- From: Tamir Israel <tisrael@cippic.ca>
- Date: Fri, 27 Jul 2012 11:54:16 -0400
- To: David Wainberg <david@networkadvertising.org>
- CC: David Singer <singer@apple.com>, Shane Wiley <wileys@yahoo-inc.com>, "Grimmelmann, James" <James.Grimmelmann@nyls.edu>, Mike Zaneis <mike@iab.net>, Jeffrey Chester <jeff@democraticmedia.org>, "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Hi -- I agree this is a core issue, but I think we've canvassed the pluses/minuses of it by now. At the end of the day, a choice will need to be made, but whenever this issue comes up, it seems to become the sole object of discussion for long periods of time (case in point : P). On 7/27/2012 11:44 AM, David Wainberg wrote: > David, > > I'm not sure this is a distraction, but rather a core issue. If we > cannot expect the spec to be implemented, why are we spending all of > this effort on it? > > -David > > On 7/27/12 11:11 AM, David Singer wrote: >> Shane, others >> >> I must admit to being really surprised to hear the industry argue so >> forcefully for tracking prevention lists (blacklists). >> >> Nonetheless, for this, I would like to re-iterate my previous >> suggestion that this discussion is a distraction from completing our >> work on what constitutes compliant behavior, and that we leave the >> question of what constitutes compliant response to non-compliant >> behavior to a future revision. I urge the group not to get distracted >> - it will only delay, which is not what any of us want, I am sure. >> >> You and I worked on a suggestion that we should make it technically >> possible for a site to inform a user sending dnt:1 that it is not >> ceasing tracking "for some other reason explained at this URL" and we >> stay silent on when that can be used and whether it is compliant. I >> still believe that this is the best outcome. >> >> Dave Singer (iPhone) >> >> On Jul 27, 2012, at 7:53, Shane Wiley <wileys@yahoo-inc.com> wrote: >> >>> James, >>> >>> I believe that's a fairly stretched logical position as I would >>> argue a user's continued use of the non-compliant/invalid UA means >>> they do not care about the DNT feature of that UA. >>> >>> - Shane >>> >>> -----Original Message----- >>> From: Grimmelmann, James [mailto:James.Grimmelmann@nyls.edu] >>> Sent: Friday, July 27, 2012 6:31 AM >>> To: Shane Wiley >>> Cc: David Singer; Mike Zaneis; Tamir Israel; Jeffrey Chester; Roy T. >>> Fielding; Justin Brookman; public-tracking@w3.org >>> Subject: Re: ISSUE-4 and clarity regarding browser defaults >>> >>> There is an irony here. Whether a user agent is compliant depends >>> on whether "a tracking preference expression is only transmitted [by >>> the user agent] when it reflects a deliberate choice by the user." >>> If a server messages a user that their user agent is noncompliant >>> because it sets DNT:1 by default, and the user continues to use the >>> user agent when interacting with the server, this takes away much of >>> the argument that the user agent is still noncompliant with respect >>> to that user. At this point, the user has been given an explicit >>> statement that their user agent is sending DNT:1 and an explanation >>> of what that means, and has chosen not to do anything about it. >>> >>> James >>> >>> -------------------------------------------------- >>> James Grimmelmann Professor of Law >>> New York Law School (212) 431-2864 >>> 185 West Broadway >>> james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu> >>> New York, NY 10013 http://james.grimmelmann.net >>> >>> On Jul 27, 2012, at 2:01 AM, Shane Wiley wrote: >>> >>> David, >>> >>> I don't believe it's a fair comparison to hold the DNT discussion >>> against a pure technical standard where I agree syntax validity is >>> typically the only factor in acceptance. The heavy Policy aspect of >>> DNT in this conversation should be taken into consideration when >>> viewing valid vs. invalid signals. >>> >>> A better comparison would be to look at hardware centric standards >>> where a capability failure alerts a user to the situation and >>> becomes a forcing function for correct marketplace behavior. >>> >>> For example, if I make an HDMI cable that says it supports the 1.3 >>> HDMI standard and when a user connects the cable to a receiver and >>> TV and they both suggest the HDMI cable is not compliant with v1.3 >>> and reject the cable, the user will need to purchase a different >>> cable that is compliant. The original company that was not >>> compliant will of course be driven to work to update their cable >>> design to bring it back into compliance so people will purchase it. >>> To think a standard would take the position that makers of receivers >>> and TVs must accept any HDMI cable regardless of standards >>> compliance would make no sense. And it shouldn't in our case either. >>> >>> Allowing Servers to message users that their User Agent is invalid >>> (non-compliant) will drive users who care to switch to a different >>> User Agent to express their preferences in a compliant manner. If >>> the percentage of users leaving the non-compliant User Agent reaches >>> a significant "enough" level, then one would assume the maker of the >>> User Agent would move their product into compliance to remove this >>> reason for user departures. This is why standards in other contexts >>> have a natural forcing alignment function. Suggesting that Servers >>> must honor "any DNT signal" - even from non-compliant UAs - doesn't >>> allow natural alignment to occur. >>> >>> With respect to EU considerations, I believe the confusion is that >>> some are suggesting servers not respond to the invalid UA DNT >>> signal. To be clear the goal is to transparently share with the >>> user their User Agent (browser) of choice is non-compliant and to >>> offer them alternatives at that time (if they desire to take them). >>> User knowledge of the situation is key. >>> >>> - Shane >>> >>> From: David Singer [mailto:singer@apple.com] >>> Sent: Thursday, July 26, 2012 3:49 PM >>> To: Mike Zaneis >>> Cc: Tamir Israel; Jeffrey Chester; Shane Wiley; Roy T. Fielding; >>> Justin Brookman; public-tracking@w3.org<mailto:public-tracking@w3.org> >>> Subject: Re: ISSUE-4 and clarity regarding browser defaults >>> >>> Mike >>> >>> I like it that you state your positions clearly and without >>> dissimulation (perhaps a little strongly, though?), but... >>> >>> I agree with Tamir: we HAVE decided that user-agents should not >>> enable DNT by default. We have NOT decided whether sites can ignore >>> a protocol-valid DNT signal because they think it might possibly >>> not, in some cases, reflect the user's true intention. (Nor have we >>> decided whether user-agents can disbelieve what the sites say, under >>> some circumstances). >>> >>> Generally, in protocols, the normal practice is that if the protocol >>> exchange itself is valid, but you think it an error for the other >>> end to be doing something, you write software that respects the >>> protocol (after all, you want your implementation to be cleanly >>> compliant, with no questions), and you write letters asking the >>> other company to get into compliance. >>> >>> Personally, as I have stated, I think the end-points (software) >>> trying to second-guess "did he really mean that?" is highly >>> questionable and a recipe for a downward spiral of >>> measure/counter-measure, and so on. I also feel that we have our >>> work cut out deciding what conformance exchanges entail, without >>> trying to define how end-points behave when faced with (the myriad >>> possibilities of) non-conformant, or suspected non-conformant, behavior >>> >>> On Jul 26, 2012, at 14:24 , Mike Zaneis >>> <mike@iab.net<mailto:mike@iab.net>> wrote: >>> >>> >>> Tamir, >>> >>> You are simply wrong. This group has decided that browsers should >>> be shipped with DNT turned off. Furthermore, we have agreed that >>> browsers shipped with DNT turned on would be non-compliant with the >>> spec (Aleecia has been very public with this position). Therefore, >>> a company can be compliant with the W3C spec and ignore a signal >>> that they know to have been sent by a default setting. If read the >>> story, that is the scenario being discussed. >>> >>> There are many open questions around knowing how a signal was set >>> and what the appropriate actions may be. Those issues are being >>> worked on, but if we cannot agree on the previous scenario, and >>> industry is going to be attacked post any W3C spec if they operate >>> in this fashion, then I question why we are continuing our work. >>> >>> Mike Zaneis >>> SVP & General Counsel >>> Interactive Advertising Bureau >>> (202) 253-1466 >>> >>> Follow me on Twitter @mikezaneis >>> >>> >>> From: Tamir Israel [mailto:tisrael@cippic.ca<http://cippic.ca>] >>> Sent: Thursday, July 26, 2012 5:07 PM >>> To: Mike Zaneis >>> Cc: Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin Brookman; >>> public-tracking@w3.org<mailto:public-tracking@w3.org> >>> Subject: Re: ISSUE-4 and clarity regarding browser defaults >>> >>> Hi Mike, >>> >>> As I am sure you are well aware from the multiple times this has >>> been discussed recently, the issue Jeff was referring to is far from >>> closed. >>> >>> You seem to be conflating two distinct issues, in fact. The one you >>> are referring to, which was, indeed, closed long ago, was whether >>> the specification would obligateany form of default setting. The >>> conclusion was that it would not. >>> >>> The issue Jeff is referring to is one that has been quite >>> contentious and has not yet, to my knowledge, been resolved. This >>> second issue is whether servers will be permitted to simply ignore >>> DNT-1 signals sent by any IE user simply because they do not feel >>> these are an accurate representation of user preference. >>> >>> As we have all discussed multiple times, these two questions are >>> quite distinct. >>> >>> Best regards, >>> Tamir >>> >>> On 7/26/2012 4:55 PM, Mike Zaneis wrote: >>> Jeff, >>> >>> I hate to revisit an issue that has been closed at least twice >>> before, the first time being way back in September, but you again >>> raised the browser default setting issue and its place in the W3C >>> standards process - >>> http://www.chicagotribune.com/news/tribnation/chi-reporting-privacy-vs-profits-on-internet-browsers-20120726,0,5932169.story. >>> The story is about the W3C TPE Working Group and how Microsoft has >>> decided to ship IE10 with the DNT flag turned on. I was extremely >>> disappointed to see your quote that industry would face a "bloody >>> virtual and real-world fight" if we did not honor such a default. >>> That flies in the face of your statement from last month (see below >>> to refresh your memory). >>> >>> I have to question whether you are negotiating at the W3C in good >>> faith. If the industry is to be attacked and engaged in a bloody >>> fight even if we develop and adopt a W3C standard, then what is the >>> incentive for us to remain at the table? Can you please clarify >>> your position on this vitally important issue. >>> >>> Mike Zaneis >>> SVP & General Counsel >>> Interactive Advertising Bureau >>> (202) 253-1466 >>> >>> Follow me on Twitter @mikezaneis >>> >>> >>> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] >>> Sent: Sunday, June 03, 2012 5:41 PM >>> To: Shane Wiley >>> Cc: Roy T. Fielding; Justin Brookman; >>> public-tracking@w3.org<mailto:public-tracking@w3.org> >>> Subject: Re: ISSUE-4 and clarity regarding browser defaults >>> >>> I support what the working group agreed to, with DNT not being >>> shipped as on. That is part of the set of compromises we have >>> agreed to within the working group. I was surprised as everyone >>> else with Microsoft's announcement. I was just responding the tone >>> of some of the comments in the press where various industry players >>> suggest that Microsoft is a digital Benedict Arnold. That said, we >>> need to conclude this work with agreement on definition for policy. >>> I still believe there is a win-win here that can be achieved. If we >>> can all agree on meaningful final policy, it will be the norm which >>> everyone should abide. >>> >>> So to be clear. I am not trying to undo the agreement and urge us >>> to stay in discussions. >>> >>> But it sounds like there will be a lot of sleeplessness in Seattle! >>> Those Microsoft people better lock their doors! >>> >>> Regards, >>> >>> Jeff >>> >>> >>> >>> Jeffrey Chester >>> Center for Digital Democracy >>> 1621 Connecticut Ave, NW, Suite 550 >>> Washington, DC 20009 >>> www.democraticmedia.org<http://www.democraticmedia.org/> >>> www.digitalads.org<http://www.digitalads.org/> >>> 202-986-2220 >>> >>> On Jun 3, 2012, at 4:44 PM, Shane Wiley wrote: >>> >>> >>> >>> >>> Jeff, >>> >>> I thought we had solved this issue sometime ago at the beginning of >>> the working group: opt-in vs. opt-out. By moving the UA to default >>> to DNT:1 without an explicit user action, you're creating an opt-in >>> world. I understand you like that end-point, but if you're >>> unwilling to move back to the originally agreed upon opt-out >>> structure, I suspect industry participants may leave the working >>> group. A pure opt-in outcome will have devastating impact to the >>> online ecosystem, will prompt many to develop overly inclusive >>> opt-in approaches, and ultimately consumers lose after being >>> barraged with a sea of opt-in requests. I'm saddened by this sudden >>> 180 on this very key perspective but hopefully saner minds will >>> prevail. >>> >>> In my opinion, we need to resolve this fundamentally core issue >>> prior to moving forward on any other issues at the TPWG. Please let >>> me know if you agree. >>> >>> Thank you, >>> Shane >>> >>> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] >>> Sent: Sunday, June 03, 2012 7:16 AM >>> To: Roy T. Fielding >>> Cc: Justin Brookman; >>> public-tracking@w3.org<mailto:public-tracking@w3.org> >>> Subject: Re: ISSUE-4 and clarity regarding browser defaults >>> >>> I believe having DNT:1 turned on from the start is appropriate for >>> users. The industry has created a ubiquitous data collection system >>> by default (which it terms an "ecosystem"). Users have little >>> choice in an online world shaped by immersive and invisible >>> strategies designed to trigger conversion, viral social marketing, >>> lead gen and related data techniques (let alone a person sold to >>> highest bidder on exchanges). The cross-platform measurement >>> systems being put in place, which mirror the unified marketing >>> platforms, is another example of a world where users have no real >>> choices. With DNT on from the start, a user can make more >>> informed decisions about their data collection practices and then >>> decide how to proceed. >>> >>> Groups such as mine have already taken key issues off the >>> table--such as the need to control first parties. We believe we can >>> have both monetization and privacy. But we need to make DNT >>> meaningful--to stop tracking and collection. I know that the >>> consumer and privacy community is committed to strike the right >>> balance. I look to the industry leaders in this group to help make >>> DNT a reality. >>> >>> >>> Jeffrey Chester >>> Center for Digital Democracy >>> 1621 Connecticut Ave, NW, Suite 550 >>> Washington, DC 20009 >>> www.democraticmedia.org<http://www.democraticmedia.org/> >>> www.digitalads.org<http://www.digitalads.org/> >>> 202-986-2220 >>> >>> On Jun 2, 2012, at 10:45 PM, Roy T. Fielding wrote: >>> >>> >>> >>> >>> >>> On Jun 2, 2012, at 6:29 PM, Justin Brookman wrote: >>> >>> >>> >>> >>> >>> Roy, this precise issue came up on the weekly call on Wednesday, and >>> Aleecia concluded that there was disagreement among the group on the >>> precise question of whether DNT:1 could be on by default, and that >>> we would discuss the issue in Seattle. >>> >>> What we talked about was whether a non-specific add-on (AVG) can >>> set the header field (ISSUE-149) and the impact of conflicting >>> extensions and configuration (ISSUE-150). >>> >>> You can obviously do whatever you like to the document, but I just >>> wanted to point out that the editors seem to disagree with your >>> statement that we have reached consensus on this point. The minutes >>> from the last call (http://www.w3.org/2012/05/30-dnt-minutes) seem >>> to back up my argument, but perhaps I am confused and misunderstood >>> what was said on Wednesday --- guidance from the chairs on this >>> point would be helpful. (Also, FWIW, there is also another raised >>> ISSUE-143 on whether "activating a tracking preference must require >>> explicit, informed consent from a user" . . .) >>> >>> I believe 143 is about additional requirements on user awareness >>> of the new setting when DNT is enabled by an add-on/extension. >>> >>> >>> >>> >>> >>> In the meantime, if you or anyone else could shed some light on why >>> DNT:1 on by default would make the standard more challenging to >>> implement, I would very much like to hear substantive arguments >>> about how that would not be workable. >>> >>> It isn't more challenging to implement. It just won't be >>> implemented because it obscures the user's choice. The essence >>> of any Recommendation is to encourage deployment of a given >>> protocol because it is good for everyone to do so, and we already >>> established that most of industry will deploy DNT if it accurately >>> reflects an individual user's choice. We already discussed this >>> and made a decision. It has not yet been reopened to further >>> discussion, so I am not going to explain it further. >>> >>> Thus far, I have only heard assertions by fiat that we can't >>> discuss the issue and tautological interpretations of the word >>> "preference." If there are technical reasons by DNT:1 on by default >>> would pose problems, what are they (I'm not saying they don't exist, >>> I just don't know)? >>> >>> The technical reason is that it wouldn't match the defined >>> semantics for the field. That could obviously be fixed by >>> changing the definition of the field, but since that is one >>> of the few things we have agreed to already, we have a process >>> that must be followed to reopen the issue. Otherwise, we have >>> no chance of finishing anything. >>> >>> ....Roy >>> >>> >>> >>> David Singer >>> Multimedia and Software Standards, Apple Inc. >>> >>> >
Received on Friday, 27 July 2012 15:55:18 UTC