Re: ACTION-110: Write proposal text for what it means to "not track" (ISSUE-119)

On Feb 13, 2012, at 1:09 PM, Nicholas Doty wrote:

> Hi Roy,
> On Feb 13, 2012, at 12:49 PM, Roy T. Fielding wrote:
>> Please be aware that this would require Apache httpd to respond
>> that it is always tracking, by default, regardless of how the
>> underlying services are implemented.  Likewise for Squid, TrafficServer,
>> haproxy, and all other HTTP servers that I am aware of.
>> If we can't find a definition that allows HTTP access logs and normal
>> retention for fraud control, then let's give up.  I will not implement
>> DNT if it can be used as a bypass for fraud and security controls.
> As I believe Ninja noted, this is *not* intended as a set of requirements for compliance with a DNT header, just a meaningful and entirely optional description that a site can use if it absolutely isn't tracking.

I do not believe that is helpful.  It implies that anything in that
list is tracking, which is false, and it implies that any site doing
those things can't claim it is absolutely not tracking, which is not
a desirable result (it makes this standard useless).

> If there is an alternate definition that could accommodate common httpd configurations and still communicate to the user that to a more complete level no tracking is occurring, it would be great to see that option.

Here is an alternative:

A party may claim that it is not tracking if

1) the party does not retain data from requests in a form
that might identify a user except as necessary to fulfill that
user's intention (e.g., credit card billing data is necessary
if the user is making a purchase) or for the limited purposes
of access security, fraud prevention, or audit controls;

2) when user-identifying data is retained for purposes other
than to fulfill the user's intention, the party maintains
strict confidentiality of that data and only retains
that data for a limited duration that is no longer than is
necessary to accomplish that purpose, thereafter destroying
or otherwise clearing the user-identifying data; and,

3) the party does not combine or correlate collected
user-identifying data with any other data obtained from prior
requests, user-identifying profiles, or data obtained from
third parties unless specifically directed to do so by the user
(e.g., when a user initiates a login request) or for the limited
purposes of inspection for access security, fraud prevention,
or audit controls.


Received on Monday, 13 February 2012 23:04:48 UTC