RE: Tracking Protection Working Group draft charter from Malcolm Crompton on 2011-07-17 (public-privacy@w3.org from July to September 2011)

From: Malcolm Crompton <mcrompton@iispartners.com>
Date: Mon, 18 Jul 2011 06:47:38 +1000
To: "'Alissa Cooper'" <acooper@cdt.org>, "'Nick Doty'" <npdoty@w3.org>
Cc: "'public-privacy $W3C mailing list$'" <public-privacy@w3.org>
Message-ID: <014d01cc44c2$c42a4330$4c7ec990$@com>
I don’t often add to these discussions, so my apologies for entering now.

The main problems with all the current mess of 'do not track' mechanisms
being offered include:

1. lack of resilience - they are incredibly fragile, only taking a deletion
of cookies or change of device or all sorts of other minor changes in habits
and it is start all over again.

2. other forms of very poor usability.

3. compliance, let alone enforcement.

W3C can act directly on the first two of these but only indirectly on the
last.

When thinking about resilience, thinking needs to be reversed from
'company/organisation listening' which results in the myriad of second rate
responses and instead be constructed as a process 'individual speaking'.  

Resilience has to include:

1. persistence through time.

2. persistence between devices.

3. persistence through organisational change, be it government department
change or company take over etc.

4. persistence across organisations.

There is also a language problem.  Most of the debate relates to 'Do Not
Target' technologies, with tracking still persisting.  If that is all that
can be done, the language needs to change from 'Do Not Track' to 'Do Not
Target' or some other easy to say /  read phrase that is accurate.

Of course, if this exercise is indeed really about Do Not Track rather than
Do Not Target, I will be the first to celebrate!

I hope this helps.

Regards

Malcolm Crompton

Managing Director
Information Integrity Solutions Pty Ltd
ABN 78 107 611 898

T:  +61 407 014 450

MCrompton@iispartners.com  
www.iispartners.com 




-----Original Message-----
From: public-privacy-request@w3.org [mailto:public-privacy-request@w3.org]
On Behalf Of Alissa Cooper
Sent: Monday, 18 July 2011 3:10 AM
To: Nick Doty
Cc: public-privacy (W3C mailing list)
Subject: Re: Tracking Protection Working Group draft charter

Hi Nick,

I took a look at this and I have a few comments/questions.

Section 1:

"The Working Group will produce Recommendation-track specifications for a
simple machine-readable preference expression mechanism ("Do Not Track") and
technologies for selectively allowing or blocking tracking elements.

Proposed candidate technologies for this preference that the Working Group
will consider include, but are not limited to, the use of an HTTP header to
signal the preference and a site's response, and the use of a ECMAScript API
or DOM property for the same purpose."

Are there no proposed candidate technologies for "selectively allowing or
blocking tracking elements"? I find the transition from the first paragraph
to the second a bit confusing; the first paragraph seems to talk about two
specs (preference mechanisms and selecting blocking mechanism), but the
second paragraph only addresses one of those.

Section 1.2:

Might be good to explain the relationship between the output of this group
and the P3P specs.

Section 2:

"Tracking Preference Expression Definitions and Compliance, Recommendation.
This specification defines the meaning of a Do Not Track preference and sets
out practices for Web sites to comply with this preference."

Will the definitions/compliance item be normative? That is, will the
practices it "sets out" be mandatory to implement (for some population of
web endpoints)?

Cheers,
Alissa

On Jul 12, 2011, at 11:58 PM, Nick Doty wrote:

> Following up on the Princeton workshop [1] and widespread interest from
both industry and regulators [2] in standardizing Do Not Track technologies,
we're proposing a Tracking Protection Working Group, with a draft charter
now available.
> 
> http://www.w3.org/2011/tracking-protection/charter-draft
> 
> Feedback from the public (and this list in particular) would be most
helpful.
> 
> Next steps will be to send the charter to the W3C Advisory Committee for
review. After that step and approval from the Director, we expect the group
to form and work to begin by the end of August.
> 
> Discussion is welcome on this list; if you wish to send comments offline,
please contact me <npdoty@w3.org> and Thomas Roessler <tlr@w3.org>.
> 
> Thanks,
> Nick
> 
> [1] http://www.w3.org/2011/track-privacy/report.html
> [2] http://www.w3.org/QA/2011/06/do_not_track_the_regulators_ch.html
Received on Sunday, 17 July 2011 21:32:40 UTC