Re: tracking-ISSUE-117: Terms: tracking v. cross-site tracking [Tracking Definitions and Compliance]

Hi Roy, 

you encouraged me to raise this issue. Aleecia raised the issue and I concur. 
Now let's discuss the merits of harms of having "cross-site" semantics in the 
TPE Specification instead of the TDC Specification. 

I hear that you want to have consistency between both Specifications. So we 
agree on this first point. 

IMHO the issue also raises the question, whether the "cross-site" semantics 
are in the TPE or in the TDC Specification. You want it in the TPE, I want it 
in the TDC. 

Finally, according to Ed, we have to determine whether "cross-site" is not 
just another iteration of our 1st party vs 3rd party issue on who can collect 
what in what situation. 

And here I humbly suggest a different approach than we had so far: Why don't we 
first agree on the easy things and the obvious limitations of things that 
everybody agrees on being abuses. This way we can better define the fields of 
dispute, weigh revenue against privacy risks and rationalize the debate.



On Friday 13 January 2012 02:19:54 Roy T. Fielding wrote:
> On Jan 12, 2012, at 7:48 PM, Tracking Protection Working Group Issue Tracker 
> > tracking-ISSUE-117: Terms: tracking v. cross-site tracking [Tracking
> > Definitions and Compliance]
> > 
> >
> > 
> > Raised by: Aleecia McDonald
> > On product: Tracking Definitions and Compliance
> > 
> > We have a bit of disagreement over terms. The Tracking Definitions and
> > Compliance document holds the definitions. We should harmonize the
> > Tracking Preference Expressions document to match. This leaves open the
> > question of what the Definitions and Compliance document should
> > contain, but at present there does not appear to be a consensus to
> > change from tracking to cross-site tracking. Consensus is required to
> > change sections of the FPWD for the Definitions and Compliance document
> > where we had prior agreements.
> No, that is incorrect on all counts.
> First, the TPE spec must be complete in the sense that the semantics are
> fully defined.  The two specs cannot be inconsistent, but we haven't reached
> that point yet AFAIK, and so far the TPE spec has been a step or so ahead
> of the compliance spec in terms of drafting status.  If I stop drafting
> text to wait until the definitions are done then I cannot meet the
> deadlines for this WG.  If they need to be consistent right now, then the
> easy solution is to copy the definition to the Compliance spec. I agree
> that they have to be consistent before last call.
> Second, that term was used in the FPWD:
>  egrep cross-site tracking-dnt-20111114.html
>       cross-site tracking preference via the <a class="internalDFN"
> href="#dfn-dnt-1">DNT</a> request header field in cross-site tracking, and
> a mechanism for allowing the user to approve with which they have no
> personal trust relationship.  When cross-site tracking or cross-site
> sharing of data collection does not match the to express their own
> preference regarding cross-site tracking that is permit use of their
> content without cross-site data collection, personal preference regarding
> cross-site tracking to each server and tell servers <q>do not track me
> cross-site</q>, install a plug-in the user's cross-site tracking preference
> to be expressed to the user has chosen to allow cross-site tracking or that
> their
> It only looks like a recent addition because of all the new text added
> for the meaning of DNT 1 and 0.
> Third, the FPWD did not have WG consensus on content -- it had consensus on
> publication as a working draft.  The state that you are thinking of is after
> Last Call, which we haven't reached yet.  The editor won't be making any
> changes after last call without a fully-baked change proposal with
> consensus determined by the chairs, because the LC is after the WG has
> declared consensus on content.
> You can, as WG chairs, institute formal change control before last call, but
> that would significantly delay publication (and you have to actually tell
> me first so that I stop making stupid changes).
> Fourth, I don't believe there is any such consensus on using the bare word
> "tracking" to define what DNT restricts.  In fact, every single service
> provider in the working group (that I am aware of) has backed my position.
> Since we are the ones who have to implement it, that's the only consensus
> we are likely to get.
> I stated in mail that tracking had to be decided in order for me to define
> the semantics.  We have an issue on how to define "tracking" and it has not
> been resolved.  We did have a discussion on the list and it was very clear
> that a majority of the working group (especially the folks who were not in
> attendance at Cambridge) expected "tracking" to be interpreted as all forms
> of user identification, including clickstreams for first-party analytics.
> Hence, *our* working definition of tracking differed from that used by
> Jonathan in the DNT Internet Draft upon which TPE is based.  I therefore
> made the change to add cross-site a few months ago, because otherwise the
> FPWD would have differed substantively from the existing DNT implementations
> and from the very clear opinions of those of us at the Cambridge F2F.
> Everyone was aware of that change -- it was even mentioned at one point (by
> John, IIRC) during the last F2F.
> I expect the Compliance spec to define tracking as per the WG discussion,
> once it gets around to deciding that issue.  That's why cross-site tracking
> is used in TPE.  If not, then TPE will change accordingly.  I don't expect
> us to work in lock-step because we are already severely constrained on time.
> ....Roy

Received on Friday, 13 January 2012 13:27:06 UTC