Re: action-231, issue-153 requirements on other software that sets DNT headers

Thank you Roy, I think this is the most succinct portrait of the technical, legal, and policy landscape on this issue yet and I agree with your final analysis. 

Mike Zaneis
SVP & General Counsel, IAB
(202) 253-1466

On Aug 21, 2012, at 10:01 PM, "Roy T. Fielding" <> wrote:

> On Aug 21, 2012, at 4:56 PM, Jeffrey Chester wrote:
>> Shane:  I don't believe we have said such flags are "invalid."  I agree with John, DNT:1 must be honored. We should not penalize privacy by design, a policy most stakeholders support.  
> Sending DNT:1 does not improve privacy; it's only eight more bytes.
> Ignoring a broken UA does not penalize privacy by design -- it
> makes it possible for industry to honor the real preferences of
> users with non-broken UAs.  Because that's the choice: ignore the
> broken UA or ignore all of the UAs.  To implement anything else
> would allow a predatory competitor to have control, on a whim,
> over your revenue stream.
> If it were even remotely possible that industry would turn off
> all data collection just because a browser vendor wanted some PR,
> we wouldn't need DNT at all.  It would just be the default with
> no signal.  I know you think that's the way the world should work,
> which is fine, but that kind of constraint is only possible with
> legislation.  Nothing we do here will change that.
> Here, we are working on a voluntary standard.  We all understand
> that industry will not turn off tracking by default, at least not
> voluntarily, and that the involuntary standards set by regional
> laws are outside our control.  Hence, no signal is our default,
> and is interpreted according to those involuntary standards and
> any other cultural preference that an organization might want
> to assume, based on the theory that companies that will turn off
> the tracking voluntarily are doing so because of user preference.
> That's a good thing for users.  Encouraging companies to voluntarily
> do what their users have asked them to do is a good thing for
> privacy, even if the data collected is not privacy-sensitive.
> In contrast, giving individual companies the right to dictate
> the meaning of standards, just because this week's dictation
> happens to match your personal preference, is not good for the
> user and will not improve their privacy.
> The sensible thing for this WG to do would be to show a unified
> front to the world and defend the choices that we have made for
> the sake of deployment.  To do anything else is effectively saying
> that you don't want this voluntary standard to succeed.
> Please stop making excuses for things that make deployment harder.
> It is not helping.
> ....Roy

Received on Wednesday, 22 August 2012 12:45:58 UTC