- From: Vincent Toubiana <v.toubiana@free.fr>
- Date: Tue, 14 Feb 2012 20:46:58 +0100
- To: JC Cannon <jccannon@microsoft.com>
- CC: Shane Wiley <wileys@yahoo-inc.com>, Jonathan Mayer <jmayer@stanford.edu>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <4F3ABA32.9030205@free.fr>
I get your point, but I think a similar result can be achieved if the browser sets a web-wide exception based on the out-of band signal and then synchronize with the other devices. On the other hand, I don't see how the problem I'm pointing (shared browser) could be addressed if out-the-band signal overrides DNT signal. Users would have to always remove all cookies. I'd like also to recall that currently we have "DNT signal > Opt-Out cookie" (see action-52) and what you're proposing is "Opt-in cookie > DNT signal". I think an approach based on web-wide exceptions could be more consistent. Vincent On 2/14/2012 5:08 PM, JC Cannon wrote: > > +1 > > *From:*Shane Wiley [mailto:wileys@yahoo-inc.com] > *Sent:* Tuesday, February 14, 2012 8:04 AM > *To:* TOUBIANA, VINCENT (VINCENT); JC Cannon; Jonathan Mayer > *Cc:* public-tracking@w3.org (public-tracking@w3.org) > *Subject:* RE: ACTION-69: Renaming ISSUE-54 > > Vincent, > > I strongly disagree that anything should trump an out-of-band explicit > consent experience and I believe the group for the most part agrees on > this stance. > > - Shane > > *From:*TOUBIANA, VINCENT (VINCENT) > [mailto:Vincent.Toubiana@alcatel-lucent.com] > *Sent:* Tuesday, February 14, 2012 8:52 AM > *To:* Shane Wiley; JC Cannon; Jonathan Mayer > *Cc:* public-tracking@w3.org (public-tracking@w3.org) > *Subject:* RE: ACTION-69: Renaming ISSUE-54 > > Shane, > > There are already tools to synchronize settings (bookmarks, tabs, > history,...) on different browsers. I'm not saying that all browsers > should implement site-specific exception this way, but that some could. > > This is not a matter of granularity; it's just that (on some browsers) > site specific exceptions should overrule out-of-band permissions (i.e. > if no exception is granted out-of band exception should be ignored). > > Vincent > > ------------------------------------------------------------------------ > > *De :*Shane Wiley [mailto:wileys@yahoo-inc.com] > *Envoyé :* mardi 14 février 2012 16:32 > *À :* TOUBIANA, VINCENT (VINCENT); JC Cannon; Jonathan Mayer > *Cc :* public-tracking@w3.org (public-tracking@w3.org) > *Objet :* RE: ACTION-69: Renaming ISSUE-54 > > Vincent, > > While it may be possible (read "MAY") to host more permissions through > a single browser, in today's world where users move across devices at > a fairly rapid pace this won't be taken up by publishers and users > alike (until browsers solve online ID issues -- see Mozilla's work > here). Until all online permissions are ubiquitously held on a web > browser, out-of-band permissions will continue to be the primary > approach to managing account details. I don't believe the currently > envisioned site-specific exceptions (or web wide exceptions) structure > supports the granularity of permissions you're envisioning (nor should > it -- this is about DNT). > > - Shane > > *From:*TOUBIANA, VINCENT (VINCENT) > [mailto:Vincent.Toubiana@alcatel-lucent.com] > *Sent:* Tuesday, February 14, 2012 8:09 AM > *To:* Shane Wiley; JC Cannon; Jonathan Mayer > *Cc:* public-tracking@w3.org (public-tracking@w3.org) > *Subject:* RE: ACTION-69: Renaming ISSUE-54 > > Shane, > > I think the motivations listed in the "user managed site-specific > exception" section are valid and I don't see why one could not > implement a solution where all permissions would be hosted in the > browser. Especially, users should be able to view quickly all the > exceptions they have granted and that could actually avoid confusions. > > Furthermore, users may not be aware of permissions that have been > granted from the browser they're using (shared computer) and therefore > should not be held responsible for all of them. > > Vincent > > ------------------------------------------------------------------------ > > *De :*Shane Wiley [mailto:wileys@yahoo-inc.com] > *Envoyé :* mardi 14 février 2012 15:47 > *À :* TOUBIANA, VINCENT (VINCENT); JC Cannon; Jonathan Mayer > *Cc :* public-tracking@w3.org (public-tracking@w3.org) > *Objet :* RE: ACTION-69: Renaming ISSUE-54 > > Vincent, > > Specific to #2 - I don't believe attempting to host ALL online > permissions via a web browser is an intelligent outcome. By allowing > race conditions to occur (consent vs. site-specific exception) we'll > confuse everyone involved (users, site operators, regulators, etc.). > Nothing should trump an explicit consent experience. If a user is not > pleased with a previous permission they've granted, they should simply > return to the source and revoke that permission. This is a fair and > appropriate expectation (users need to carry a modicum of > responsibility in this exchange). > > - Shane > > *From:*TOUBIANA, VINCENT (VINCENT) > [mailto:Vincent.Toubiana@alcatel-lucent.com] > *Sent:* Tuesday, February 14, 2012 7:09 AM > *To:* JC Cannon; Jonathan Mayer > *Cc:* public-tracking@w3.org (public-tracking@w3.org) > *Subject:* RE: ACTION-69: Renaming ISSUE-54 > > JC, > > Web-wide exceptions have been considered precisely to address this > issue. These exceptions could be synchronized using tools provided by > browser vendors. > > In fact, devices synchronization should be addressed by browser > vendors (there are tools to do that already) and we should not try to > support a specific implementation as I see at least two possibilities: > > 1) A first implementation may use the FB account to synchronize the > browsers settings (may require an API). > > 2) Some users will prefer to have their browser settings prevailing > and ignore the FB account settings (or ignore all "out of band" > exceptions). For instance, to prevent that a single FB account > overwrites the settings of a browser used by several users. > > Users may choose or configure their browser based on their priorities. > > Vincent > > ------------------------------------------------------------------------ > > *De :*JC Cannon [mailto:jccannon@microsoft.com] > *Envoyé :* mardi 14 février 2012 02:04 > *À :* Jonathan Mayer > *Cc :* public-tracking@w3.org (public-tracking@w3.org) > *Objet :* RE: ACTION-69: Renaming ISSUE-54 > > At this point I would like to hear opinions from other people. > > If DNT breaks my relationship with companies I'll just leave it off. > That would just make for a bad experience. Punting to browser vendors > doesn't solve the multi-browser, user, computer issue. > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*Jonathan Mayer [mailto:jmayer@stanford.edu] > *Sent:* Monday, February 13, 2012 5:00 PM > *To:* JC Cannon > *Cc:* public-tracking@w3.org (public-tracking@w3.org) > *Subject:* Re: ACTION-69: Renaming ISSUE-54 > > JC, > > I share your view that requiring users to give explicit consent on > each device is an issue. We may want to make some accommodation in > the exception API, or we may decide to punt to the browser vendors. > > That's all, however, independent of the issue you raised: does Do Not > Track impose limits on third parties when 1) the user has an account, > and 2) the user is logged in? I think the answer should be yes - the > very same limits it imposes on any other third party. > > Jonathan > > On Feb 13, 2012, at 4:50 PM, JC Cannon wrote: > > If I have an account with a company and I set my preferences a certain > way, I don't want DNT overriding that, while I'm logged in. The > alternative is to try to set an exception in every browser on every > computer I use when I've already stated my position. To me that would > be nightmare scenario. > > No, a privacy statement in and of itself should not override DNT. > However, I would like to see all privacy statements reference an > organization's position on DNT, including when they feel that a > member's preferences may override a DNT header. > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*Jonathan Mayer [mailto:jmayer@stanford.edu] > <mailto:%5bmailto:jmayer@stanford.edu%5d> > *Sent:*Monday, February 13, 2012 4:42 PM > *To:*JC Cannon > *Cc:*Shane Wiley; public-tracking@w3.org > <mailto:public-tracking@w3.org> (public-tracking@w3.org > <mailto:public-tracking@w3.org>) > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > Is it your position that a privacy policy link would be adequate to > override DNT: 1? If not, why can't we write that? > > As for sites where the user already has an account, why grant them a > special tracking privilege? Any third party could put together a page > for managing preferences. (And several do.) > > Jonathan > > On Feb 13, 2012, at 4:38 PM, JC Cannon wrote: > > I feel measuring the efficacy of a company's notice is out of scope > here. I also don't feel we are focusing on social sites, but sites > where the user has an and can manage their preferences in a > centralized persistent fashion. > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*Jonathan Mayer[mailto:jmayer@stanford.edu] > <mailto:%5bmailto:jmayer@stanford.edu%5d> > *Sent:*Monday, February 13, 2012 4:33 PM > *To:*Shane Wiley > *Cc:*JC Cannon;public-tracking@w3.org > <mailto:public-tracking@w3.org>(public-tracking@w3.org > <mailto:public-tracking@w3.org>) > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > This is why standards of notice are important. If "the user has > already given Facebook consent" means Facebook asked explicitly for > permission to identify the user on other sites and got an exception > through the exception API, all's well. But if Facebook merely links > to its privacy policy at signup, no, that's not enough notice. To the > extent others believe it is, I'd like to hear why social networks > deserve a special carveout from the ordinary rules. > > Jonathan > > On Feb 13, 2012, at 4:00 PM, Shane Wiley wrote: > > Wouldn't the current Facebook structure be considered an "out of band > consent" exception? Meaning the user has already given FB consent to > this data collection web wide? > > - Shane > > *From:*JC Cannon[mailto:jccannon@microsoft.com] > <mailto:%5bmailto:jccannon@microsoft.com%5d> > *Sent:*Monday, February 13, 2012 4:55 PM > *To:*Jonathan Robert Mayer > *Cc:*public-tracking@w3.org > <mailto:public-tracking@w3.org>(public-tracking@w3.org > <mailto:public-tracking@w3.org>) > *Subject:*RE: ACTION-69: Renaming ISSUE-54 > > How about this: > > 1)For social sites, manage social feature at that site or by logging out. > > 2)For tracking and personalization opt-out use DNT. > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*Jonathan Robert Mayer[mailto:jmayer@stanford.edu] > <mailto:%5bmailto:jmayer@stanford.edu%5d> > *Sent:*Monday, February 13, 2012 3:19 PM > *To:*JC Cannon > *Cc:*public-tracking@w3.org > <mailto:public-tracking@w3.org>(public-tracking@w3.org > <mailto:public-tracking@w3.org>) > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > Without DNT, users would not be guaranteed the ability to opt out. > That's the status quo. > > On Feb 13, 2012, at 2:41 PM, JC Cannon <jccannon@microsoft.com > <mailto:jccannon@microsoft.com>> wrote: > > That looks like something that is handled by Facebook, which seems > great to me. Why does DNT have to get involved? > > JC > > *From:*Jonathan Mayer[mailto:jmayer@stanford.edu] > <mailto:%5bmailto:jmayer@stanford.edu%5d> > *Sent:*Monday, February 13, 2012 2:33 PM > *To:*public-tracking@w3.org > <mailto:public-tracking@w3.org>(public-tracking@w3.org > <mailto:public-tracking@w3.org>) > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > Social widgets would not "stop working." Users certainly would > not need to "re-enable [widgets] on every site." To clarify, > here's our Facebook mock-up. > > Embedded widget: > > <image001.png> > > Consent option: > > <image002.png> > > On Feb 13, 2012, at 2:07 PM, JC Cannon wrote: > > If we start making changes that degrades consumers' online > experience or makes them work too hard to get their experience > back to normal they won't use. As a consumer I want to just click > a button and be protected without everything else changing. If I > enable DNT:1 and all of a sudden all my social widgets stop > working or you tell me to "just" re-enable them on every site, I'm > just going to turn it off. > > Rob provided a good example of asite > <http://www.heise.de/newsticker/meldung/Apple-will-deutschen-Patentstreit-mit-Motorola-in-den-USA-gewinnen-1433070.html>that > manages social widgets (widgets at bottom of article). I like the > way it works, but I wouldn't want to manage the settings on every > site. > > Responses to your suggestions below. > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*Jonathan Mayer[mailto:jmayer@stanford.edu] > <mailto:%5bmailto:jmayer@stanford.edu%5d> > *Sent:*Monday, February 13, 2012 1:12 PM > *To:*Geoff Gieron - AdTruth > *Cc:*JC Cannon; Jeffrey Chester; John Simpson; Justin > Brookman;public-tracking@w3.org <mailto:public-tracking@w3.org> > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > I've seen a few suggestions that I'd disagree with on this thread. > Since they seem fairly independent, I'll break them out individually. > > 1) We should allow social widget personalization because some > users might want it. > > The same argument applies to any prohibited practice. That's why > the TPE specification provides an explicit exception mechanism. > If a user wants to see more personalized content from a third > party or using third-party data, whether stuff their friends liked > or (tracking-based) interest-targeted advertising, they can > provide an exception. We mocked up an exception flow for > Facebook's social widgets at http://donottrack.us/cookbook/. > > [JC] I feel the logged in state is different from standard > third-party interaction. As a consumer I don't want to provide an > exception our use the cookbook strategy for something I already > control. If I don't want the functionality I will log out. > > 2) Social widget providers are first parties if the user has > logged in since the user has a business relationship with the website. > > I thought we had agreement in Santa Clara and on the list that > third-party widgets become first party by means of user > interaction, not logged-in status. > > [JC] I agree the widget does not get first-party status, but they > should still be able to personalize my experience, which I > control. I don't see that as first party functionality. > > 3) Social personalization isn't the same as third-party data > collection. > > I don't follow this line at all. Embedded social content is from > a third party, and that third party collects data. Moreover, the > data collection practices currently used for social > personalization rely not only on a unique ID---they rely on an ID > tied to the user's identity. > > [JC] Third parties have the ID information whether DNT is enabled > or not. The header tells them their obligations to me as a > consumer and whether or not they can process my data. > > On Feb 13, 2012, at 10:40 AM, Geoff Gieron - AdTruth wrote: > > JC -- you raise a valid point on tracking vs social sharing. One > thing I would like to point out about this though is how logged in > entities like Facebook already supersede existing browser > solutions, such as Private Browsing (notice how Facebook still > knows it is you on sites outside their network when you are > suppose to be incognito to all entities). > > So based on your ascertainment -- I do agree that DNT should not > disrupt the value of social sharing when you are logged in and > remained logged AND Private Browsing/Incognito Mode should be what > cuts even this level of detection by these types of services > regardless of login. However -- we are not standardizing Private > Browsing/Incognito Mode so I'm concerned that the ability by a few > customer facing companies like Google, Yahoo, Facebook, Amazon, > AOL and Microsoft essentially may have the ability to completely > work around all existing browser based solution offered to a consumer. > > Is my concern valid to you? > > *Geoff Gieron* > > /Business Development Strategist/ > > <B6D349F0-DB69-481C-A4A8-5CC1CDE1C45E[87].png> > > *O:* +1.480.776.5525 > > *M:* +1.602.418.8094 > > ggieron@adtruth.com <mailto:ggieron@adtruth.com> > > www.adtruth.com <http://www.adtruth.com> > > *From:*JC Cannon <jccannon@microsoft.com > <mailto:jccannon@microsoft.com>> > *Date:*Mon, 13 Feb 2012 17:29:21 +0000 > *To:*Jeffrey Chester <jeff@democraticmedia.org > <mailto:jeff@democraticmedia.org>> > *Cc:*John Simpson <john@consumerwatchdog.org > <mailto:john@consumerwatchdog.org>>, Jonathan Robert Mayer > <jmayer@stanford.edu <mailto:jmayer@stanford.edu>>, Justin > Brookman <justin@cdt.org <mailto:justin@cdt.org>>, > "public-tracking@w3.org <mailto:public-tracking@w3.org>" > <public-tracking@w3.org <mailto:public-tracking@w3.org>> > *Subject:*RE: ACTION-69: Renaming ISSUE-54 > *Resent-From:*<public-tracking@w3.org <mailto:public-tracking@w3.org>> > *Resent-Date:*Mon, 13 Feb 2012 17:30:10 +0000 > > I'm not stating that data can be collected on me. I'm only stating > that during a logged-in state a social site may personalize my > experience based on my settings on the social site. The social > site does not have the right to capture my browsing habits or > process any data on me unless I interact with its widget. > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org] > *Sent:*Monday, February 13, 2012 9:16 AM > *To:*JC Cannon > *Cc:*John Simpson; Jonathan Robert Mayer; Justin > Brookman;public-tracking@w3.org <mailto:public-tracking@w3.org> > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > Let's have a further discussion on this. Can you say what data > can be collected from a user when DNT:1 is on as they access > social services? > > Jeffrey Chester > > Center for Digital Democracy > > 1621 Connecticut Ave, NW, Suite 550 > > Washington, DC 20009 > > www.democraticmedia.org <http://www.democraticmedia.org/> > > www.digitalads.org <http://www.digitalads.org/> > > 202-986-2220 > > On Feb 13, 2012, at 12:09 PM, JC Cannon wrote: > > Jeff, > > I disagree with your position, because I would still want that > feature if I'm logged in and have DNT:1 enabled. This is part of > the concern I have about making decisions for consumers that they > may not want. If I can disable the article annotation by logging > off from the social site, why bundle it with DNT taking away my > flexibility? > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*Jeffrey Chester[mailto:jeff@democraticmedia.org] > <mailto:%5bmailto:jeff@democraticmedia.org%5d> > *Sent:*Monday, February 13, 2012 6:46 AM > *To:*JC Cannon > *Cc:*John Simpson; Jonathan Robert Mayer; Justin > Brookman;public-tracking@w3.org <mailto:public-tracking@w3.org> > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > JC: > > DNT:1 serves as a form of granular privacy protection. If one has > DNT:1 on, they don't want tracking process working--even if it > means they can't find out their friends enjoyed reading your > latest book! Happy to discuss. > > I would like to drill into this a little further. How would this > apply to a logged in state? If I'm logged into a social site and > reading an article I would be interested to know if people I trust > from that social site enjoyed the article or not without > necessarily letting people know that I viewed the article, unless > I select the share button. I don't want to have to enable tracking > just to see if my friends liked the article. > > JC > > Twitter <http://twitter.com/jccannon7> > > *From:*John Simpson[mailto:john@consumerwatchdog.org] > <mailto:%5bmailto:john@consumerwatchdog.org%5d> > *Sent:*Wednesday, February 08, 2012 11:53 AM > *To:*Jeffrey Chester > *Cc:*Jonathan Robert Mayer; Justin Brookman;public-tracking@w3.org > <mailto:public-tracking@w3.org> > *Subject:*Re: ACTION-69: Renaming ISSUE-54 > > I agree that when a site acts as a third party it MUST not engage > in targeting based on data gathered when it was a 1st party if DNT > is enabled. > > On Feb 8, 2012, at 8:43 AM, Jeffrey Chester wrote: > > > > I don't think if DNT is enabled a third party should be able to > engage in profile-based targeting that they have collected as > first party, as Justin perhaps as proposed. That would weaken > user intent on DNT. > > Jeffrey Chester > > Center for Digital Democracy > > 1621 Connecticut Ave, NW, Suite 550 > > Washington, DC 20009 > > www.democraticmedia.org <http://www.democraticmedia.org/> > > www.digitalads.org <http://www.digitalads.org/> > > 202-986-2220 > > On Feb 8, 2012, at 11:34 AM, Jonathan Robert Mayer wrote: > > > > In the interest of clarity, I recommend we make two ISSUEs from > ISSUE-54. > > 1) What can a first party do on its own website with provided > information? I completely agree with Shane that this falls into > the current first party proposal, and I expect we'll get consensus > and close the ISSUE quickly. > > 2) What can a first party do with submitted information when it's > a third party? We've already heard a range of views on this; I > expect lengthy discussion and perspectives from many stakeholders > before we close the ISSUE. > > > On Feb 8, 2012, at 7:20 AM, Justin Brookman <justin@cdt.org > <mailto:justin@cdt.org>> wrote: > > I think Sean's restatement of the issue is a bit ambiguous. > The key question is not whether a first party can alter its > own websites and advertising on those sites based on data it > collected as a first party. It's about whether they can then > leverage that data when they're in a third-party environment. > > I was tasked with writing up language on this in Brussels, but > upon reflection, my vision is already allowed for in the > text: a third-party may customize content or advertising on > other sites based on data it had collected as a first-party. > Thus, Yahoo! can serve ads on the New York Times based on what > I had done on the Yahoo! site (or registration information I > had provided to Yahoo!) and Facebook can tell me what my > friends like in a social widget when I go to > theWashingtonPost.com <http://WashingtonPost.com/>--- as long > as neither collects the fact that I went to NYT or WaPo (apart > from exceptions like ad reporting, fraud, analytics) and > certainly does not add that information to a profile about > me. The language in the draft currently allows for this. > However, I will try to put together some non-normative > language on this today to make it clear. I have heard the > argument that this unduly favors first-party sites who have a > lot of user data, but I also think the privacy implications > are dramatically reduced when ads are influenced based on data > that a party already has about you. > > Shane, you had seemed to disagree with this idea in Brussels, > so if you want to put forward a countersuggestion that's > fine. Alternatively, Tom had disagreed on one of the calls > that Facebook should be allowed to personalize content based > on data it had collected as a first-party, so he may want to > proffer another suggestion. I could see a stronger argument > against allowing Yahoo! to use passively-collected data about > what I read on the Yahoo! site rather than using affirmatively > provided info, but I personally wouldn't draw the line there. > It's also possible this issue is currently being discussed > elsewhere on the mailing list, but I have not remotely been > able to keep up. > > Justin Brookman > > Director, Consumer Privacy > > Center for Democracy& Technology > > 1634 I Street NW, Suite 1100 > > Washington, DC 20006 > > tel 202.407.8812 > > fax 202.637.0969 > > justin@cdt.org <mailto:justin@cdt.org> > > http://www.cdt.org <http://www.cdt.org/> > > @CenDemTech > > @JustinBrookman > > > On 2/6/2012 10:10 AM, Shane Wiley wrote: > > And the proposed answer, "YES", as this appears to capture the > 1^st party exception cleanly and we have other statements that > disallow a 1^st party from sharing information with 3^rd > parties when DNT:1. > > - Shane > > *From:*Sean Harvey [mailto:sharvey@google.com] > *Sent:*Sunday, February 05, 2012 5:27 PM > *To:*public-tracking@w3.org > <mailto:public-tracking@w3.org>Group WG > *Subject:*ACTION-69: Renaming ISSUE-54 > > Hi all, apologies for the delay in submitting my action item. > > ISSUE-54 is intended to get at the question of whether or not > a first party is allowed to leverage their own data, including > registration data provided by the user at a previous time, in > the context of a DNT header being ON. > > Keep in mind I am not intending to provide an answer, only to > more appropriately rename the topic. > > In light of this I propose the Issue be renamed: > > "Can first parties customize their own websites or advertising > based on their own user data when a DNT header is ON?" > > ---------- > > John M. Simpson > > Consumer Advocate > > Consumer Watchdog > > 1750 Ocean Park Blvd. ,Suite 200 > > Santa Monica, CA,90405 > > Tel: 310-392-7041 > > Cell: 310-292-1902 > > www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org/> > > john@consumerwatchdog.org <mailto:john@consumerwatchdog.org> > > The information contained in this e-mail is confidential and/or > proprietary of AdTruth. The information transmitted herewith is > intended only for use by the individual or entity to which it is > addressed. If you are not the intended recipient, you should not > copy, distribute, disclose or use the information it contains, > please e-mail the sender immediately and delete this message from > your system. >
Received on Tuesday, 14 February 2012 19:47:38 UTC