RE: TPE Document, S2.3 P1 from Jules Polonetsky on 2011-10-31 (public-tracking@w3.org from October 2011)

From: Jules Polonetsky <julespol@futureofprivacy.org>
Date: Mon, 31 Oct 2011 12:56:23 -0400
To: "'Tom Lowenthal'" <tom@mozilla.com>, <public-tracking@w3.org>
Cc: <public-tracking@w3.org>, "'Roy T. Fielding'" <fielding@gbiv.com>
Message-ID: <004d01cc97ee$05ff74a0$11fe5de0$@futureofprivacy.org>

Why can't apps be included as a target for this standard? Users increasingly
will click on an icon on their phone, unaware of whether it is an app or
html 5 or even a bookmark.  Already today, when I want to opt-out of ad
targeting on a mobile site and ad target in an app, I need to opt-out of the
same ad network in 2 different ways (one a click to get an opt-out cookie,
one I need to provide my device ID to the ad network to keep it on an
opt-out list...if the ad network provides such a choice). With the advent of
device fingerprinting, targeting by mac address and other new identifiers
used for app targeting, DNT for apps should be a priority.

-----Original Message-----
From: Tom Lowenthal [mailto:tom@mozilla.com] 
Sent: Monday, October 31, 2011 12:43 PM
To: public-tracking@w3.org
Cc: public-tracking@w3.org; Roy T. Fielding
Subject: TPE Document, S2.3 P1

Pursuant to my F2F comment. The current first paragraph of section 2.3
reads:

> HTTP [HTTP11] uses the term user agent to refer to any of the various 
> client programs capable of initiating HTTP requests, including 
> browsers, spiders (web-based robots), command-line tools, native 
> applications, and mobile apps. Although the protocol defined by this 
> specification is applicable to all forms of user agent, the compliance 
> requirements are specifically concerned with the privacy expectations 
> of a human user and the tracking of their browsing history over time. 
> Hence, user agents that do not have some form of "browsing" nature or 
> do not communicate with more than one site are not expected to comply 
> with this protocol.

This leaves the status of mobile apps somewhat unclear. I propose the
following text instead:


> HTTP [HTTP11] uses the term user agent to refer to any of the various 
> client programs capable of initiating HTTP requests, including 
> browsers, spiders (web-based robots), command-line tools, native 
> applications, and mobile apps. Although the protocol defined by this 
> specification is potentially applicable to all forms of user agent, 
> the compliance requirements are specifically concerned with the 
> privacy expectations of a human user and the tracking of their 
> browsing history over time.
>
> There exist user agents which do not have a "browsing" nature, such as 
> mobile apps which communicate with one service exclusively. These 
> non-browsing user-agents are not the target for this standard, though 
> there is no reason why they could not implement it.

Received on Monday, 31 October 2011 16:57:07 UTC