- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Thu, 20 Oct 2011 04:18:45 +0200
- To: David Singer <singer@apple.com>
- Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
* David Singer wrote: >I am not a fan of sending of a "please don't track me" into the void and >having no idea which sites, if any, are at the moment tracking me. At the moment it is common to not conduct even the most trivial audits like "does logging out remove the userid cookie", "does disabling geo location tracking turn off geo location tracking", or "does the phone purge data after a week as it should, or does it keep it for years". I see no reason to assume a "do not track" response would give you any idea on what's going on if we cannot expect the largest data mining firms on the planet to discover such obvious problems on their own. It also seems clear that normal users would have to rely on third party analysis to get an actual idea of what's going on (what is this site, what does it do, should I block it, and so on). If you go and find out about that, you can also take a look at whether their privacy policy claims they honour the do not track signal. >I fear that going to the well-known location gets us back into P3P, or >worse, only human-readable documents describing what's going on. (And I >use the phrase "human readable" rather loosely for most privacy policy >documents :-(). There http://events.ccc.de/camp/2011/wiki/index.php?title=ToS;DR was an effort earlier this year to make a "crowd-reading hub for those texts we never read when we sign up on a website." It's defunct now, but it would have offered a platform where you could get better infor- mation from than your browser telling your one thing or another about 192.168.112.2O9.net's response to the header. What percentage of users would make good use of any reporting feature here? More than 1 in 1000? I note that would be possible to require sending a Link header linking the "human-readable" privacy policy and require the policy document to indicate do not track compliance using meta data. You could still auto- mate the discovery process if need be, and users who would like to know more about some site's privacy practises would find information more easily, it avoids the caching problems that come with headers, and odds are better that any do not track policy will be updated alongside the rest of the privacy policy if needed, unlike if you separate the two. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Thursday, 20 October 2011 02:19:23 UTC