- From: Sean Harvey <sharvey@google.com>
- Date: Wed, 11 Jan 2012 17:41:46 -0500
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: Rigo Wenning <rigo@w3.org>, Kevin Smith <kevsmith@adobe.com>, Jeffrey Chester <jeff@democraticmedia.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "Roy T. Fielding" <fielding@gbiv.com>
- Message-ID: <CAFy-vuejXfjLoiKNZ=Hju6bCYNu=k_ZL0enpuakO7C14R2eGaw@mail.gmail.com>
As I step back and think about it for a moment I feel that the potential ambiguities around the definition of "cross site tracking" might be less intractable than those around "first and third party" which is where we've gotten into a tangle over the past weeks. Among the many complexities that we've encountered in this respect are that third party domains are often merely software tool used by first parties, and that first parties have to be restricted from sharing their data with third parties. All of this is addressed & defined more cleanly in a "cross site tracking" paradigm. A good "cross site" definition could simplify things greatly, close potential loopholes for first parties and build greater consensus. Correct me if i'm wrong, but I believe the consensus of the group early on was to focus on cross-site tracking; part of the problem in definitions seems to be that we aren't being clear about that. On Wed, Jan 11, 2012 at 4:37 PM, Jonathan Mayer <jmayer@stanford.edu> wrote: > I think there's a language ambiguity here. Some consider "cross-site > tracking" to be about correlating user actions on unrelated websites. > Others consider "cross-site tracking" to be about information practices by > third-party websites. In light of the ambiguity, I'd support dropping the > term from the Preference Expression document and replacing it with > something more neutral. > > Moreover, at a higher level, I don't think compliance policy questions > belong in that document. Preference Expression should be a technical > vehicle for whatever Compliance and Scope specifies - no more and no less. > I would support clarifying that principle in the documents and trimming > the lengthy policy-based introduction from the Preference Expression > document. > > I am very sensitive to Roy's and Kevin's concern that the group not move > away from its consensus that this standard will impose (almost) no limits > on first-party conduct. I believe the current proposals for Compliance and > Scope accurately reflect that consensus. To the extent they don't, debate > should be held in the context of that document, not surrounding an > ambiguous turn of phrase elsewhere. > > Jonathan > > On Jan 11, 2012, at 11:46 AM, Rigo Wenning wrote: > > > Kevin, > > > > can you explain cross-site tracking by first parties to me? I just point > out > > the logic break here. Either we talk about first vs third parties or we > solely > > scope the entire exercise and scope to "cross-site tracking". > > > > Rigo > > > > On Wednesday 11 January 2012 11:13:08 Kevin Smith wrote: > >> Actually, at least in the early meetings, I believe we had near > consensus > >> that the objective of this working group would be focused around > cross-site > >> tracking (despite a somewhat confusing name of DNT). Most of the > current > >> issues and discussions are reflective of this direction - such as > defining > >> affiliates, 1st vs 3rd parties, and exceptions to when cross-site > tracking > >> are permissible such as rate frequency capping. > >> > >> If that is still true, I think it's imperative to have it spelled out > as Roy > >> has done in the doc to avoid as much confusion as possible. > > > > > -- Sean Harvey Business Product Manager Google, Inc. 212-381-5330 sharvey@google.com
Received on Wednesday, 11 January 2012 22:50:04 UTC