W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: [ISSUE-81, ACTION-13] Response Header Format

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Thu, 20 Oct 2011 22:59:37 +0200
To: David Singer <singer@apple.com>
Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-ID: <2v11a71bqv9ae2ttn6cfvcgsr7osva1046@hive.bjoern.hoehrmann.de>
* David Singer wrote:
>I think you are allowing your pessimism to run too far. Strictly,
>logging out means I can't do anything I'd need to log in to do; it
>doesn't strictly mean 'forget me'.  But if a site responds "I am not
>tracking you in this transaction" and it later transpires that it was,
>that's pretty useful.

The examples were bugs according to the developers. Anyway, you are say-
ing if there is a response indicating how the signal was handled, there
are various benefits. Could we turn this around and talk about what the
protocol should provide and then talk about the best approach to deliver
that? If all you want is to catch someone saying one thing and doing a
different thing, that is quite different from wanting to have an idea a-
bout who is tracking you despite sending the signal.

My impression is that organizations want to provide as little details in
as few places as possible about their data handling practises in order
to minimize, primarily legal, exposure. I would then expect resistance
to features that increase exposure like by having to have information in
multiple places, which might become out of sync over time by accident.

>I don't have any problem with standardizing a location for a privacy
>policy (human-, machine-, or un- readable :-(), but I think it's out of
>scope of this activity.

You seem to have misread what I wrote. I was suggesting to link a policy
in the response which can include machine readable do not track details
if need be as an alternative to a have do not track information in well
known machine-accessible locations. You'd have Link: <...>; rel=privacy
and <p class='we-do-not-track'>We obey the do not track signal.</p> or
some such thing in a privacy policy, for instance. I argued one reason
in favour of doing this is that information would be kept in one place.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Thursday, 20 October 2011 21:00:07 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:41 UTC