W3C home > Mailing lists > Public > public-tracking@w3.org > December 2011

Re: [ISSUE-5] What is the definition of tracking?

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Sat, 10 Dec 2011 22:15:02 -0800
Cc: "Bjoern Hoehrmann" <derhoermi@gmx.net>, "Kevin Smith" <kevsmith@adobe.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-Id: <8D1A93C6-B144-41DF-B853-840091E25C79@stanford.edu>
To: rob@blaeu.com
The working group has now swirled about the "How do we define tracking?" and "How do we define Do Not Track?" drains several times.   (See http://www.w3.org/2011/tracking-protection/track/issues/5 for a sample.)

This approach is not productive.  The positions around the table reflect a delicate balance of consumer expectations, business interests, technology limitations, policy understandings, political constraints, and many more considerations.  I believe there is room for compromise and consensus on every issue that has been raised.  But beginning at a high level conflates issues, blurring points of agreement and pointing up disagreements.  A high-level discussion also forces us to address differences in positions that need not be reconciled to produce a standards document.

I would propose that we mark ISSUE-5 as POSTPONED since achieving consensus on it is not necessary to the working group's tasks.

I do not mean to suggest that high-level conversations should not continue.  There is tremendous value in working to understand the positions in the group.  A better awareness of where others are coming from has clarified and changed my thinking on many occasions, and I would encourage reaching out to participants you might not otherwise engage with.  (You might even make some new friends along the way, as I have.)  These important conversations should go on – but as informative background discussions, not as a stumbling block for the group.


On Dec 10, 2011, at 6:55 PM, rob@blaeu.com wrote:

> I have to disagree with Bjoern. The goals are expressed clearly in the
> charter document, starting with the mission and scope.
> Getting towards a working definitions is within the scope and a logical
> approach since we started of with perspectives that lay apart opposite
> parts of the spectrum. With exploring use cases and exeptions we have come
> more to an possibly agreed working definitions than one might have held
> for possible. That is, in the Princeton Face-2-Face the room was clearly
> split.
> The directions Kevin is raising are timely and interesting.
> Personally I like the DNT-X definition for it focusses on the application
> of the data. To emphasise the data use, I would like to sharpen it a bit:
> Do Not Track Across Sites (DNT-X) = Do not share data about this user, or
> track or target this user across sites – again with possible exceptions.
> Best,
> Rob
> (speaking for himself)
> Bjoern Hoehrmann wrote:
>> * Kevin Smith wrote:
>>> I would like to revisit a previously and hotly debated subject.  It has
>>> been brought up and shelved many times, but I believe it is still the
>>> core stumbling block to our efforts to progress.
>> The problem is that the Working Group has so far failed to formulate its
>> goals. You can look at competing definitions for dnt-relevant tracking,
>> but you can't say one or the other is more suited to address the problem
>> the Working Group seeks to address as the problem remains unclear. Your
>> mail looks at what the goals are, but you do this by talking about the
>> definition of tracking. I think it's problematic to decide on the goals
>> by proxy through the definition of dnt-relevant tracking.
>>> Do Not Cross Track (DNXT henceforth) = Do not share or track data across
>>> unaffiliated non-commonly branded sites - again with possible
>>> exceptions.  In this case, exceptions would be much simpler as this
>>> would apply equally to both 1st and 3rd parties as neither are allowed
>>> to cross track - all exceptions would be true exceptions to when cross
>>> tracking is permissible)
>> Some months ago I suggested on the www-tag mailing list that it might be
>> easier to start the discussion with a Las Vegas definition: what you do
>> in one place stays there and will never be associated with what you do
>> in another place. That is something where I could evaluate a scenario in
>> some vaguely intuitive manner as it lacks the various technicalities in
>> your definition, but it's also rather far removed from people's worries.
>>> The confusion I see in almost every thread is that we *all* say DNT when
>>> *most* of us mean DNXT.  In fact, we actually start with DNT but then
>>> via an extensive use of increasingly complicated exceptions we change
>>> the definition of DNT to mean DNXT and not refer to DNT at all.  This
>>> adds a great deal of complexity to all of our decisions.  It's no wonder
>>> that new participants and media alike are so confused by much of the
>>> existing conversations.  I believe this discrepancy complicates nearly
>>> every issue and is the source of many of the cyclical arguments that
>>> seem to constantly bog us down.
>> If the Working Group actually formulated its goals, it would likely turn
>> out that there are various conflicts, and perhaps tradeoffs need to be
>> made, say having some exception might make dnt-compliance less meaning-
>> ful, but might make it easier to adopt it, so on the whole it might be a
>> win with respect to the group's goals, but the goals being unclear, such
>> arguments are largely absent so far.
>>> The possible privacy concern occurs if that weather widget which is
>>> embedded in many different sites connects the data it records to a
>>> non-siloed visitor id and uses the data collected across those sites to
>>> create a profile tracking individual's surfing patterns, user interests,
>>> etc.  Hence, the concern is not whether they are a 1st or 3rd party or
>>> even whether they are tracking, but rather whether they are using data
>>> outside of the context in which it was collected and connecting data
>>> from multiple contexts to a single user.
>> Privacy concerns start long before somebody does something.
>> --
>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

Received on Sunday, 11 December 2011 06:15:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:28 UTC