W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: ACTION-69: Renaming ISSUE-54

From: David Singer <singer@apple.com>
Date: Fri, 24 Feb 2012 15:56:25 -0800
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <72F8D2EE-8237-49AC-811D-3516E2F847B5@apple.com>
To: JC Cannon <jccannon@microsoft.com>

On Feb 24, 2012, at 15:48 , JC Cannon wrote:

> How would personalization of content from the social site be covered if tracking didn't occur?

I am not being clear, oh dear.

I am saying that there are two scenarios already covered by our specs, for a user using DNT:

a) they do NOT opt-in to this site that is sometimes 1st, sometimes 3rd; under those circumstances, the widget shown in 3rd party status is the same as the one shown to unknown people
b) they DO opt-in, possibly in-band, possibly out-of-band; then the 3rd can show personalized content.

Given the existence of an opt-in, to achieve case (b), we don't need to bend case (a) to behave the same as (b).  Case (a) can and should stay in the 
    "treat me as someone about whom you know nothing and remember nothing"
camp.  IMHO. I think.

> JC
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com] 
> Sent: Friday, February 24, 2012 3:36 PM
> To: public-tracking@w3.org (public-tracking@w3.org)
> Subject: Re: ACTION-69: Renaming ISSUE-54
> On Feb 23, 2012, at 13:43 , Karl Dubost wrote:
>> Le 23 févr. 2012 à 16:19, Karl Dubost a écrit :
>>> Le 15 févr. 2012 à 04:36, TOUBIANA, VINCENT (VINCENT) a écrit :
>>>> As long as we have a common format used to describe exceptions -- and I think that should be the case -- bookmarks synchronization tools can be used to synchronize exceptions.
>>> A common format for describing exceptions is key 
>>> if we want to promote interoperability in between user agents
>> Another element to this: 
>> The hard time that users will have to configure anything on mobile browsers.
> I think this, and other reasons, are possibilities for the "out of band opt-in".  For example, you visit social-network.com, and you explicitly tell it (in its preferences) "It's OK to recognize me and track my visits when a social-network widget is embedded in other sites".
> Then I would expect to see the [response header | well-known URI CGI] tell me "I have an opt-in from you" (and the UA may want to check with the user the first time this claim is made).
> I return to the (perhaps simplistic) formulation that we've had before
>    "treat me as someone about whom you know nothing and remember nothing"
> and observe that it's probably somewhat confused of the UA to send a 3rd party a DNT signal ('please don't track me') along with a cookie that says "Hi! It's Dave again!".  In the absence of that cookie, the 3rd party receiving a DNT signal has no business applying 'heuristics' (fingerprints etc.) to guess who I am.
> But even if the UA is confused, I think the correct state is the 'safe' state: in the absence of an opt-in, the 3rd party does NOT use or add to its data about you, EVEN IF it can identify you.  That's what opt-ins are for.
> David Singer
> Multimedia and Software Standards, Apple Inc.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Friday, 24 February 2012 23:56:52 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC