- From: David Singer <singer@apple.com>
- Date: Thu, 20 Oct 2011 11:17:48 -0700
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
On Oct 19, 2011, at 19:18 , Bjoern Hoehrmann wrote: > * David Singer wrote: >> I am not a fan of sending of a "please don't track me" into the void and >> having no idea which sites, if any, are at the moment tracking me. > > At the moment it is common to not conduct even the most trivial audits > like "does logging out remove the userid cookie", "does disabling geo > location tracking turn off geo location tracking", or "does the phone > purge data after a week as it should, or does it keep it for years". I > see no reason to assume a "do not track" response would give you any > idea on what's going on if we cannot expect the largest data mining > firms on the planet to discover such obvious problems on their own. It > also seems clear that normal users would have to rely on third party > analysis to get an actual idea of what's going on (what is this site, > what does it do, should I block it, and so on). If you go and find out > about that, you can also take a look at whether their privacy policy > claims they honour the do not track signal. I think you are allowing your pessimism to run too far. Strictly, logging out means I can't do anything I'd need to log in to do; it doesn't strictly mean 'forget me'. But if a site responds "I am not tracking you in this transaction" and it later transpires that it was, that's pretty useful. > I note that would be possible to require sending a Link header linking > the "human-readable" privacy policy and require the policy document to > indicate do not track compliance using meta data. I don't have any problem with standardizing a location for a privacy policy (human-, machine-, or un- readable :-(), but I think it's out of scope of this activity. David Singer Multimedia and Software Standards, Apple Inc.
Received on Thursday, 20 October 2011 18:25:37 UTC