- From: JC Cannon <jccannon@microsoft.com>
- Date: Mon, 13 Feb 2012 18:56:32 +0000
- To: "Roy T. Fielding" <fielding@gbiv.com>, Jonathan Mayer <jmayer@stanford.edu>
- CC: Matthias Schunter <mts@zurich.ibm.com>, "public-tracking@w3.org" <public-tracking@w3.org>
I believe we also agreed that DNT is focusing on third-party, cross-site tracking. So when DNT:1 is sent websites should not, process, pass-on or unduly retain data. Is there something else? JC -----Original Message----- From: Roy T. Fielding [mailto:fielding@gbiv.com] Sent: Friday, February 10, 2012 2:23 PM To: Jonathan Mayer Cc: Matthias Schunter; public-tracking@w3.org Subject: Re: Deciding Exceptions (ISSUE-23, ISSUE-24, ISSUE-25, ISSUE-31, ISSUE-34, ISSUE-49) On Feb 10, 2012, at 12:05 PM, Jonathan Mayer wrote: > Matthias, > > I am not willing to kick the can down the road. As I explained in an earlier email, I see scant reason to believe businesses will suddenly begin to develop or adopt privacy-preserving technologies. I am operating under the assumption that the DNT specification will be the final say on web tracking for years to come. > > As for this notion of "good actors" and "bad actors" I've seen tossed around recently, I think it unhelpfully blurs two separate ideas. First, what does Do Not Track do to totally malicious websites? The answer is nothing-for them, it's the evil bit. But, thankfully, the overwhelmingly majority of large third parties are legitimate commercial enterprises within the reach of the law. By my last tally, in fact, around half are headquartered right here in the Bay Area. > > The second idea is: What does Do Not Track do to websites that, as a matter of policy, attempt to respect the standard? If your concerns include any combination of (unintentional conduct/malicious employee/hacking/government mandate) + (use/sharing/public disclosure) + (physical harm/economic harm/reputational harm/emotional harm), then you'll believe (as I do) that the standard should impose constraints on these websites. Yes, it should impose constraints. Those are all concerns on retention. That's why we've been talking about potential ways that DNT could impose constraints on retention and use. Constraints, BTW, that do not exist today and are therefore beneficial to privacy. Collection, as you defined it, is not a tracking issue because nobody tracks based on single points in time. They track based on past points in time being connected to this point in time. It is only when the information is retained over time that it becomes vulnerable to the types of inspection, curiosity, and mishandling disclosure to which you refer above. Perhaps if we focused on the problems at hand, we could devise reasonable solutions to address those problems directly instead of arguing about alternatives to cookies. ....Roy
Received on Monday, 13 February 2012 18:57:53 UTC