Thursday, 22 July 2010 08:49:02 UTC