Comments on tracking-compliance.html from Bjoern Hoehrmann on 2011-10-26 (public-tracking@w3.org from October 2011)

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Wed, 26 Oct 2011 04:06:41 +0200
To: public-tracking@w3.org
Message-ID: <rijea75aqblif04am2f8jl6tb5o864gc53@hive.bjoern.hoehrmann.de>

Hi,

  http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html
The term "consumer" is widely regarded as offensive and derogatory and
it's simply wrong to use it where the draft uses it, starting with the
fact that it's common to legally limit the definition of the term to
non-commercial users. The relationship between a citizen and their re-
presentatives for instance is that of a citizen, not that of a consumer.

In section 2.1 "Using the internet by definition involves the exchange
of data across servers; the web cannot exist without it." I am not sure
what this is meant to say, but what does say is, erm, incorrect? On the
user end, example.com is one server, that server does not have to ex-
change data with any other server. My homepage for instance does not ex-
change data with any other server when you load it.

I note that the section is meant to address "What are the underlying
concerns? ... what are people afraid of?" but doesn't despite all the
text.

In section 3.2 "A third party is anyone other than a first party as
defined above." With the proposed definitions, that would make the user
a third party.

Regarding the definition of "Consent", I rather doubt it would be a good
idea for this Working Group to attempt to define the term, reasons in-
clude that laws already provide definitions of that, and any consensus-
based definition is likely to be inconsistent with existing legal ones.

Section 4.2 requires proxies to not remove the header without consent of
the user. It is not clear to me that this is a good idea to specify this
as that might create the impression generally speaking it is unclear if
proxies may remove headers like this one which I would disagree with. It
might be better to limit the scope to things between two end points and
not have a separate notion of "Intermediary compliance".

Various sections refer to "behavioral tracking". That seems borderline
tautological to me.

The text in 6.2 about interactions with opt-out cookies is redundant as
all it says people must comply with their promises. This should instead
say that DNT does not affect other mechanisms or that their interaction
is out of scope.

I hope this draft is moved to some publically exposed version control
system soon.

regards,
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

Received on Wednesday, 26 October 2011 02:07:03 UTC