Re: [ISSUE-5] What is the definition of tracking?

I agree with Kevin, BJoern and others on this. I think it's ineffective, 
or even dangerous, to be developing a Do Not Track standard without 
identifying the relevant concerns, types of data, data uses, etc. The 
group has agreed that under DNT 1st parties can do anything except share 
data with 3rd parties. We have no consensus on what /anything/ is. (Are 
there any limits?) There is apparently consensus that 3rd parties can do 
/nothing/ except a TBD list of /something/. There's a lot of ground 
between /anything/ and /nothing/. I would hope that we'll find our 
definition of tracking in the discussion of the /something/, but in 
reality what we're probably going to get is an ad hoc list of business 
models, without any sort of principled approach that actually addresses 
specific privacy concerns that arise from specific uses of specific data.

On 12/11/11 1:15 AM, Jonathan Mayer wrote:
> The working group has now swirled about the "How do we define 
> tracking?" and "How do we define Do Not Track?" drains several times. 
>   (See for a 
> sample.)
> This approach is not productive.  The positions around the table 
> reflect a delicate balance of consumer expectations, business 
> interests, technology limitations, policy understandings, political 
> constraints, and many more considerations.  I believe there is room 
> for compromise and consensus on every issue that has been raised.  But 
> beginning at a high level conflates issues, blurring points of 
> agreement and pointing up disagreements.  A high-level discussion also 
> forces us to address differences in positions that need not be 
> reconciled to produce a standards document.
> I would propose that we mark ISSUE-5 as POSTPONED since achieving 
> consensus on it is not necessary to the working group's tasks.
> I do not mean to suggest that high-level conversations should not 
> continue.  There is tremendous value in working to understand the 
> positions in the group.  A better awareness of where others are coming 
> from has clarified and changed my thinking on many occasions, and I 
> would encourage reaching out to participants you might not otherwise 
> engage with.  (You might even make some new friends along the way, as 
> I have.)  These important conversations should go on – but as 
> informative background discussions, not as a stumbling block for the 
> group.
> Jonathan
> On Dec 10, 2011, at 6:55 PM, <> wrote:
>> I have to disagree with Bjoern. The goals are expressed clearly in the
>> charter document, starting with the mission and scope.
>> Getting towards a working definitions is within the scope and a logical
>> approach since we started of with perspectives that lay apart opposite
>> parts of the spectrum. With exploring use cases and exeptions we have 
>> come
>> more to an possibly agreed working definitions than one might have held
>> for possible. That is, in the Princeton Face-2-Face the room was clearly
>> split.
>> The directions Kevin is raising are timely and interesting.
>> Personally I like the DNT-X definition for it focusses on the application
>> of the data. To emphasise the data use, I would like to sharpen it a bit:
>> Do Not Track Across Sites (DNT-X) = Do not share data about this user, or
>> track or target this user across sites – again with possible exceptions.
>> Best,
>> Rob
>> (speaking for himself)
>> Bjoern Hoehrmann wrote:
>>> * Kevin Smith wrote:
>>>> I would like to revisit a previously and hotly debated subject.  It has
>>>> been brought up and shelved many times, but I believe it is still the
>>>> core stumbling block to our efforts to progress.
>>> The problem is that the Working Group has so far failed to formulate its
>>> goals. You can look at competing definitions for dnt-relevant tracking,
>>> but you can't say one or the other is more suited to address the problem
>>> the Working Group seeks to address as the problem remains unclear. Your
>>> mail looks at what the goals are, but you do this by talking about the
>>> definition of tracking. I think it's problematic to decide on the goals
>>> by proxy through the definition of dnt-relevant tracking.
>>>> Do Not Cross Track (DNXT henceforth) = Do not share or track data 
>>>> across
>>>> unaffiliated non-commonly branded sites - again with possible
>>>> exceptions.  In this case, exceptions would be much simpler as this
>>>> would apply equally to both 1st and 3rd parties as neither are allowed
>>>> to cross track - all exceptions would be true exceptions to when cross
>>>> tracking is permissible)
>>> Some months ago I suggested on the www-tag mailing list that it might be
>>> easier to start the discussion with a Las Vegas definition: what you do
>>> in one place stays there and will never be associated with what you do
>>> in another place. That is something where I could evaluate a scenario in
>>> some vaguely intuitive manner as it lacks the various technicalities in
>>> your definition, but it's also rather far removed from people's worries.
>>>> The confusion I see in almost every thread is that we *all* say DNT 
>>>> when
>>>> *most* of us mean DNXT.  In fact, we actually start with DNT but then
>>>> via an extensive use of increasingly complicated exceptions we change
>>>> the definition of DNT to mean DNXT and not refer to DNT at all.  This
>>>> adds a great deal of complexity to all of our decisions.  It's no 
>>>> wonder
>>>> that new participants and media alike are so confused by much of the
>>>> existing conversations.  I believe this discrepancy complicates nearly
>>>> every issue and is the source of many of the cyclical arguments that
>>>> seem to constantly bog us down.
>>> If the Working Group actually formulated its goals, it would likely turn
>>> out that there are various conflicts, and perhaps tradeoffs need to be
>>> made, say having some exception might make dnt-compliance less meaning-
>>> ful, but might make it easier to adopt it, so on the whole it might be a
>>> win with respect to the group's goals, but the goals being unclear, such
>>> arguments are largely absent so far.
>>>> The possible privacy concern occurs if that weather widget which is
>>>> embedded in many different sites connects the data it records to a
>>>> non-siloed visitor id and uses the data collected across those sites to
>>>> create a profile tracking individual's surfing patterns, user 
>>>> interests,
>>>> etc.  Hence, the concern is not whether they are a 1st or 3rd party or
>>>> even whether they are tracking, but rather whether they are using data
>>>> outside of the context in which it was collected and connecting data
>>>> from multiple contexts to a single user.
>>> Privacy concerns start long before somebody does something.
>>> --
>>> Björn Höhrmann · ·
>>> Am Badedeich 7 · Telefon: +49(0)160/4415681 ·
>>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 ·

Received on Monday, 12 December 2011 15:41:42 UTC