W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: ISSUE-5: What is the definition of tracking?

From: Justin Brookman <justin@cdt.org>
Date: Thu, 13 Oct 2011 17:48:25 -0400
Message-ID: <4E975CA9.8040701@cdt.org>
To: public-tracking@w3.org
The group is chartered as the Tracking Protection Working Group to 
produce specifications for a  preference mechanism called "Do Not Track" 
for "allowing or blocking tracking elements."  Several browsers already 
provide settings to limit "tracking."  We can certain spend several 
months discussing the true meaning of the word "track" (from the Old 
Norse /trašk /meaning "trodden place" or "to trample") but I reiterate 
that any term is going to be subject to potential misconceptions.  It's 
also important to point out that whatever we call it as a group is not 
necessarily going to be conveyed to the user:  Mozilla's current setting 
says "Tell websites I do not want to be tracked."  Microsoft's setting 
is "Tracking Protection."  I don't know what Safari calls it because 
because I don't have a Mac open right now.  Our goal is to define what 
we think the DNT header should signal, and as Mike points out, that 
cannot reasonably mean no collection or transfer of information to any 
party because that's not reasonable, or even possible.  So we're trying 
to find a reasonable implementation of an anti-tracking sentiment in a 
realm where it's actually impossible to determine consumer expectations 
because the consumer doesn't have an understanding of how the web works.

Roy started this debate with a statement that the group doesn't seem to 
have a common understanding of what we see as the "tracking" to be 
stopped by DNT, but I disagree with that --- the group pretty quickly 
settled on a framework that says DNT is meant to stop cross-party 
tracking (as yes, we still need to define what a "first party" is and 
what a "third party" is).  There may be narrow exceptions to that --- we 
shall see.  But that certainly matches all the public discussion about 
"Do Not Track" over the last year.

I am open to concrete suggestions about what else we would want to call 
the signal ("Respect My Privacy": REJECTED!) but given that that 
browser's in charge of the UX and has the responsibility to tell the end 
user what the setting will do, I question the utility.  If you want to 
rebrand the header as 
"Do-Not-Track-Across-Non-Commonly-Branded-Domains-Except-For-Narrowly-Excepted-Fraud-Prevention-And-Siloed-Service-Provider-Relationships," 
we can give it a shot, but it's not going to matter at the end of the day.

Justin Brookman
Director, Consumer Privacy Project
Center for Democracy&  Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
tel 202.407.8812
fax 202.637.0969
justin@cdt.org
http://www.cdt.org
@CenDemTech
@JustinBrookman


On 10/13/2011 4:59 PM, Brett Error wrote:
> HEY.  I labored for nearly 4 seconds thinking up the term "Respect my Privacy".  At this point it must be nearly perfect. :)
>
> I agree that some alternative term may be less precise, but some ambiguity is far better than just plain misleading.  At least if you're not sure what something means you may take the time to look it up and figure it out.  Saying "Do Not Track", is quite concise and is far less likely to stimulate subsequent investigation.  Most people will accept it at face value... Why would they not?  ...And then feel cheated when they find that they are indeed still being tracked.
>
> On top of that, what if minds less lexically challenged than mine were able to come up with a term that is more precise without being misleading?  Would that not be even better?
>
> Is it really not worth investigating?
>
> -----Original Message-----
> From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Justin Brookman
> Sent: Thursday, October 13, 2011 2:42 PM
> To: public-tracking@w3.org
> Subject: Re: ISSUE-5: What is the definition of tracking?
>
> I feel very strongly that we should retain the name "Do Not Track," both in the documents and in our public statements about the work of the group.  Certainly, "Respect My Privacy" is apt to considerably more misinterpretation by users as to what such a setting would or should accomplish.  I am I suppose vaguely sympathetic to the concerns that some (though not all) users will expect "Do Not Track" to do more or less than it does, but that will be the case no matter what we call this effort --- the average user does not know enough about the architecture of the internet to understand every implication of entering a url into a browser.  Does a user understand that an ISP will still be monitoring internet traffic for malicious communications no matter what we call this?  Should that really doom the effort?  Browsers today already offer "private browsing" or "incognito" mode---as long as the UX for those pages is very clear about the limitations of what those settings do, I think they should be viewed as positive, privacy-protecting features, and the same should apply for DNT.  It seems we made some good progress this last week in deciding that by and large the setting should be interpreted to apply primarily to third parties, and our views have been guided by our views of reasonable expectations, as they should continue to be.
>
> Aleecia channeling Jules brings up some relatively narrow issues around geotargeting and appending that we should eventually discuss in both the first and third party context, but I don't think potential exceptions should alter our views of first-party passive clickstream collection as out of scope.  Signing off now that I have just read that Jonathan just posted pretty much the same thing as I wrote . . .
>
> Justin Brookman
> Director, Consumer Privacy Project
> Center for Democracy&   Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969
> justin@cdt.org
> http://www.cdt.org
> @CenDemTech
> @JustinBrookman
>
>
> On 10/13/2011 4:08 PM, Brett Error wrote:
>> That is fine.  But doing so doesn't address the concern that the public-facing name of this initiative/standard/feature sets the expectation that if a consumer turns in on, she won't be tracked.
>>
>> It may seem like a small issue, but I'm concerned that it limits the effectiveness of standard.
>>
>> -- Press headlines: "Even with Do Not Track turned on, websites are still tracking you!"
>>
>> -- Enough exceptions that make it seem like this is yet another click-wrap agreement to be ignored.
>>
>> -- User confusion and violated expectations-- arguably worse that the situation we are currently in where most consumers don't really know WHAT to expect from a tracking perspective.
>>
>> We have two ways to avoid this:
>> 1) Stop calling it Do Not Track, and call it "Respect my Privacy" or the like.
>> 2) Continue with Do Not Track, but make sure it clear it is merely a preference expressed by a user and that there are legitimate reasons it may not be respected.
>>
>> The first option is vastly superior, but I also understand the point of view that we've got some brand equity invested in the name "do not track".
>>
>> If we choose to continue on the current path pretending that the peeps
>> could ever come to think of track as meaning something only involving
>> multiple websites, so be it.  I'll just sit here (somewhat) quietly
>> hating you all and I'll try to use my polite inside voice when I dance
>> around saying "I told you so" in a few months. ;)
>>
>>
>>
>>
>> -----Original Message-----
>> From: JC Cannon [mailto:jccannon@microsoft.com]
>> Sent: Thursday, October 13, 2011 11:57 AM
>> To: Brett Error; public-tracking@w3.org
>> Subject: RE: ISSUE-5: What is the definition of tracking?
>>
>> Will limiting the discussion to "as it applies to DNT" help since it won't apply to first-party sites?
>>
>> JC
>>
>> -----Original Message-----
>> From: public-tracking-request@w3.org
>> [mailto:public-tracking-request@w3.org] On Behalf Of Brett Error
>> Sent: Thursday, October 13, 2011 9:07 AM
>> To: public-tracking@w3.org
>> Subject: RE: ISSUE-5: What is the definition of tracking?
>>
>> I disagree. I have yet to find a consumer that would consider a first party tracking them on a single site to not be "tracking".
>>
>> -----Original Message-----
>> From: public-tracking-request@w3.org
>> [mailto:public-tracking-request@w3.org] On Behalf Of Aleecia M.
>> McDonald
>> Sent: Thursday, October 13, 2011 12:37 AM
>> To: public-tracking@w3.org
>> Subject: Re: ISSUE-5: What is the definition of tracking?
>>
>>
>> On Oct 12, 2011, at 5:17 PM, Bjoern Hoehrmann wrote:
>>
>>> The Working Group cannot define "tracking" without additional
>>> modifiers in a manner that is inconsistent with typical english usage.
>>> "This user arrived on this page and then moved on to that page" is a
>>> statement that cannot be made if the user's movements around the site are not tracked.
>> While I will join in mourning the geekification of English, I think the idea that "tracking" (and, more usefully as Roy offers, DNT) does not match a dictionary definition seems not to pose a problem. Between words like cookies, spam, the web, and private browsing not actually being private, I think computer jargon is well established.
>>
>> I am trying to hear from folks who thinking tracking is something other than data flowing between two sites. On calls and in Boston I had the impression there are such views in the group. But if all is silence, perhaps I was mistaken, or perhaps they have been persuaded otherwise.
>>
>> 	Aleecia
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
Received on Thursday, 13 October 2011 21:48:57 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:41 UTC