- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Thu, 13 Oct 2011 14:56:47 -0700
- To: Mike Zaneis <mike@iab.net>
- Cc: Brett Error <brett@adobe.com>, "Roy T. Fielding" <fielding@gbiv.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
- Message-Id: <D0E3D4C5-65F4-4056-BDB2-4419FADC462E@stanford.edu>
In the interest of not sidetracking the issue discussion, I'm going to only briefly respond and then drop this. On Oct 13, 2011, at 1:44 PM, Mike Zaneis wrote: > “The world knows this proposal by”; Do Not Track is now a staple term in the technology, policy, and media communities working on online privacy. I don't think that's a controversial claim. > “our standard will be guided largely by user expectations”; I believe there was broad agreement on this point in Cambridge. If IAB thinks we should be violating consumer privacy expectations, do tell. > “follow-on (consumer) education”. This is my view, and I believe I noted it as such. It appears Justin shares the sentiment. User expectations vary; nothing we do is going to conform to every user's thinking. So, no matter what, we (people around the table, not necessarily W3C) should be doing some follow-on consumer education. As for what the consumer education looks like - text in the browser, an explanatory web page, or something else entirely - we need not decide now. > Can you provide support for these statements? I don’t believe the world knows anything about this process. I certainly disagree with that claim. Many tech-savvy consumers, regulators, legislators, advocates, journalists, and more are watching this W3C process very closely. If we don't get something done on Do Not Track, it's quite possible the federal government, a state government, the EU, or some other political body will. > I don’t believe Jonathan Mayer speaks for the broader user community. I speak only for myself, of course. > As the only organization that has undertaken a consumer educational campaign (http://www.iab.net/privacymatters/), I’d be shocked if this group delivered on such a promise since this is the first time it has been brought up. I'm quite confident that many of the companies and NGOs around the table have worked on consumer education. > Most of all, I’d appreciate some justification for calling my comments hypocritical. I have repeatedly stated that we cannot deliver a mechanism that stops tracking and have provided concrete examples to justify that viewpoint. What is inaccurate about what I’ve written? I do not take issue with your view that whatever we settle on won't stop all data collection by all websites. In fact, I completely agree. What I find remarkably hypocritical is the double standard for consumer understanding in online advertising self-regulation and Do Not Track. Current self-regulation is packed with misleading language that has flummoxed users, regulators, legislators, academics, media, and more. But when Do Not Track might possibly be ambiguous for some users - despite earnest best efforts at transparency and education - that's a non-starter. > Your point that, “Do Not Track has real messaging force”, tells me that you are in favor of keeping it because it is catchy and will draw press attention. That is fine, since that’s one of the options I identified, but let’s at least be honest about our intentions. That is completely true. And I believe I'm being very honest about it. > As for attacking the DAA or other self regulatory programs, I believe that is truly out of scope for this group so I won’t waste everyone’s time with that discussion, but I am happy to take it offline if you’d like. Nothing here is meant as an attack. I see a significant inconsistency in some of the positions around the table, and I want to note that. > Mike Zaneis > SVP & General Counsel > Interactive Advertising Bureau > (202) 253-1466 > > Follow me on Twitter @mikezaneis > > > From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Jonathan Mayer > Sent: Thursday, October 13, 2011 4:32 PM > To: Brett Error > Cc: Roy T. Fielding; Tracking Protection Working Group WG > Subject: Re: ISSUE-5: What is the definition of tracking? > > I completely share Aleecia's view that the scope of Do Not Track need not match how "tracking" is defined in a dictionary. We're setting a technical standard here - it will be very open and explicit about what's covered and what's not. Our standard will be guided largely by user expectations, but also by tech, business, law, policy, and politics constraints. To the extent we deviate from user expectations, the onus is on us to explain why and how. But in my view that's a question of follow-on education and discussion, not how we write the standard itself. For example, I think we would be wise to produce a page explaining in plain terms what's covered and what isn't that all browsers can link to from their privacy settings. I'm not at all concerned about some sort of media backlash about our definition. From the outset almost every stakeholder has been clear that Do Not Track is about third-party tracking. And just about all the press coverage has been about third-party tracking. I'm particularly surprised to hear these hypocritical arguments coming from IAB and others in the self-regulatory space, since the opt outs y'all currently offer are orders of magnitude more misleading than a transparent Do Not Track standard will ever be. > > As for changing the name from Do Not Track, I would strongly oppose the move. First, it's the name the world knows this proposal by. (See, e.g., http://www.google.com/trends?q=do+not+track.) Attempting a retitle to "Tracking Preference Expression" caused lots of unnecessary confusion among stakeholders. Second, Do Not Track has real messaging force. It's no real secret that there are differing degrees of influence around the table. For some, myself included, the name has been instrumental in making progress on third-party web tracking. > > Jonathan > > On Oct 13, 2011, at 1:16 PM, Brett Error wrote: > > > slow clap<< :) > > -----Original Message----- > From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Roy T. Fielding > Sent: Thursday, October 13, 2011 1:52 PM > To: Brett Error > Cc: Tracking Protection Working Group WG > Subject: Re: ISSUE-5: What is the definition of tracking? > > The essential problem with relying on a set of exceptions is that the end user cannot be expected to know those exceptions. All they know is the configuration that is set. > If we give the user an expectation of requesting "Do Not Track" > and then allow sites to ignore that request on the basis of our set of exceptions, then I think regulators will treat this protocol in the same way that they treat fine print in contracts. > > In other words, we are setting up the situation where the mechanism will be implemented according to our standard but the regulations will be implemented according to the user's expectations -- nullifying our standard in the process. > > Users don't see header fields, so there is no need to change the DNT field name. However, my current plan is to stop referring to it as "Do Not Track" in the document. > > ....Roy > > On Oct 12, 2011, at 6:02 PM, Brett Error wrote: > > > Any time you are recording the behavior/path of something, you are tracking it. There isn't anything we can do to redefine that in a consumer's lexicon, nor do I think we really want to. > > The urge to define "tracking" stems from the concern that "do not track" sounds like it will forbid all tracking. That, of course, also is not our intention so we feel compelled to redefine the word "track" to curtail its scope (in more of a legal document type of context). > > That would be one approach. We can take (and indeed already are taking) a different approach. > > PROPOSAL: Close ISSUE-5 with the following notes: > > 1) The DNT specification covers a standard way wherein a consumer can express a tracking preference. It is entirely up to the site/service whether or not to respect that preference. > > 2) It is entirely possible for a site/service to be in full compliance with the DNT specification, and still track a consumer, EVEN WHEN THAT CONSUMER IS EXPRESSING A PREFERENCE AGAINST BEING TRACKED. An example of this is the first party exemption around which we've reached a (conceptual) consensus. There are others being discussed. > > The notion here is that in certain situations, there may be reasons a party may have a right/need to do tracking. It is our responsibility to define 1) what those situations are, 2) how, even in these situations, we do our best to protect the spirit of what the consumer is requesting (privacy), and 3) how, if at all, the service doing the tracking responds in this type of situation so that the consumer's agent can take action (if any). > > In doing so, we actually define "track" in the context of DNT, but avoid the messy aspects of a semantics battle. > > > -----Original Message----- > From: public-tracking-request@w3.org > [mailto:public-tracking-request@w3.org] On Behalf Of Bjoern Hoehrmann > Sent: Wednesday, October 12, 2011 6:17 PM > To: Aleecia M. McDonald > Cc: public-tracking@w3.org > Subject: Re: ISSUE-5: What is the definition of tracking? > > * Aleecia M. McDonald wrote: > I am not convinced either Roy or I have the first case quite solid > yet, perhaps because we have each phrased this as more absolute than > what people think. It would be very good if people who think there is > more to tracking than just data moving between sites could please > chime in with a lucid explanation of what they mean. > > The Working Group cannot define "tracking" without additional modifiers in a manner that is inconsistent with typical english usage. "This user arrived on this page and then moved on to that page" is a statement that cannot be made if the user's movements around the site are not tracked. > -- > Björn Höhrmann · mailto:bjoern@hoehrmann.de · > http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 > · http://www.bjoernsworld.de > 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · > http://www.websitedev.de/ > > > > >
Received on Thursday, 13 October 2011 21:57:21 UTC