- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 13 Jan 2012 01:22:35 -0800
- To: David Singer <singer@apple.com>
- Cc: Tracking Protection WG <public-tracking@w3.org>
On Jan 12, 2012, at 10:26 AM, David Singer wrote: > My problems with the term 'cross-site' are two-fold: > > a) I think users are asking "don't track me" and they will see "don't cross-site track me" as restricting some, but not nearly all, of what they worry about. > b) I think some sites will break the formal rules but claim that what they are doing is not "cross-site" and so is allowed. > > We could argue in both cases that they should read the document and the definitions and rules, but in both cases I fear the damage is done before that. This is behind some of the (slightly emotional) resistance to what could be, after all, merely a terminology question. > > This is assuming we agree on a definition, of course, of what we're restricting…maybe then we'll be able to decide what label to give it. > > There seems to be some 'emotional' resistance the other way; can anyone explain it? I have no reason to honor Do Not Track if it isn't clearly restricted to actual privacy concerns, such as unexpected or undesired data sharing between sites and perhaps the one Björn raised about resurrecting cleared data. And by clearly restricted, I mean communicated to the user so that they do not get confused by propaganda terms like "Do Not Track", but rather are informed of exactly what the preference will mean to sites that receive it. "Do Not Track" without restrictions does not address a privacy concern. Instead, it is an expressed desire to be a free-rider on the Web of content that is, for the most part, paid for by advertising or marketing revenue made possible by tracking in one form or another. If a person decides to use a site and sends a request to that site, then that site has the right to collect and retain data about that request and its demand on their services. The user does not have a right to anonymity. The user does not have a right to free services. I have no reason to expect that any more than I would expect Apple to provide an 80% discount on iTunes to anyone with DNT: 1 set. Am I going to get all emotional about that? Yes. These are my customers we are talking about, who are being asked to lose revenue or destroy the usability of their site just because an ill-defined checkbox has been selected in a browser config. All of the input documents I read, and the discussion at the F2F in Cambridge, were advocating the exclusion of non-shared first-party (including outsourced) data collection and personalization from being effected whatsoever by the presence of DNT. The reason for that is simple: We don't want all of the content providers to require an opt-back-in. We want users who are concerned about the privacy issue to be able to turn on DNT and not be blocked by the same user experience one gets when turning off cookies. We want users who are surfing with DNT on to have the same personalized customer experience as other users aside from forbidding the use of data obtained from other sites. That's the spec that I agreed to edit. If we can't have a restricted definition for DNT, then I'd rather not have DNT at all. I'd rather not waste all those bytes on the wire for a user preference that will just be ignored or denied. I'd rather have the regulators address the privacy issues by setting and enforcing restrictions on what can and cannot be shared between sites without prior consent, and then let each site determine how to obtain consent if they really need data from other sites. Quite frankly, I am tired of repeating this over and over. Everyone has an opinion. We aren't all going to be satisfied by every aspect of how the protocol works. What we should have decided, first, is what we are intending to accomplish via the protocol, and then write that down in a form that everyone agrees to or leaves. In that respect, I agree with David's second-to-last paragraph above. If we can't agree on what we are trying to constrain, then the definitions for what we express are never going to obtain consensus. ....Roy
Received on Friday, 13 January 2012 09:28:26 UTC