W3C home > Mailing lists > Public > public-tracking@w3.org > August 2012

Re: action-231, issue-153 requirements on other software that sets DNT headers

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 21 Aug 2012 19:01:00 -0700
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <443F174E-51B5-42CB-B2A1-A8712C57B3C1@gbiv.com>
To: Jeffrey Chester <jeff@democraticmedia.org>
On Aug 21, 2012, at 4:56 PM, Jeffrey Chester wrote:

> Shane:  I don't believe we have said such flags are "invalid."  I agree with John, DNT:1 must be honored. We should not penalize privacy by design, a policy most stakeholders support.  

Sending DNT:1 does not improve privacy; it's only eight more bytes.
Ignoring a broken UA does not penalize privacy by design -- it
makes it possible for industry to honor the real preferences of
users with non-broken UAs.  Because that's the choice: ignore the
broken UA or ignore all of the UAs.  To implement anything else
would allow a predatory competitor to have control, on a whim,
over your revenue stream.

If it were even remotely possible that industry would turn off
all data collection just because a browser vendor wanted some PR,
we wouldn't need DNT at all.  It would just be the default with
no signal.  I know you think that's the way the world should work,
which is fine, but that kind of constraint is only possible with
legislation.  Nothing we do here will change that.

Here, we are working on a voluntary standard.  We all understand
that industry will not turn off tracking by default, at least not
voluntarily, and that the involuntary standards set by regional
laws are outside our control.  Hence, no signal is our default,
and is interpreted according to those involuntary standards and
any other cultural preference that an organization might want
to assume, based on the theory that companies that will turn off
the tracking voluntarily are doing so because of user preference.

That's a good thing for users.  Encouraging companies to voluntarily
do what their users have asked them to do is a good thing for
privacy, even if the data collected is not privacy-sensitive.

In contrast, giving individual companies the right to dictate
the meaning of standards, just because this week's dictation
happens to match your personal preference, is not good for the
user and will not improve their privacy.

The sensible thing for this WG to do would be to show a unified
front to the world and defend the choices that we have made for
the sake of deployment.  To do anything else is effectively saying
that you don't want this voluntary standard to succeed.

Please stop making excuses for things that make deployment harder.
It is not helping.

....Roy
Received on Wednesday, 22 August 2012 02:01:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:54 UTC