- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 13 Feb 2012 15:04:24 -0800
- To: Nicholas Doty <npdoty@w3.org>
- Cc: Ninja Marnau <nmarnau@datenschutzzentrum.de>, "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
On Feb 13, 2012, at 1:09 PM, Nicholas Doty wrote: > Hi Roy, > > On Feb 13, 2012, at 12:49 PM, Roy T. Fielding wrote: >> Please be aware that this would require Apache httpd to respond >> that it is always tracking, by default, regardless of how the >> underlying services are implemented. Likewise for Squid, TrafficServer, >> haproxy, and all other HTTP servers that I am aware of. >> >> If we can't find a definition that allows HTTP access logs and normal >> retention for fraud control, then let's give up. I will not implement >> DNT if it can be used as a bypass for fraud and security controls. > > As I believe Ninja noted, this is *not* intended as a set of requirements for compliance with a DNT header, just a meaningful and entirely optional description that a site can use if it absolutely isn't tracking. I do not believe that is helpful. It implies that anything in that list is tracking, which is false, and it implies that any site doing those things can't claim it is absolutely not tracking, which is not a desirable result (it makes this standard useless). > If there is an alternate definition that could accommodate common httpd configurations and still communicate to the user that to a more complete level no tracking is occurring, it would be great to see that option. Here is an alternative: A party may claim that it is not tracking if 1) the party does not retain data from requests in a form that might identify a user except as necessary to fulfill that user's intention (e.g., credit card billing data is necessary if the user is making a purchase) or for the limited purposes of access security, fraud prevention, or audit controls; 2) when user-identifying data is retained for purposes other than to fulfill the user's intention, the party maintains strict confidentiality of that data and only retains that data for a limited duration that is no longer than is necessary to accomplish that purpose, thereafter destroying or otherwise clearing the user-identifying data; and, 3) the party does not combine or correlate collected user-identifying data with any other data obtained from prior requests, user-identifying profiles, or data obtained from third parties unless specifically directed to do so by the user (e.g., when a user initiates a login request) or for the limited purposes of inspection for access security, fraud prevention, or audit controls. ....Roy
Received on Monday, 13 February 2012 23:04:48 UTC