Re: ISSUE-5: What is the definition of tracking?


I have a quick comment about this "user would not expect exception to 
DNT" issue: DoNotCall defines some exceptions (see points 28 to 30 and -- as 
far as I know - is quite well understood by users. We could make it 
clear that there are some exceptions to DNT when users enable it (like 
on and just list them on a website.


On 10/13/2011 11:44 PM, Kevin Smith wrote:
> I strongly support finding terminology that more closely matches 
> functionality.  I think good evidence of the confusion the current 
> naming convention would cause is the number of times this group has 
> had this discussion and the number of times this is exact debate has 
> blocked consensus on various things.  Put simply, many individuals of 
> our working group have expressed that betraying the average user's 
> expectations (unqualified I know, I am just summarizing what I have 
> heard expressed) would be a failure, and I do not believe that the 
> terminology "Do Not Track" can be easily be reconciled with the 
> expectation that data will not be shared across sites.
> Absolutely there is a large amount of sunk cost in the Terminology "Do 
> Not Track".  There has been a great deal of investment by various 
> players to get some traction behind this (hence the reason we are 
> here), and we will absolutely lose some of that industry momentum in 
> the short run.  However, in the long run, I think this standard will 
> be met with greater success if the terminology helps to educate the 
> public on exactly what it hopes to accomplish.
> I am even more lexically challenged than Brett, but perhaps someone 
> more creative could do something interesting with titles like:  
> "Prevent 3^rd Party Data Sharing" or "Prevent 3^rd Party Tracking and 
> Targeting" or even "Prevent cross site tracking".  These are perhaps a 
> bit too limiting in scope, but you get the idea.
> I am confident some people will still be confused or not understand 
> what that means, but at least many people's initial guess will be more 
> accurate.
> *From:* 
> [] *On Behalf Of *Mike Zaneis
> *Sent:* Thursday, October 13, 2011 2:45 PM
> *To:* Jonathan Mayer; Brett Error
> *Cc:* Roy T. Fielding; Tracking Protection Working Group WG
> *Subject:* RE: ISSUE-5: What is the definition of tracking?
> "The world knows this proposal by"; "our standard will be guided 
> largely by user expectations"; "follow-on (consumer) education".  Can 
> you provide support for these statements?  I don't believe the world 
> knows anything about this process.  I don't believe Jonathan Mayer 
> speaks for the broader user community.  As the only organization that 
> has undertaken a consumer educational campaign 
> (, I'd be shocked if this group 
> delivered on such a promise since this is the first time it has been 
> brought up.
> Most of all, I'd appreciate some justification for calling my comments 
> hypocritical.  I have repeatedly stated that we cannot deliver a 
> mechanism that stops tracking and have provided concrete examples to 
> justify that viewpoint.  What is inaccurate about what I've written?
> Your point that, "Do Not Track has real messaging force", tells me 
> that you are in favor of keeping it because it is catchy and will draw 
> press attention.  That is fine, since that's one of the options I 
> identified, but let's at least be honest about our intentions.
> As for attacking the DAA or other self regulatory programs, I believe 
> that is truly out of scope for this group so I won't waste everyone's 
> time with that discussion, but I am happy to take it offline if you'd 
> like.
> Mike Zaneis
> SVP & General Counsel
> Interactive Advertising Bureau
> (202) 253-1466
> Follow me on Twitter @mikezaneis
> *From:* 
> [] *On Behalf Of *Jonathan Mayer
> *Sent:* Thursday, October 13, 2011 4:32 PM
> *To:* Brett Error
> *Cc:* Roy T. Fielding; Tracking Protection Working Group WG
> *Subject:* Re: ISSUE-5: What is the definition of tracking?
> I completely share Aleecia's view that the scope of Do Not Track need 
> not match how "tracking" is defined in a dictionary.  We're setting a 
> technical standard here - it will be very open and explicit about 
> what's covered and what's not.  Our standard will be guided largely by 
> user expectations, but also by tech, business, law, policy, and 
> politics constraints.  To the extent we deviate from user 
> expectations, the onus is on us to explain why and how.  But in my 
> view that's a question of follow-on education and discussion, not how 
> we write the standard itself.  For example, I think we would be wise 
> to produce a page explaining in plain terms what's covered and what 
> isn't that all browsers can link to from their privacy settings.  I'm 
> not at all concerned about some sort of media backlash about our 
> definition.  From the outset almost every stakeholder has been clear 
> that Do Not Track is about third-party tracking.  And just about all 
> the press coverage has been about third-party tracking.  I'm 
> particularly surprised to hear these hypocritical arguments coming 
> from IAB and others in the self-regulatory space, since the opt outs 
> y'all currently offer are orders of magnitude more misleading than a 
> transparent Do Not Track standard will ever be.
> As for changing the name from Do Not Track, I would strongly oppose 
> the move.  First, it's the name the world knows this proposal by. 
>  (See, e.g.,  Attempting 
> a retitle to "Tracking Preference Expression" caused lots of 
> unnecessary confusion among stakeholders.  Second, Do Not Track has 
> real messaging force.  It's no real secret that there are differing 
> degrees of influence around the table.  For some, myself included, the 
> name has been instrumental in making progress on third-party web tracking.
> Jonathan
> On Oct 13, 2011, at 1:16 PM, Brett Error wrote:
>         slow clap<< :)
> -----Original Message-----
> From: 
> <> 
> [] On Behalf Of Roy T. Fielding
> Sent: Thursday, October 13, 2011 1:52 PM
> To: Brett Error
> Cc: Tracking Protection Working Group WG
> Subject: Re: ISSUE-5: What is the definition of tracking?
> The essential problem with relying on a set of exceptions is that the 
> end user cannot be expected to know those exceptions.  All they know 
> is the configuration that is set.
> If we give the user an expectation of requesting "Do Not Track"
> and then allow sites to ignore that request on the basis of our set of 
> exceptions, then I think regulators will treat this protocol in the 
> same way that they treat fine print in contracts.
> In other words, we are setting up the situation where the mechanism 
> will be implemented according to our standard but the regulations will 
> be implemented according to the user's expectations -- nullifying our 
> standard in the process.
> Users don't see header fields, so there is no need to change the DNT 
> field name.  However, my current plan is to stop referring to it as 
> "Do Not Track" in the document.
> ....Roy
> On Oct 12, 2011, at 6:02 PM, Brett Error wrote:
> Any time you are recording the behavior/path of something, you are 
> tracking it.  There isn't anything we can do to redefine that in a 
> consumer's lexicon, nor do I think we really want to.
>     The urge to define "tracking" stems from the concern that  "do not
>     track" sounds like it will forbid all tracking.  That, of course,
>     also is not our intention so we feel compelled to redefine the
>     word "track" to curtail its scope (in more of a legal document
>     type of context).
>     That would be one approach.  We can take (and indeed already are
>     taking) a different approach.
>     PROPOSAL: Close ISSUE-5 with the following notes:
>     1) The DNT specification covers a standard way wherein a consumer
>     can express a tracking preference.  It is entirely up to the
>     site/service whether or not to respect that preference.
>     2) It is entirely possible for a site/service to be in full
>     compliance with the DNT specification, and still track a consumer,
>     TRACKED.  An example of this is the first party exemption around
>     which we've reached a (conceptual) consensus.  There are others
>     being discussed.
>     The notion here is that in certain situations, there may be
>     reasons a party may have a right/need to do tracking.  It is our
>     responsibility to define 1) what those situations are, 2) how,
>     even in these situations, we do our best to protect the spirit of
>     what the consumer is requesting (privacy), and 3) how, if at all,
>     the service doing the tracking responds in this type of situation
>     so that the consumer's agent can take action (if any).
>     In doing so, we actually define "track" in the context of DNT, but
>     avoid the messy aspects of a semantics battle.
>     -----Original Message-----
>     From:
>     <>
>     [] On Behalf Of Bjoern Hoehrmann
>     Sent: Wednesday, October 12, 2011 6:17 PM
>     To: Aleecia M. McDonald
>     Cc: <>
>     Subject: Re: ISSUE-5: What is the definition of tracking?
>     * Aleecia M. McDonald wrote:
>         I am not convinced either Roy or I have the first case quite
>         solid
>         yet, perhaps because we have each phrased this as more
>         absolute than
>         what people think. It would be very good if people who think
>         there is
>         more to tracking than just data moving between sites could please
>         chime in with a lucid explanation of what they mean.
>     The Working Group cannot define "tracking" without additional
>     modifiers in a manner that is inconsistent with typical english
>     usage. "This user arrived on this page and then moved on to that
>     page" is a statement that cannot be made if the user's movements
>     around the site are not tracked.
>     --
>     Björn Höhrmann · ·
> Am Badedeich 7 · Telefon:
>     +49(0)160/4415681
>     ·
>     25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 ·

Received on Thursday, 13 October 2011 23:55:08 UTC