- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 12 Jan 2012 14:50:02 -0800
- To: Tom Lowenthal <tom@mozilla.com>
- Cc: public-tracking@w3.org
On Jan 12, 2012, at 12:29 PM, Tom Lowenthal wrote: >> Please feel free to raise this as an issue -- I have no intention of changing >> that without consensus since I won't be participating in this WG if it is >> changed. It was, after all, the basis of all input documents and regulatory >> concerns, where tracking was defined as cross-site tracking. > > Roy, I think you may be mis-remembering the input documents and > regulatory concerns. I encourage you to review the position papers from > the opening workshop if you need to refresh your memory. Feel free to > grep for the phrase "cross-site" or "across sites". As I said, and we have discussed before, the reason for that is simply because the input documents redefined or limited the scope of the single word "tracking" to mean tracking from same-branded set of sites to some other-branded set of sites (i.e., cross-site tracking). The reason for that is because content providers will not implement DNT (or at least will require opt-back-in before site usage) if the scope of DNT includes first-party data collection for the sake of web analytics or personalized customer experience. Non-shared tracking data and non-shared data collection is so central to how commercial websites operate that they simply won't turn it off. That is why attempts to limit or marginalize Cookies failed in 1995-98. We are here to solve a very real privacy problem in the form of cross-site data sharing tied to a particular user when such sharing is undesired by the user. That privacy problem is distinct from tracking in general. We can solve that problem by focusing on the actions that need to be limited. I think David Wainberg summed that up best. We cannot solve that problem by defining the protocol such that content providers are required to mandate opt-back-in mechanisms in order to preserve minimal site operation. All we do then is piss off the ordinary user and prevent anyone from using DNT for its intended purpose. We would be wasting all of our time and bandwidth. When I put the question to the WG, the consensus was very clear that the user would have expectations about what "tracking" meant that are far broader than how those input documents defined it and how we agreed to define this protocol. Therefore, I added a qualifier to clarify what DNT expresses so that it is consistent with both user expectations and the meaning we are assigning DNT in this protocol. The reason I insist on doing so is because content providers will be sued/regulated on the basis of the user's expectation's on what is expressed, not a fine-print list of exceptions in a compliance document that none of us expect the users to read. On aspects regarding editorial choice (and this is certainly one of them), the specification will use wording that reflects how the protocol is defined by the WG. If you see errors in the wording that makes it differ from the protocol, then by all means suggest improvements that will make it closer to the protocol. If you want to change the protocol, then get the WG to agree to that first. I am not going to put my name on a spec that lies about what it defines. Arguments that "cross-site tracking" is somehow more ambiguous than "tracking" are simply absurd. We can make the former a defined term in the compliance document, or I can define it in the TPE spec, if folks think it would help to define it formally. The only reason I did not do that already is because the scope assigned to compliance includes definitions. ....Roy
Received on Thursday, 12 January 2012 22:52:59 UTC