- From: Roy Fielding via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 14 Aug 2012 00:07:20 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv1796
Modified Files:
tracking-compliance.html tracking-dnt.html
Log Message:
(editorial) update both specs to ReSpec v3
Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.147
retrieving revision 1.148
diff -u -d -r1.147 -r1.148
--- tracking-dnt.html 9 Aug 2012 23:15:37 -0000 1.147
+++ tracking-dnt.html 14 Aug 2012 00:07:17 -0000 1.148
@@ -1,39 +1,35 @@
<!DOCTYPE html>
<html>
- <head>
- <title>Tracking Preference Expression (DNT)</title>
- <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
- <script src='http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js' class='remove'></script>
- <script class='remove'>
- var respecConfig = {
- specStatus: "ED",
- shortName: "tracking-dnt",
- // subtitle : "an excellent document",
- // publishDate: "2012-03-13",
- copyrightStart: "2011",
- previousPublishDate: "2012-03-13",
- previousMaturity: "WD",
- edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html",
- // lcEnd: "2009-08-05",
- extraCSS: ["http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css"],
-
- // editors, add as many as you like
- // only "name" is required
- editors: [
- { name: "Roy T. Fielding", url: "http://roy.gbiv.com/",
- company: "Adobe", companyURL: "http://www.adobe.com/" },
- { name: "David Singer",
- company: "Apple", companyURL: "http://www.apple.com/" }
- ],
- wg: "Tracking Protection Working Group",
- wgURI: "http://www.w3.org/2011/tracking-protection/",
- wgPublicList: "public-tracking",
- wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
- };
- </script>
- <link rel="stylesheet" href="additional.css" type="text/css" media="screen" title="custom formatting for TPWG editors" charset="utf-8">
- </head>
- <body>
+<head>
+ <title>Tracking Preference Expression (DNT)</title>
+ <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
+ <script src='http://www.w3.org/Tools/respec/respec-w3c-common' class='remove' async></script>
+ <script class='remove'>
+ var respecConfig = {
+ specStatus: "ED",
+ shortName: "tracking-dnt",
+ copyrightStart: "2011",
+ // publishDate: "2012-03-13",
+ previousPublishDate: "2012-03-13",
+ previousMaturity: "WD",
+ edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html",
+ extraCSS: ["http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css"],
+ editors: [
+ { name: "Roy T. Fielding", url: "http://roy.gbiv.com/",
+ company: "Adobe", companyURL: "http://www.adobe.com/" },
+ { name: "David Singer",
+ company: "Apple", companyURL: "http://www.apple.com/" }
+ ],
+ wg: "Tracking Protection Working Group",
+ wgURI: "http://www.w3.org/2011/tracking-protection/",
+ wgPublicList: "public-tracking",
+ wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
+ issueBase: "http://www.w3.org/2011/tracking-protection/track/issues/",
+ };
+ </script>
+ <link rel="stylesheet" href="additional.css" type="text/css" media="screen" title="custom formatting for TPWG editors" charset="utf-8">
+</head>
+<body>
<section id='abstract'>
<p>
This specification defines the technical mechanisms for expressing a
@@ -147,7 +143,7 @@
third-party participants when an indication of tracking preference
is received.
</p>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/136">ISSUE-136</a>: Resolve dependencies of the TPE on the compliance specification.<br />
+ <p class="issue" data-number="136" title="Resolve dependencies of the TPE on the compliance specification">
The WG has not come to consensus regarding the definition of tracking
and the scope of DNT. As such, a site cannot actually say with any
confidence whether or not it is tracking, let alone describe the finer
@@ -447,11 +443,11 @@
<code>Navigator</code>.
</div>
</section>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/84">ISSUE-84</a>: Make DNT status available to JavaScript<br />
+ <p class="issue" data-number="84" title="Make DNT status available to JavaScript">
<strong>[PENDING REVIEW]</strong>
Updated text in this section.
</p>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/116">ISSUE-116</a>: How can we build a JS DOM property which doesn't allow inline JS to receive mixed signals?</p>
+ <p class="issue" data-number="116" title="How can we build a JS DOM property which doesn't allow inline JS to receive mixed signals?"></p>
</section>
<section id='plug-ins'>
@@ -533,11 +529,11 @@
the current request.
</p>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/120">ISSUE-120</a>: Should the response header be mandatory (MUST) or recommended (SHOULD)</br>
+ <p class="issue" data-number="120" title="Should the response header be mandatory (MUST) or recommended (SHOULD)">
<b>[PENDING REVIEW]</b> The site-wide resource is mandatory; the
header field is optional, except for the single MUST case above.
</p>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/124">ISSUE-124</a>: Alternative DNT implementations that replace HTTP headers with something else<br />
+ <p class="issue" data-number="124" title="Alternative DNT implementations that replace HTTP headers with something else">
<b>[PENDING REVIEW]</b> The tracking status resource minimizes
bandwidth usage because only a small proportion of user agents
are expected to perform active verification, status would only be
@@ -657,7 +653,7 @@
/ %x58 ; "X" - dynamic
</pre>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/137">ISSUE-137</a>: Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)<br />
+ <p class="issue" data-number="137" title="Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)">
<b>[PENDING REVIEW]</b> No, in practice there may be dozens of
service providers on any given request. If the designated resource
is operated by a service provider acting as a first party, then the
@@ -705,7 +701,7 @@
</p>
<pre class="example">Tk: 3</pre>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/107">ISSUE-107</a>: Exact format of the response header?<br />
+ <p class="issue" data-number="107" title="Exact format of the response header?">
<b>[PENDING REVIEW]</b> See the proposal in this section.
</p>
</section>
@@ -1018,12 +1014,12 @@
"control": "/your/data",
}
</pre>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/47">ISSUE-47</a>: Should the response from the server indicate a policy that describes the DNT practices of the server?<br />
+ <p class="issue" data-number="47" title="Should the response from the server indicate a policy that describes the DNT practices of the server?">
<b>[PENDING REVIEW]</b> The tracking status resource is a
machine-readable policy and provides a mechanism for supplying a
link to a human-readable policy.
</p>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/61">ISSUE-61</a>: A site could publish a list of the other domains that are associated with them<br />
+ <p class="issue" data-number="61" title="A site could publish a list of the other domains that are associated with them">
<b>[PENDING REVIEW]</b> The same-party and partners members provide
a means to list first-party and third-party domains, respectively.
</p>
@@ -1124,7 +1120,7 @@
the header fields and/or message body if user login is one of the
ways through which access is granted.
</p>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/128">ISSUE-128</a>: HTTP error status code to signal that tracking is required?<br />
+ <p class="issue" data-number="128" title="HTTP error status code to signal that tracking is required?">
<b>[PENDING REVIEW]</b> As defined by this section.
</p>
</section>
@@ -1216,7 +1212,7 @@
implementers.
</p>
- <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/144">ISSUE-144</a>: What constraints on user agents should be imposed for user/granted exceptions. <br/>
+ <p class="issue" data-number="144" title="What constraints on user agents should be imposed for user/granted exceptions">
<b>[OPEN]</b> but mostly addressed in the proposal here.
</p>
</section>
@@ -1307,7 +1303,7 @@
<code>widgets.exsocial.org</code> are both
<strong>targets</strong>.
</p>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/112">ISSUE-112</a>: How are sub-domains handled for site-specific exceptions?<br />
+ <p class="issue" data-number="112" title="How are sub-domains handled for site-specific exceptions?">
<b>[PENDING REVIEW]</b> Should a request for a tracking exception
apply to all subdomains of the first party making the request? Or
should a first party explicitly list the subdomains that it's
@@ -1371,15 +1367,15 @@
with this user preference (see below).
</li>
</ol>
- <p class="issue">
- <a href="https://www.w3.org/2011/tracking-protection/track/issues/158">Issue-158</a>: What is the effect of re-directs, when the source of the re-direct
+ <p class="issue" data-number="158" title="What is the effect of re-directs for content on the operation of exceptions?">
+ What is the effect of re-directs, when the source of the re-direct
would get a different DNT header than the target, using these
matching rules?<br />
<b>Proposal</b>: The re-direct is not relevant; each site gets the
DNT header controlled by the list of grants.
</p>
- <p class="issue">
- <a href="https://www.w3.org/2011/tracking-protection/track/issues/159">Issue-159</a>: This model does not support mashed-up content which is in turn
+ <p class="issue" data-number="159" title="How do we allow sites that mash-in add-supported content to maintain their own trusted third parties?">
+ This model does not support mashed-up content which is in turn
supported by ads; it's not clear how to distinguish between
embedded content which is embedding ads (and hence the top-level
domain stays the same) and embedded content that should start a
@@ -1425,7 +1421,7 @@
</p>
</div>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/111">ISSUE-111</a>: Different DNT values to signify existence of user-granted exception<br />
+ <p class="issue" data-number="111" title="Different DNT values to signify existence of user-granted exception">
<b>[POSTPONED]</b> Should the user agent send a different DNT
value to a first party site if there exist user-granted exceptions
for that first party? (e.g. DNT:2 implies "I have Do Not Track
@@ -1635,7 +1631,7 @@
<section id="exceptions-enquiry" >
<h2>Querying a host's exception status</h2>
- <p class="issue"><a href="https://www.w3.org/2011/tracking-protection/track/issues/160">ISSUE-160</a>: Do we need an exception-query API?<br />
+ <p class="issue" data-number="160" title="Do we need an exception-query API?">
It might be useful, and 'complete the model', if we had a JS API that told a host what its current exception status is in a given context.<br />
<b>Proposal</b>: Specifically, an API QueryExceptionStatus() which examines the <b>document origin</b> of the script, the current <b>top-level domain</b> and returns an empty string if no DNT header would be sent to that document origin, or the exact DNT header (DNT:1 or DNT:0) that would be sent otherwise.
</p>
@@ -1702,7 +1698,7 @@
trust without visiting that site.
</p>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/140">ISSUE-140</a>: Do we need site-specific exceptions, i.e., concrete list of permitted third parties for a site?<br />
+ <p class="issue" data-number="140" title="Do we need site-specific exceptions, i.e., concrete list of permitted third parties for a site?">
<b>[PENDING REVIEW]</b>: In this section; yes, as some sites may
have a mix of trusted/needed third parties, and others that either
don't need to track, or aren't as trusted, or both. But all sites
Index: tracking-compliance.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -d -r1.59 -r1.60
--- tracking-compliance.html 9 Aug 2012 01:07:40 -0000 1.59
+++ tracking-compliance.html 14 Aug 2012 00:07:17 -0000 1.60
@@ -1,44 +1,38 @@
<!DOCTYPE html>
<html>
-<head>
- <title>Tracking Compliance and Scope Specification</title>
- <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
- <script src="http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js"
-class="remove"></script>
+<head>
+ <title>Tracking Compliance and Scope Specification</title>
+ <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
+ <script src='http://www.w3.org/Tools/respec/respec-w3c-common' class='remove' async></script>
<script src="http://code.jquery.com/jquery-1.7.2.min.js" type="text/javascript" charset="utf-8"></script>
- <script class="remove">
- var respecConfig = {
- specStatus: "ED",
- shortName: "tracking-compliance",
- copyrightStart: "2011",
- previousPublishDate: "2012-05-23",
- previousMaturity: "ED",
- previousURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-20120523.html",
- edDraftURI:
- "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html",
- extraCSS:
- ["http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css"],
- editors: [
- { name: "Justin Brookman", url: "http://cdt.org/",
- company: "CDT", companyURL:
- "http://cdt.org/" },
- { name: "Sean Harvey", url: "http://google.com/",
- company: "Google", companyURL:
- "http://google.com/" },
- { name: "Erica Newland", url: "http://cdt.org/",
- company: "CDT", companyURL:
- "http://cdt.org/" },
- { name: "Heather West", url: "http://Google.com/",
- company: "Google", companyURL:
- "http://google.com/" },
- ],
- wg: "Tracking Protection Working Group",
- wgURI: "http://www.w3.org/2011/tracking-protection/",
- wgPublicList: "public-tracking",
- wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
- }
- </script>
- <link rel="stylesheet" href="additional.css" type="text/css"
+ <script class="remove">
+ var respecConfig = {
+ specStatus: "ED",
+ shortName: "tracking-compliance",
+ copyrightStart: "2011",
+ previousPublishDate: "2012-05-23",
+ previousMaturity: "ED",
+ previousURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-20120523.html",
+ edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html",
+ extraCSS: ["http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css"],
+ editors: [
+ { name: "Justin Brookman", url: "http://cdt.org/",
+ company: "CDT", companyURL: "http://cdt.org/" },
+ { name: "Sean Harvey", url: "http://google.com/",
+ company: "Google", companyURL: "http://google.com/" },
+ { name: "Erica Newland", url: "http://cdt.org/",
+ company: "CDT", companyURL: "http://cdt.org/" },
+ { name: "Heather West", url: "http://Google.com/",
+ company: "Google", companyURL: "http://google.com/" },
+ ],
+ wg: "Tracking Protection Working Group",
+ wgURI: "http://www.w3.org/2011/tracking-protection/",
+ wgPublicList: "public-tracking",
+ wgPatentURI: "http://www.w3.org/2004/01/pp-impl/49311/status",
+ issueBase: "http://www.w3.org/2011/tracking-protection/track/issues/",
+ }
+ </script>
+ <link rel="stylesheet" href="additional.css" type="text/css"
media="screen" title="custom formatting for TPWG editors" charset="utf-8">
<style type="text/css" media="screen">
#toggle-widget {
@@ -118,7 +112,7 @@
});
});
</script>
- </head>
+</head>
<body>
@@ -146,8 +140,12 @@
<section id="scope-and-goals">
<h2>Scope and Goals</h2>
- <p class="note">This section consists of proposed text that is meant to address <a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a> and is in active discussion. Currently, it satisfies no one. Like the introduction, we will revisit and finalize once the document is more complete.</p>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/6">ISSUE-6</a>: What are the underlying concerns? Why are we doing this?</p>
+ <p class="issue" data-number="6" title="What are the underlying concerns? Why are we doing this?">
+ This section consists of proposed text that is meant to address
+ ISSUE-6 and is in active discussion. Currently, it satisfies no one.
+ Like the introduction, we will revisit and finalize once the document
+ is more complete.
+ </p>
<p>While there are a variety of business models to monetize content on the web, many rely on advertising. Advertisements can be targeted to a particular user's interests based on information gathered about one's online activity. While the Internet industry believes many users appreciate such targeted advertising, as well as other personalized content, there is also an understanding that some people find the practice intrusive. If this opinion becomes widespread, it could undermine the trust necessary to conduct business on the Internet. This Compliance specification and a companion [[!!TRACKING-DNT]] specification are intended to give users a means to indicate their tracking preference and to spell out the obligations of compliant websites that receive the Do Not Track message. The goal is to provide the user with choice, while allowing practices necessary for a smoothly functioning Internet. This should be a win-win for business and consumers alike. The Internet brings millions of users and web sites togther in a vibrant and rich ecosystem. As the sophistication of the Internet has grown, so too has its complexity which leaves all but the most technically savvy unable to deeply understand how web sites collect and use data about their online interactions. While on the surface many web sites may appear to be served by a single entity, in fact, many web sites are an assembly of multiple parties coming together to power a user's online experience. As an additional privacy tool, this specification provides both the technical and compliance guidelines to enable the online ecosystem to further empower users with the ability to communicate a tracking preferences to a web site and its partners.</p>
<p>The accompanying <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-TRACKING-DNT">TRACKING-DNT</a> recommendation explains how a user, through a user agent, can clearly express a desire not to be tracked. This Tracking Compliance and Scope recommendation sets the standard for the obligations of a website that receives such a DNT message.</p>
<p>Taken together these two standards should have four substantial outcomes:</p><ol start="1"><li>Empower users to manage their preference around the collection and correlation of data about Internet activities that occur on different sites and spell out the obligations of sites in honoring those preferences when DNT is enabled.</li><li>Provide an exceedingly straightforward way for users to gain transparency and control over data usage and the personalization of content and advertising on the web.</li><li>Enable a vibrant Internet to continue to flourish economically by supporting innovative business models while protecting users' privacy.</li><li>Establish compliance metrics for operators of online services</li></ol><p>This solution is intended to be persistent, technology neutral, and reversible by the user. It aims to preserve a vibrant online ecosystem, privacy-preserving secondary data uses necessary to ecommerce, and adequate security measures. We seek a solution that is persistent, technology neural, and [something that speaks with the ability to opt back in], but that preserves a vibrant online ecosystem, privacy-preserving secondary data uses, and adequate security measures.</p>
@@ -579,7 +577,7 @@
embedded social sharing button. The average user would understand that by
clicking the button she is communicating with Example Social.</li></ol>
- <p class="issue"> <a href="http://www.w3.org/2011/tracking-protection/track/issues/26">ISSUE-26</a> : Providing data to 3rd-party widgets -- does that imply consent?</p>
+ <p class="issue" data-number="26" title="Providing data to 3rd-party widgets &emdash; does that imply consent?"></p>
</section>
</section>
@@ -618,7 +616,8 @@
<!--
<p class="note">Still contention around these definitions. Get all the options into the doc.</p>
-->
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/16">ISSUE-16</a> : What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)</p> <ol start="1"><li>A party "collects" data if the data comes within its control.</li><li>A party "retains" data if data remains within a party's control.</li><li>A party "uses" data if the party processes the data for any purpose other than storage.</li><li>A party "shares" data if the party enables another party to collect the data.</li></ol><p>The definitions of collection, retention, use, and sharing are drafted expansively so as to comprehensively cover a party's user-information practices. These definitions do not require a party's intent; a party may inadvertently collect, retain, use, or share data. The definition of collection includes information that a party did not cause to be transmitted, such as protocol headers.</p>
+ <p class="issue" data-number="16" title="What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)"></p>
+ <ol start="1"><li>A party "collects" data if the data comes within its control.</li><li>A party "retains" data if data remains within a party's control.</li><li>A party "uses" data if the party processes the data for any purpose other than storage.</li><li>A party "shares" data if the party enables another party to collect the data.</li></ol><p>The definitions of collection, retention, use, and sharing are drafted expansively so as to comprehensively cover a party's user-information practices. These definitions do not require a party's intent; a party may inadvertently collect, retain, use, or share data. The definition of collection includes information that a party did not cause to be transmitted, such as protocol headers."></p>
</section>
<section id="def-tracking">
@@ -627,7 +626,7 @@
<!--
<p class="note"> We are still working through how, or if, to define tracking. Some suggest the phrase "cross-site tracking" only. We will need to ensure both final recommendations use the same terms in the same way, but may not explicitly define tracking.</p>
-->
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/trac/k/issues/117">ISSUE-117</a>: Terms: tracking v. cross-site tracking</p>
+ <p class="issue" data-number="117" title="Terms: tracking v. cross-site tracking"></p>
<!--
<p>The WG has not come to consensus regarding the definition of tracking and whether the scope of DNT includes all forms of user-identifying data collection or just cross-site data collection/use. This issue will be resolved in the TCS document, though its resolution is a necessary prerequisite to understanding and correctly implementing the protocol defined by this document.</p>
-->
@@ -653,7 +652,7 @@
<section id="def-consent">
<h3>Explicit and Informed Consent</h3>
<p class="note">The spec currently envisions that users should consent to both the setting of a DNT preference as well as any user-granted exceptions. We have not reached agreement on how precisely we need to define this term.</p>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/69">ISSUE-69</a> : Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy)</p>
+ <p class="issue" data-number="69" title="Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy)"></p>
<!--
<p class="note">David Singer & Shane to work with Justin on alternative text on consent, check mailing list and Bellevue minutes for additional suggestions</p>
@@ -697,9 +696,9 @@
<ol start="1"><li>that operator must not collect, share, or use information related to that communication outside of the permitted uses as defined within this standard and any explicitly-granted exceptions, provided in accordance with the requirements of this standard;</li><li>that operator must not use information about previous communications in which the operator was a third party, outside of the explicitly expressed permitted uses as defined within this standard;</li><li>that operator may delete information about previous communications in which the operator was a third party, outside of the explicitly expressed permitted uses as defined within this standard.</li></ol>
<!-- All these issues are listed as closed, so commenting them out for now
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/71">ISSUE-71</a>: Does DNT also affect past collection or use of past collection of info?</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/19">ISSUE-19</a>: Data collection / Data use (3rd party)</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/88">ISSUE-88</a>: different rules for impression of and interaction with 3rd-party ads/content</p>
+<p class="issue" data-number="71" title="Does DNT also affect past collection or use of past collection of info?"></p>
+<p class="issue" data-number="19" title="Data collection / Data use (3rd party)"></p>
+<p class="issue" data-number="88" title="different rules for impression of and interaction with 3rd-party ads/content"></p>
-->
@@ -773,7 +772,8 @@
<p class="note">for financial logging/ auditing, look to 3rd parties as 3rd parties</p>
<p>Regardless of DNT signal, information may be collected, retained and used for financial fulfillment purposes such as billing and audit compliance. This includes counting and verifying:<ul><li>ad impressions to unique visitors</li><li>clicks by unique visitors</li><li>subsequent action or conversion by unique visitors</li><li>quality measures such as ad position on sites and the sites on which the ads were served</li></ul></p>
<p class="note">One potential compromise on the unique identifier issue for logging would be grandfather in existing contracts that require unique, cookie-based counting. New contracts would not be able to require that ad networks use cookies (or other unique identifiers) to uniquely count users who have DNT:1 enabled.</p>
-
<section class="informative" id="financial-logging-example"><h6>Examples</h6>
+
+<section class="informative" id="financial-logging-example"><h6>Examples</h6>
<p class="note">Add examples for display verification, click verification, CPA, quality measures</p></section>
</section>
@@ -852,13 +852,13 @@
<p>Outside of Security and Frequency Capping, data retained for Permitted Uses MUST NOT be used to alter a specific user's online experience based on multi-site activity.</p></section><br>
<!--
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/24">ISSUE-24</a> : Possible permitted use for fraud detection and defense</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/25">ISSUE-25</a> : Possible permitted use for research purposes</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/75">ISSUE-75</a> : How do companies claim permitted uses and is that technical or not?</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/31">ISSUE-31</a> : Minimization -- to what extent will minimization be required for use of a particular permitted use? (conditional permitted uses)</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/92">ISSUE-92</a> : If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking?</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/89">ISSUE-89</a> : Does DNT mean at a high level: (a) no customization, users are seen for the first time, every time. (b) DNT is about data moving between sites.</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/97">ISSUE-97</a>: Re-direction, shortened URLs, click analytics -- what kind of tracking is this?</p>
+<p class="issue" data-number="24" title="Possible permitted use for fraud detection and defense"></p>
+<p class="issue" data-number="25" title="Possible permitted use for research purposes"></p>
+<p class="issue" data-number="75" title="How do companies claim permitted uses and is that technical or not?"></p>
+<p class="issue" data-number="31" title="Minimization &emdash; to what extent will minimization be required for use of a particular permitted use? (conditional permitted uses)"></p>
+<p class="issue" data-number="92" title="If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking?"></p>
+<p class="issue" data-number="89" title="Does DNT mean at a high level: (a) no customization, users are seen for the first time, every time. (b) DNT is about data moving between sites."></p>
+<p class="issue" data-number="97" title="Re-direction, shortened URLs, click analytics &emdash; what kind of tracking is this?"></p>
-->
</section></section>
<section id="geolocation">
@@ -870,7 +870,7 @@
<!--
<p class="note">Make sure that elements of user agent aren’t in geolocation section; revisit invasive behavior example </p>
-->
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/39">ISSUE-39</a>: Tracking of geographic data (however it's determined, or used)</p>
+<p class="issue" data-number="39" title="Tracking of geographic data (however it's determined, or used)"></p>
<p>If the operator of a third-party domain receives a communication to which a DNT:1 header is attached:</p>
<ol start="1"><li>Geo-location information that is more granular than postal code is too granular. Geolocation data must not be used at any level more granular than postal code. Note that while the number of people living in a postal code varies from country to country, postal codes are extant world-wide.</li><li>If specific consent has been granted for the use of more granular location data, than that consent prevails.</li></ol>
<section class="informative" id="geo-discussion"><h3>Discussion</h3>It is acceptable to use data sent as part of this particular network
@@ -915,8 +915,8 @@
<p>The operator of a website may engage in practices otherwise described by this standard if the user has given explicit and informed consent. This consent may be obtained through the browser API defined in the companion [[!!TRACKING-DNT]] document, or an operator of a website may also obtain "out-of-band" consent to disregard a "Do Not Track" preference using a different technology. If an operator is relying on "out of band" consent to disregard a "Do Not Track" instruction, the operator must indicate this consent to the user agrent as described in the companion [[!!TRACKING-DNT]] document.</p>
<!--
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/83">ISSUE-83</a> : How do you opt out if already opted in? - pretty sure this belongs in the technical spec</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/67">ISSUE-67</a> : Should opt-back-in be stored on the client side? - pretty sure this belongs in the technical spec</p>
+<p class="issue" data-number="83" title="How do you opt out if already opted in? - pretty sure this belongs in the technical spec"></p>
+<p class="issue" data-number="67" title="Should opt-back-in be stored on the client side? - pretty sure this belongs in the technical spec"></p>
-->
@@ -934,7 +934,7 @@
<section id="logged-in">
<h3>Logged In Transactions</h3>
<p class="note">Add note that we may be able to handle this section entirely within the consent definition, rather than calling it out; potentially thought an example in the consent section. Concern about UI creep.</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/65">ISSUE-65</a> : How does logged in and logged out state work</p>
+<p class="issue" data-number="65" title="How does logged in and logged out state work"></p>
<!--
<p class="note">I believe we have consensus that the spec should be silent on the relevance of "logged-in" versus "logged-out" state. I am deleting the various options on this issue, but we can revisit if people object.</p>
@@ -955,7 +955,7 @@
<p class="note">We have consensus that it's fine to degrade the experience for DNT:1 transactions, but need to find the text.</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/93">ISSUE-93</a> : Should 1st parties be able to degrade a user experience or charge money for content based on DNT?</p>
+<p class="issue" data-number="93" title="Should 1st parties be able to degrade a user experience or charge money for content based on DNT?"></p>
</section>
<section id="compliance-statement">
@@ -966,7 +966,7 @@
<section id="3p-audit">
<h4>Third Party Auditing</h4>
<p class="note">Add reference to TPE, or potentially move to TPE; add reference to audit array from Action 219</p>
-<p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/21">ISSUE-21</a> : Enable external audit of DNT compliance</p>
+<p class="issue" data-number="21" title="Enable external audit of DNT compliance"></p>
<!--
<p class="note">We have reviewed one audit proposal that we declined to adopt as mandatory, but there is significant support to include a flexible option to enable auditing. We may include a smaller-scoped proposal in the future, or may drop auditing all together.</p>
-->
@@ -992,4 +992,4 @@
<div id="toggle-widget">
<a href="#" id="toggle-button">Hide non-normative sections</a>
</div>
-</html>
\ No newline at end of file
+</html>
Received on Tuesday, 14 August 2012 00:07:26 UTC