- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Wed, 11 Jan 2012 15:15:45 -0800
- To: Sean Harvey <sharvey@google.com>
- Cc: Rigo Wenning <rigo@w3.org>, Kevin Smith <kevsmith@adobe.com>, Jeffrey Chester <jeff@democraticmedia.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "Roy T. Fielding" <fielding@gbiv.com>
- Message-Id: <9D6005B8-74F5-42A7-882B-E8796C2B6F9F@stanford.edu>
On Jan 11, 2012, at 2:41 PM, Sean Harvey wrote: > As I step back and think about it for a moment I feel that the potential ambiguities around the definition of "cross site tracking" might be less intractable than those around "first and third party" which is where we've gotten into a tangle over the past weeks. > > Among the many complexities that we've encountered in this respect are that third party domains are often merely software tool used by first parties, and that first parties have to be restricted from sharing their data with third parties. All of this is addressed & defined more cleanly in a "cross site tracking" paradigm. A good "cross site" definition could simplify things greatly, close potential loopholes for first parties and build greater consensus. I don't believe a renewed focus on "cross-site tracking" would be productive. The phrase introduces the ambiguities I noted below and unnecessarily conflates the independent questions of which roles are covered (currently framed as first party vs. third party) and what actors in those roles may or may not do (currently framed as, for third parties, a blanket bar + exceptions). I view it as a *positive* sign that our current approach has surfaced issues of outsourcing and backend sharing - that means we're moving past linguistic hijinks and debating actual substance. Setting aside those objections, this approach has been tried without success. Kevin proposed a definition of "Do Not Cross Track" within the ambit of ISSUE-5 ("What is the definition of tracking?"). The discussion that followed was vague, confused, and unhelpful. > Correct me if i'm wrong, but I believe the consensus of the group early on was to focus on cross-site tracking; part of the problem in definitions seems to be that we aren't being clear about that. Much of this standardization process has involved stakeholders developing a more precise understanding of the issues in play. (Look no further than the issue tracker, which is a virtual graveyard of old generalities replaced by newer specifics.) There was certainly consensus fairly early that the standard would include some distinction like "first party vs. third party" or "cross-site" - but I don't believe the group was sophisticated enough at that point to agree on details. In fact, we're just now working out the specifics. > On Wed, Jan 11, 2012 at 4:37 PM, Jonathan Mayer <jmayer@stanford.edu> wrote: > I think there's a language ambiguity here. Some consider "cross-site tracking" to be about correlating user actions on unrelated websites. Others consider "cross-site tracking" to be about information practices by third-party websites. In light of the ambiguity, I'd support dropping the term from the Preference Expression document and replacing it with something more neutral. > > Moreover, at a higher level, I don't think compliance policy questions belong in that document. Preference Expression should be a technical vehicle for whatever Compliance and Scope specifies - no more and no less. I would support clarifying that principle in the documents and trimming the lengthy policy-based introduction from the Preference Expression document. > > I am very sensitive to Roy's and Kevin's concern that the group not move away from its consensus that this standard will impose (almost) no limits on first-party conduct. I believe the current proposals for Compliance and Scope accurately reflect that consensus. To the extent they don't, debate should be held in the context of that document, not surrounding an ambiguous turn of phrase elsewhere. > > Jonathan > > On Jan 11, 2012, at 11:46 AM, Rigo Wenning wrote: > > > Kevin, > > > > can you explain cross-site tracking by first parties to me? I just point out > > the logic break here. Either we talk about first vs third parties or we solely > > scope the entire exercise and scope to "cross-site tracking". > > > > Rigo > > > > On Wednesday 11 January 2012 11:13:08 Kevin Smith wrote: > >> Actually, at least in the early meetings, I believe we had near consensus > >> that the objective of this working group would be focused around cross-site > >> tracking (despite a somewhat confusing name of DNT). Most of the current > >> issues and discussions are reflective of this direction - such as defining > >> affiliates, 1st vs 3rd parties, and exceptions to when cross-site tracking > >> are permissible such as rate frequency capping. > >> > >> If that is still true, I think it's imperative to have it spelled out as Roy > >> has done in the doc to avoid as much confusion as possible. > > > > > > > > -- > Sean Harvey > Business Product Manager > Google, Inc. > 212-381-5330 > sharvey@google.com
Received on Wednesday, 11 January 2012 23:18:51 UTC