RE: ISSUE-5: What is the definition of tracking?

Dear all,

I'm reading the mails and am a bit puzzled about who claims to represent whom & my limited knowledge of the US debates.
Beyond that using the term 'do-not-track' without a clear definition that includes ALL tracking might create misperceptions.
What concerns me is that European users have a more-or-less clear picture of what is allowed and what is not allowed. Tracking is a totally alien concept in Europe and would confuse users. European law covers (and protects) the collection of personal data (similar to 'PII' in USA).
We would therefore prefer another term, e.g. SBA, 'Stop Better Advertising' or one of the other suggested limited terms.

Kind regards,

From: [] On Behalf Of Vincent Toubiana
Sent: 14 October 2011 01:52
Subject: Re: ISSUE-5: What is the definition of tracking?

I have a quick comment about this "user would not expect exception to DNT" issue: DoNotCall defines some exceptions (see points 28 to 30 and - as far as I know - is quite well understood by users. We could make it clear that there are some exceptions to DNT when users enable it  (like on and just list them on a website.

On 10/13/2011 11:44 PM, Kevin Smith wrote:
I strongly support finding terminology that more closely matches functionality.  I think good evidence of the confusion the current naming convention would cause is the number of times this group has had this discussion and the number of times this is exact debate has blocked consensus on various things.  Put simply, many individuals of our working group have expressed that betraying the average user's expectations (unqualified I know, I am just summarizing what I have heard expressed) would be a failure, and I do not believe that the terminology "Do Not Track" can be easily be reconciled with the expectation that data will not be shared across sites.

Absolutely there is a large amount of sunk cost in the Terminology "Do Not Track".  There has been a great deal of investment by various players to get some traction behind this (hence the reason we are here), and we will absolutely lose some of that industry momentum in the short run.  However, in the long run, I think this standard will be met with greater success if the terminology helps to educate the public on exactly what it hopes to accomplish.

I am even more lexically challenged than Brett, but perhaps someone more creative could do something interesting with titles like:  "Prevent 3rd Party Data Sharing" or "Prevent 3rd Party Tracking and Targeting" or even "Prevent cross site tracking".  These are perhaps a bit too limiting in scope, but you get the idea.

I am confident some people will still be confused or not understand what that means, but at least many people's initial guess will be more accurate.

From:<> [] On Behalf Of Mike Zaneis
Sent: Thursday, October 13, 2011 2:45 PM
To: Jonathan Mayer; Brett Error
Cc: Roy T. Fielding; Tracking Protection Working Group WG
Subject: RE: ISSUE-5: What is the definition of tracking?

"The world knows this proposal by"; "our standard will be guided largely by user expectations"; "follow-on (consumer) education".  Can you provide support for these statements?  I don't believe the world knows anything about this process.  I don't believe Jonathan Mayer speaks for the broader user community.  As the only organization that has undertaken a consumer educational campaign (, I'd be shocked if this group delivered on such a promise since this is the first time it has been brought up.

Most of all, I'd appreciate some justification for calling my comments hypocritical.  I have repeatedly stated that we cannot deliver a mechanism that stops tracking and have provided concrete examples to justify that viewpoint.  What is inaccurate about what I've written?

Your point that, "Do Not Track has real messaging force", tells me that you are in favor of keeping it because it is catchy and will draw press attention.  That is fine, since that's one of the options I identified, but let's at least be honest about our intentions.

As for attacking the DAA or other self regulatory programs, I believe that is truly out of scope for this group so I won't waste everyone's time with that discussion, but I am happy to take it offline if you'd like.

Mike Zaneis
SVP & General Counsel
Interactive Advertising Bureau
(202) 253-1466

Follow me on Twitter @mikezaneis

From:<> [] On Behalf Of Jonathan Mayer
Sent: Thursday, October 13, 2011 4:32 PM
To: Brett Error
Cc: Roy T. Fielding; Tracking Protection Working Group WG
Subject: Re: ISSUE-5: What is the definition of tracking?

I completely share Aleecia's view that the scope of Do Not Track need not match how "tracking" is defined in a dictionary.  We're setting a technical standard here - it will be very open and explicit about what's covered and what's not.  Our standard will be guided largely by user expectations, but also by tech, business, law, policy, and politics constraints.  To the extent we deviate from user expectations, the onus is on us to explain why and how.  But in my view that's a question of follow-on education and discussion, not how we write the standard itself.  For example, I think we would be wise to produce a page explaining in plain terms what's covered and what isn't that all browsers can link to from their privacy settings.  I'm not at all concerned about some sort of media backlash about our definition.  From the outset almost every stakeholder has been clear that Do Not Track is about third-party tracking.  And just about all the press coverage has been about third-party tracking.  I'm particularly surprised to hear these hypocritical arguments coming from IAB and others in the self-regulatory space, since the opt outs y'all currently offer are orders of magnitude more misleading than a transparent Do Not Track standard will ever be.

As for changing the name from Do Not Track, I would strongly oppose the move.  First, it's the name the world knows this proposal by.  (See, e.g.,  Attempting a retitle to "Tracking Preference Expression" caused lots of unnecessary confusion among stakeholders.  Second, Do Not Track has real messaging force.  It's no real secret that there are differing degrees of influence around the table.  For some, myself included, the name has been instrumental in making progress on third-party web tracking.


On Oct 13, 2011, at 1:16 PM, Brett Error wrote:

slow clap<< :)

-----Original Message-----
From:<> [] On Behalf Of Roy T. Fielding
Sent: Thursday, October 13, 2011 1:52 PM
To: Brett Error
Cc: Tracking Protection Working Group WG
Subject: Re: ISSUE-5: What is the definition of tracking?

The essential problem with relying on a set of exceptions is that the end user cannot be expected to know those exceptions.  All they know is the configuration that is set.
If we give the user an expectation of requesting "Do Not Track"
and then allow sites to ignore that request on the basis of our set of exceptions, then I think regulators will treat this protocol in the same way that they treat fine print in contracts.

In other words, we are setting up the situation where the mechanism will be implemented according to our standard but the regulations will be implemented according to the user's expectations -- nullifying our standard in the process.

Users don't see header fields, so there is no need to change the DNT field name.  However, my current plan is to stop referring to it as "Do Not Track" in the document.


On Oct 12, 2011, at 6:02 PM, Brett Error wrote:

Any time you are recording the behavior/path of something, you are tracking it.  There isn't anything we can do to redefine that in a consumer's lexicon, nor do I think we really want to.

The urge to define "tracking" stems from the concern that  "do not track" sounds like it will forbid all tracking.  That, of course, also is not our intention so we feel compelled to redefine the word "track" to curtail its scope (in more of a legal document type of context).

That would be one approach.  We can take (and indeed already are taking) a different approach.

PROPOSAL: Close ISSUE-5 with the following notes:

1) The DNT specification covers a standard way wherein a consumer can express a tracking preference.  It is entirely up to the site/service whether or not to respect that preference.

2) It is entirely possible for a site/service to be in full compliance with the DNT specification, and still track a consumer, EVEN WHEN THAT CONSUMER IS EXPRESSING A PREFERENCE AGAINST BEING TRACKED.  An example of this is the first party exemption around which we've reached a (conceptual) consensus.  There are others being discussed.

The notion here is that in certain situations, there may be reasons a party may have a right/need to do tracking.  It is our responsibility to define 1) what those situations are, 2) how, even in these situations, we do our best to protect the spirit of what the consumer is requesting (privacy), and 3) how, if at all, the service doing the tracking responds in this type of situation so that the consumer's agent can take action (if any).

In doing so, we actually define "track" in the context of DNT, but avoid the messy aspects of a semantics battle.

-----Original Message-----
[] On Behalf Of Bjoern Hoehrmann
Sent: Wednesday, October 12, 2011 6:17 PM
To: Aleecia M. McDonald
Subject: Re: ISSUE-5: What is the definition of tracking?

* Aleecia M. McDonald wrote:
I am not convinced either Roy or I have the first case quite solid
yet, perhaps because we have each phrased this as more absolute than
what people think. It would be very good if people who think there is
more to tracking than just data moving between sites could please
chime in with a lucid explanation of what they mean.

The Working Group cannot define "tracking" without additional modifiers in a manner that is inconsistent with typical english usage. "This user arrived on this page and then moved on to that page" is a statement that cannot be made if the user's movements around the site are not tracked.
Björn Höhrmann · · Am Badedeich 7 · Telefon: +49(0)160/4415681
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 ·

Received on Friday, 14 October 2011 22:12:10 UTC