W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

RE: ISSUE-5: What is the definition of tracking?

From: Mike Zaneis <mike@iab.net>
Date: Thu, 13 Oct 2011 21:57:16 +0000
To: Justin Brookman <justin@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <9FF2724793CE3843BF5E46A70AA609A510AC163A@IAB-NYC-EX1.IAB.local>
Just to be clear, several browsers have tools to send a message to all servers, which they currently call DNT, but that doesn't mean they provide settings to limit "tracking".  The only tool that currently sets limits on tracking is Microsoft's Tracking Protection Lists since it actually blocks third party content and tracking, which, according to many views expressed here, would not sufficiently meet the definition of DNT since it doesn't stop most first party tracking.  The point is that we are having a discussion with all the relevant interest groups present because they were not present when these browser tools were developed (and named) and we should not be bound by these previous decisions.

The same is true for the name of the working group.  Mozilla and IBM deserve incredible credit for organizing this group, but just because they decided on a name before any substantive discussions took place should not limit those substantive discussions.

Mike Zaneis
SVP & General Counsel
Interactive Advertising Bureau
(202) 253-1466

Follow me on Twitter @mikezaneis


From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Justin Brookman
Sent: Thursday, October 13, 2011 5:48 PM
To: public-tracking@w3.org
Subject: Re: ISSUE-5: What is the definition of tracking?

The group is chartered as the Tracking Protection Working Group to produce specifications for a  preference mechanism called "Do Not Track" for "allowing or blocking tracking elements."  Several browsers already provide settings to limit "tracking."  We can certain spend several months discussing the true meaning of the word "track" (from the Old Norse trašk meaning "trodden place" or "to trample") but I reiterate that any term is going to be subject to potential misconceptions.  It's also important to point out that whatever we call it as a group is not necessarily going to be conveyed to the user:  Mozilla's current setting says "Tell websites I do not want to be tracked."  Microsoft's setting is "Tracking Protection."  I don't know what Safari calls it because because I don't have a Mac open right now.  Our goal is to define what we think the DNT header should signal, and as Mike points out, that cannot reasonably mean no collection or transfer of information to any party because that's not reasonable, or even possible.  So we're trying to find a reasonable implementation of an anti-tracking sentiment in a realm where it's actually impossible to determine consumer expectations because the consumer doesn't have an understanding of how the web works.

Roy started this debate with a statement that the group doesn't seem to have a common understanding of what we see as the "tracking" to be stopped by DNT, but I disagree with that --- the group pretty quickly settled on a framework that says DNT is meant to stop cross-party tracking (as yes, we still need to define what a "first party" is and what a "third party" is).  There may be narrow exceptions to that --- we shall see.  But that certainly matches all the public discussion about "Do Not Track" over the last year.

I am open to concrete suggestions about what else we would want to call the signal ("Respect My Privacy": REJECTED!) but given that that browser's in charge of the UX and has the responsibility to tell the end user what the setting will do, I question the utility.  If you want to rebrand the header as "Do-Not-Track-Across-Non-Commonly-Branded-Domains-Except-For-Narrowly-Excepted-Fraud-Prevention-And-Siloed-Service-Provider-Relationships," we can give it a shot, but it's not going to matter at the end of the day.


Justin Brookman

Director, Consumer Privacy Project

Center for Democracy & Technology

1634 I Street NW, Suite 1100

Washington, DC 20006

tel 202.407.8812

fax 202.637.0969

justin@cdt.org<mailto:justin@cdt.org>

http://www.cdt.org

@CenDemTech

@JustinBrookman

On 10/13/2011 4:59 PM, Brett Error wrote:

HEY.  I labored for nearly 4 seconds thinking up the term "Respect my Privacy".  At this point it must be nearly perfect. :)



I agree that some alternative term may be less precise, but some ambiguity is far better than just plain misleading.  At least if you're not sure what something means you may take the time to look it up and figure it out.  Saying "Do Not Track", is quite concise and is far less likely to stimulate subsequent investigation.  Most people will accept it at face value... Why would they not?  ...And then feel cheated when they find that they are indeed still being tracked.



On top of that, what if minds less lexically challenged than mine were able to come up with a term that is more precise without being misleading?  Would that not be even better?



Is it really not worth investigating?



-----Original Message-----

From: public-tracking-request@w3.org<mailto:public-tracking-request@w3.org> [mailto:public-tracking-request@w3.org] On Behalf Of Justin Brookman

Sent: Thursday, October 13, 2011 2:42 PM

To: public-tracking@w3.org<mailto:public-tracking@w3.org>

Subject: Re: ISSUE-5: What is the definition of tracking?



I feel very strongly that we should retain the name "Do Not Track," both in the documents and in our public statements about the work of the group.  Certainly, "Respect My Privacy" is apt to considerably more misinterpretation by users as to what such a setting would or should accomplish.  I am I suppose vaguely sympathetic to the concerns that some (though not all) users will expect "Do Not Track" to do more or less than it does, but that will be the case no matter what we call this effort --- the average user does not know enough about the architecture of the internet to understand every implication of entering a url into a browser.  Does a user understand that an ISP will still be monitoring internet traffic for malicious communications no matter what we call this?  Should that really doom the effort?  Browsers today already offer "private browsing" or "incognito" mode---as long as the UX for those pages is very clear about the limitations of what those settings do, I thi

nk they should be viewed as positive, privacy-protecting features, and the same should apply for DNT.  It seems we made some good progress this last week in deciding that by and large the setting should be interpreted to apply primarily to third parties, and our views have been guided by our views of reasonable expectations, as they should continue to be.



Aleecia channeling Jules brings up some relatively narrow issues around geotargeting and appending that we should eventually discuss in both the first and third party context, but I don't think potential exceptions should alter our views of first-party passive clickstream collection as out of scope.  Signing off now that I have just read that Jonathan just posted pretty much the same thing as I wrote . . .



Justin Brookman

Director, Consumer Privacy Project

Center for Democracy&  Technology

1634 I Street NW, Suite 1100

Washington, DC 20006

tel 202.407.8812

fax 202.637.0969

justin@cdt.org<mailto:justin@cdt.org>

http://www.cdt.org

@CenDemTech

@JustinBrookman





On 10/13/2011 4:08 PM, Brett Error wrote:

That is fine.  But doing so doesn't address the concern that the public-facing name of this initiative/standard/feature sets the expectation that if a consumer turns in on, she won't be tracked.



It may seem like a small issue, but I'm concerned that it limits the effectiveness of standard.



-- Press headlines: "Even with Do Not Track turned on, websites are still tracking you!"



-- Enough exceptions that make it seem like this is yet another click-wrap agreement to be ignored.



-- User confusion and violated expectations-- arguably worse that the situation we are currently in where most consumers don't really know WHAT to expect from a tracking perspective.



We have two ways to avoid this:

1) Stop calling it Do Not Track, and call it "Respect my Privacy" or the like.

2) Continue with Do Not Track, but make sure it clear it is merely a preference expressed by a user and that there are legitimate reasons it may not be respected.



The first option is vastly superior, but I also understand the point of view that we've got some brand equity invested in the name "do not track".



If we choose to continue on the current path pretending that the peeps

could ever come to think of track as meaning something only involving

multiple websites, so be it.  I'll just sit here (somewhat) quietly

hating you all and I'll try to use my polite inside voice when I dance

around saying "I told you so" in a few months. ;)









-----Original Message-----

From: JC Cannon [mailto:jccannon@microsoft.com]

Sent: Thursday, October 13, 2011 11:57 AM

To: Brett Error; public-tracking@w3.org<mailto:public-tracking@w3.org>

Subject: RE: ISSUE-5: What is the definition of tracking?



Will limiting the discussion to "as it applies to DNT" help since it won't apply to first-party sites?



JC



-----Original Message-----

From: public-tracking-request@w3.org<mailto:public-tracking-request@w3.org>

[mailto:public-tracking-request@w3.org] On Behalf Of Brett Error

Sent: Thursday, October 13, 2011 9:07 AM

To: public-tracking@w3.org<mailto:public-tracking@w3.org>

Subject: RE: ISSUE-5: What is the definition of tracking?



I disagree. I have yet to find a consumer that would consider a first party tracking them on a single site to not be "tracking".



-----Original Message-----

From: public-tracking-request@w3.org<mailto:public-tracking-request@w3.org>

[mailto:public-tracking-request@w3.org] On Behalf Of Aleecia M.

McDonald

Sent: Thursday, October 13, 2011 12:37 AM

To: public-tracking@w3.org<mailto:public-tracking@w3.org>

Subject: Re: ISSUE-5: What is the definition of tracking?





On Oct 12, 2011, at 5:17 PM, Bjoern Hoehrmann wrote:



The Working Group cannot define "tracking" without additional

modifiers in a manner that is inconsistent with typical english usage.

"This user arrived on this page and then moved on to that page" is a

statement that cannot be made if the user's movements around the site are not tracked.

While I will join in mourning the geekification of English, I think the idea that "tracking" (and, more usefully as Roy offers, DNT) does not match a dictionary definition seems not to pose a problem. Between words like cookies, spam, the web, and private browsing not actually being private, I think computer jargon is well established.



I am trying to hear from folks who thinking tracking is something other than data flowing between two sites. On calls and in Boston I had the impression there are such views in the group. But if all is silence, perhaps I was mistaken, or perhaps they have been persuaded otherwise.



  Aleecia
Received on Thursday, 13 October 2011 21:58:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:41 UTC