RE: [Issue-5] [Action-77] Defining Tunnel-Vision 'Do Not (Cross-Site) Track'

Rigo,

Do you have an example in the real-world where a medical or insurance website has tracked referrer headers to ask their clientele specific questions to affect their coverage?  This appears to be far beyond the realm of real-world practices.

NOT a real threat - so therefore NOT real boundaries.

- Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: Wednesday, February 08, 2012 9:31 AM
To: public-tracking@w3.org
Cc: Roy T. Fielding; Lauren Gelman
Subject: Re: [Issue-5] [Action-77] Defining Tunnel-Vision 'Do Not (Cross-Site) Track'

Can we draw some collection limitation from that? If I send a request to 
example.com, example.com knows that I'm interacting with them. But if I have 
looked at some medical site and now (by inadvertence) surf to my insurance 
website, they could detect that I looked at alzheimer information and will ask 
me about it next time.

So we seem to have identified a clear threat with clear boundaries. If we 
agree, we would have to add some text. Collecting referrer from within a 
certain boundary would work. This is at least a very good first step that we 
can note down IMHO

Rigo

On Tuesday 07 February 2012 15:22:26 Roy T. Fielding wrote:
> > What is the use case where I'm a third party and I need to know where a
> > user is coming from.  If I'm a Macys ad just sitting on NYT, and a
> > DNT:1 user visits the site, why would referrer info [where the person
> > was prior to arriving at NYT] be passed to me?
> Sorry, that's me being unclear.  The referral data in the ad's case is
> Macy's website, not where the user came from before Macy's.  It is
> important to know that this ad was seen on Macy's site.

Received on Wednesday, 8 February 2012 17:48:51 UTC