Re: action-231, issue-153 requirements on other software that sets DNT headers


"privacy" is less defined than tracking and certainly a far more
attenuated concept.  The spec does not speak to privacy protections but
rather to specific requirements for servers when they see a DNT: 1 signal.
 I may grant that this might be characterized as a choice for
"no-tracking", if we were able to define tracking in a manner that
encompassed the overloaded meaning it has taken on in the spec (see 3rd
party data append discussion).  But it is inherently misleading to suggest
that DNT:1 is a choice for privacy where, as others have already pointed
out, there is very strong disagreement amongst members that this will be
the case.  

Where there should be no disagreement is that a DNT:1 signal based on a
demonstrated user preference MUST be processed in accordance with the
compliance spec.  This said, I can be fully compliant, see a DNT:1 and ask
you for your name, credit card and billing address as a condition to
seeing content.  Not a great leap forward for privacy IMHO.  We are in
agreement that funding will continue, so in the end DNT: 1 will be a
choice about how you want to pay, not if your going to.  I am not hearing
any discussion about a more privacy friendly form of funding than
advertising, so it seems a stretch to assume that a new, heretofore
unknown, way of funding replaces it which is necessarily more privacy



Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 |

This email  including attachments  may contain confidential information.
If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message.

On 8/22/12 3:54 PM, "Tamir Israel" <> wrote:

>I'm not seeing it. DNT-1 is a preference for privacy. It very directly
>expresses 'I want you to respect my privacy, please do not track [insert
>definition] my online browsing'.
>If it also means that I will be faced with a second choice -- out of
>bound consent; request for an exception for a specific service; etc.,
>which I may say yes or no to on a case by case basis, depending on the
>particular terms of the OOB, or the service requesting an exception --
>in no way diminishes the fact that my initial expression 'Do Not Track
>Me' indicates a preference for privacy with respect to my online browsing.
>I agree that sites will need to be funded, one way or another, but this
>does not change the underlying character of my 'DNT-1' as an expression
>of a preference for privacy.
>On 8/22/2012 2:58 PM, Dobbs, Brooks wrote:
>> Tamir,
>> I again note that DNT: 1 is NOT a preference FOR privacy.  It is a
>> preference that a recipient server will process data in accordance with
>> the compliance spec as required by the signal.  The net impact of the
>> server's behavior may or may not on the whole be more or less privacy
>> protective for the individual concerned.  A user may reasonably conclude
>> that DNT: 0 or unset is likely to have a better net impact on privacy.
>> Being asked for OOB exception or a micropayment for content may not, in
>> many reasonable minds, be privacy enhancing.
>> I am not being pedantic here.  We must be conscious that we aren't
>> discussing IF ad supported websites will continue to be funded but HOW.
>> If a donut store offers you "free" donuts for giving their advertising
>> sponsors your IP address and cookie as you wait in line but then is
>> required by protocol not to collect those things, you may expect the
>> will ask you for a credit card when you get to the register (or they'll
>> close).  
>> -Brooks

Received on Wednesday, 22 August 2012 20:55:55 UTC