W3C home > Mailing lists > Public > public-tracking@w3.org > July 2012

Re: ISSUE-4 and clarity regarding browser defaults

From: Tamir Israel <tisrael@cippic.ca>
Date: Fri, 27 Jul 2012 11:54:16 -0400
Message-ID: <5012B9A8.6040900@cippic.ca>
To: David Wainberg <david@networkadvertising.org>
CC: David Singer <singer@apple.com>, Shane Wiley <wileys@yahoo-inc.com>, "Grimmelmann, James" <James.Grimmelmann@nyls.edu>, Mike Zaneis <mike@iab.net>, Jeffrey Chester <jeff@democraticmedia.org>, "Roy T. Fielding" <fielding@gbiv.com>, Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Hi -- I agree this is a core issue, but I think we've canvassed the 
pluses/minuses of it by now. At the end of the day, a choice will need 
to be made, but whenever this issue comes up, it seems to become the 
sole object of discussion for long periods of time (case in point : P).

On 7/27/2012 11:44 AM, David Wainberg wrote:
> David,
>
> I'm not sure this is a distraction, but rather a core issue. If we 
> cannot expect the spec to be implemented, why are we spending all of 
> this effort on it?
>
> -David
>
> On 7/27/12 11:11 AM, David Singer wrote:
>> Shane, others
>>
>> I must admit to being really surprised to hear the industry argue so 
>> forcefully for tracking prevention lists (blacklists).
>>
>> Nonetheless, for this, I would like to re-iterate my previous 
>> suggestion that this discussion is a distraction from completing our 
>> work on what constitutes compliant behavior, and that we leave the 
>> question of what constitutes compliant response to non-compliant 
>> behavior to a future revision. I urge the group not to get distracted 
>> - it will only delay, which is not what any of us want, I am sure.
>>
>> You and I worked on a suggestion that we should make it technically 
>> possible for a site to inform a user sending dnt:1 that it is not 
>> ceasing tracking "for some other reason explained at this URL" and we 
>> stay silent on when that can be used and whether it is compliant. I 
>> still believe that this is the best outcome.
>>
>> Dave Singer (iPhone)
>>
>> On Jul 27, 2012, at 7:53, Shane Wiley <wileys@yahoo-inc.com> wrote:
>>
>>> James,
>>>
>>> I believe that's a fairly stretched logical position as I would 
>>> argue a user's continued use of the non-compliant/invalid UA means 
>>> they do not care about the DNT feature of that UA.
>>>
>>> - Shane
>>>
>>> -----Original Message-----
>>> From: Grimmelmann, James [mailto:James.Grimmelmann@nyls.edu]
>>> Sent: Friday, July 27, 2012 6:31 AM
>>> To: Shane Wiley
>>> Cc: David Singer; Mike Zaneis; Tamir Israel; Jeffrey Chester; Roy T. 
>>> Fielding; Justin Brookman; public-tracking@w3.org
>>> Subject: Re: ISSUE-4 and clarity regarding browser defaults
>>>
>>> There is an irony here.  Whether a user agent is compliant depends 
>>> on whether "a tracking preference expression is only transmitted [by 
>>> the user agent] when it reflects a deliberate choice by the user."  
>>> If a server messages a user that their user agent is noncompliant 
>>> because it sets DNT:1 by default, and the user continues to use the 
>>> user agent when interacting with the server, this takes away much of 
>>> the argument that the user agent is still noncompliant with respect 
>>> to that user.  At this point, the user has been given an explicit 
>>> statement that their user agent is sending DNT:1 and an explanation 
>>> of what that means, and has chosen not to do anything about it.
>>>
>>> James
>>>
>>> --------------------------------------------------
>>> James Grimmelmann              Professor of Law
>>> New York Law School                 (212) 431-2864
>>> 185 West Broadway       
>>> james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu>
>>> New York, NY 10013    http://james.grimmelmann.net
>>>
>>> On Jul 27, 2012, at 2:01 AM, Shane Wiley wrote:
>>>
>>> David,
>>>
>>> I don't believe it's a fair comparison to hold the DNT discussion 
>>> against a pure technical standard where I agree syntax validity is 
>>> typically the only factor in acceptance.  The heavy Policy aspect of 
>>> DNT in this conversation should be taken into consideration when 
>>> viewing valid vs. invalid signals.
>>>
>>> A better comparison would be to look at hardware centric standards 
>>> where a capability failure alerts a user to the situation and 
>>> becomes a forcing function for correct marketplace behavior.
>>>
>>> For example, if I make an HDMI cable that says it supports the 1.3 
>>> HDMI standard and when a user connects the cable to a receiver and 
>>> TV and they both suggest the HDMI cable is not compliant with v1.3 
>>> and reject the cable, the user will need to purchase a different 
>>> cable that is compliant.  The original company that was not 
>>> compliant will of course be driven to work to update their cable 
>>> design to bring it back into compliance so people will purchase it.  
>>> To think a standard would take the position that makers of receivers 
>>> and TVs must accept any HDMI cable regardless of standards 
>>> compliance would make no sense.  And it shouldn't in our case either.
>>>
>>> Allowing Servers to message users that their User Agent is invalid 
>>> (non-compliant) will drive users who care to switch to a different 
>>> User Agent to express their preferences in a compliant manner.  If 
>>> the percentage of users leaving the non-compliant User Agent reaches 
>>> a significant "enough" level, then one would assume the maker of the 
>>> User Agent would move their product into compliance to remove this 
>>> reason for user departures.  This is why standards in other contexts 
>>> have a natural forcing alignment function.  Suggesting that Servers 
>>> must honor "any DNT signal" - even from non-compliant UAs - doesn't 
>>> allow natural alignment to occur.
>>>
>>> With respect to EU considerations, I believe the confusion is that 
>>> some are suggesting servers not respond to the invalid UA DNT 
>>> signal.  To be clear the goal is to transparently share with the 
>>> user their User Agent (browser) of choice is non-compliant and to 
>>> offer them alternatives at that time (if they desire to take them).  
>>> User knowledge of the situation is key.
>>>
>>> - Shane
>>>
>>> From: David Singer [mailto:singer@apple.com]
>>> Sent: Thursday, July 26, 2012 3:49 PM
>>> To: Mike Zaneis
>>> Cc: Tamir Israel; Jeffrey Chester; Shane Wiley; Roy T. Fielding; 
>>> Justin Brookman; public-tracking@w3.org<mailto:public-tracking@w3.org>
>>> Subject: Re: ISSUE-4 and clarity regarding browser defaults
>>>
>>> Mike
>>>
>>> I like it that you state your positions clearly and without 
>>> dissimulation (perhaps a little strongly, though?), but...
>>>
>>> I agree with Tamir: we HAVE decided that user-agents should not 
>>> enable DNT by default.  We have NOT decided whether sites can ignore 
>>> a protocol-valid DNT signal because they think it might possibly 
>>> not, in some cases, reflect the user's true intention.  (Nor have we 
>>> decided whether user-agents can disbelieve what the sites say, under 
>>> some circumstances).
>>>
>>> Generally, in protocols, the normal practice is that if the protocol 
>>> exchange itself is valid, but you think it an error for the other 
>>> end to be doing something, you write software that respects the 
>>> protocol (after all, you want your implementation to be cleanly 
>>> compliant, with no questions), and you write letters asking the 
>>> other company to get into compliance.
>>>
>>> Personally, as I have stated, I think the end-points (software) 
>>> trying to second-guess "did he really mean that?" is highly 
>>> questionable and a recipe for a downward spiral of 
>>> measure/counter-measure, and so on. I also feel that we have our 
>>> work cut out deciding what conformance exchanges entail, without 
>>> trying to define how end-points behave when faced with (the myriad 
>>> possibilities of) non-conformant, or suspected non-conformant, behavior
>>>
>>> On Jul 26, 2012, at 14:24 , Mike Zaneis 
>>> <mike@iab.net<mailto:mike@iab.net>> wrote:
>>>
>>>
>>> Tamir,
>>>
>>> You are simply wrong.  This group has decided that browsers should 
>>> be shipped with DNT turned off.  Furthermore, we have agreed that 
>>> browsers shipped with DNT turned on would be non-compliant with the 
>>> spec (Aleecia has been very public with this position).  Therefore, 
>>> a company can be compliant with the W3C spec and ignore a signal 
>>> that they know to have been sent by a default setting.  If read the 
>>> story, that is the scenario being discussed.
>>>
>>> There are many open questions around knowing how a signal was set 
>>> and what the appropriate actions may be.  Those issues are being 
>>> worked on, but if we cannot agree on the previous scenario, and 
>>> industry is going to be attacked post any W3C spec if they operate 
>>> in this fashion, then I question why we are continuing our work.
>>>
>>> Mike Zaneis
>>> SVP & General Counsel
>>> Interactive Advertising Bureau
>>> (202) 253-1466
>>>
>>> Follow me on Twitter @mikezaneis
>>>
>>>
>>> From: Tamir Israel [mailto:tisrael@cippic.ca<http://cippic.ca>]
>>> Sent: Thursday, July 26, 2012 5:07 PM
>>> To: Mike Zaneis
>>> Cc: Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin Brookman; 
>>> public-tracking@w3.org<mailto:public-tracking@w3.org>
>>> Subject: Re: ISSUE-4 and clarity regarding browser defaults
>>>
>>> Hi Mike,
>>>
>>> As I am sure you are well aware from the multiple times this has 
>>> been discussed recently, the issue Jeff was referring to is far from 
>>> closed.
>>>
>>> You seem to be conflating two distinct issues, in fact. The one you 
>>> are referring to, which was, indeed, closed long ago, was whether 
>>> the specification would obligateany form of default setting. The 
>>> conclusion was that it would not.
>>>
>>> The issue Jeff is referring to is one that has been quite 
>>> contentious and has not yet, to my knowledge, been resolved. This 
>>> second issue is whether servers will be permitted to simply ignore 
>>> DNT-1 signals sent by any IE user simply because they do not feel 
>>> these are an accurate representation of user preference.
>>>
>>> As we have all discussed multiple times, these two questions are 
>>> quite distinct.
>>>
>>> Best regards,
>>> Tamir
>>>
>>> On 7/26/2012 4:55 PM, Mike Zaneis wrote:
>>> Jeff,
>>>
>>> I hate to revisit an issue that has been closed at least twice 
>>> before, the first time being way back in September, but you again 
>>> raised the browser default setting issue and its place in the W3C 
>>> standards process - 
>>> http://www.chicagotribune.com/news/tribnation/chi-reporting-privacy-vs-profits-on-internet-browsers-20120726,0,5932169.story.  
>>> The story is about the W3C TPE Working Group and how Microsoft has 
>>> decided to ship IE10 with the DNT flag turned on.  I was extremely 
>>> disappointed to see your quote that industry would face a "bloody 
>>> virtual and real-world fight" if we did not honor such a default.  
>>> That flies in the face of your statement from last month (see below 
>>> to refresh your memory).
>>>
>>> I have to question whether you are negotiating at the W3C in good 
>>> faith.  If the industry is to be attacked and engaged in a bloody 
>>> fight even if we develop and adopt a W3C standard, then what is the 
>>> incentive for us to remain at the table?  Can you please clarify 
>>> your position on this vitally important issue.
>>>
>>> Mike Zaneis
>>> SVP & General Counsel
>>> Interactive Advertising Bureau
>>> (202) 253-1466
>>>
>>> Follow me on Twitter @mikezaneis
>>>
>>>
>>> From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
>>> Sent: Sunday, June 03, 2012 5:41 PM
>>> To: Shane Wiley
>>> Cc: Roy T. Fielding; Justin Brookman; 
>>> public-tracking@w3.org<mailto:public-tracking@w3.org>
>>> Subject: Re: ISSUE-4 and clarity regarding browser defaults
>>>
>>> I support what the working group agreed to, with DNT not being 
>>> shipped as on.  That is part of the set of compromises we have 
>>> agreed to within the working group.  I was surprised as everyone 
>>> else with Microsoft's announcement.  I was just responding the tone 
>>> of some of the comments in the press where various industry players 
>>> suggest that Microsoft is a digital Benedict Arnold.  That said, we 
>>> need to conclude this work with agreement on definition for policy.  
>>> I still believe there is a win-win here that can be achieved.  If we 
>>> can all agree on meaningful final policy, it will be the norm which 
>>> everyone should abide.
>>>
>>> So to be clear.  I am not trying to undo the agreement and urge us 
>>> to stay in discussions.
>>>
>>> But it sounds like there will be a lot of sleeplessness in Seattle!  
>>> Those Microsoft people better lock their doors!
>>>
>>> Regards,
>>>
>>> Jeff
>>>
>>>
>>>
>>> Jeffrey Chester
>>> Center for Digital Democracy
>>> 1621 Connecticut Ave, NW, Suite 550
>>> Washington, DC 20009
>>> www.democraticmedia.org<http://www.democraticmedia.org/>
>>> www.digitalads.org<http://www.digitalads.org/>
>>> 202-986-2220
>>>
>>> On Jun 3, 2012, at 4:44 PM, Shane Wiley wrote:
>>>
>>>
>>>
>>>
>>> Jeff,
>>>
>>> I thought we had solved this issue sometime ago at the beginning of 
>>> the working group:  opt-in vs. opt-out.  By moving the UA to default 
>>> to DNT:1 without an explicit user action, you're creating an opt-in 
>>> world.  I understand you like that end-point, but if you're 
>>> unwilling to move back to the originally agreed upon opt-out 
>>> structure, I suspect industry participants may leave the working 
>>> group.  A pure opt-in outcome will have devastating impact to the 
>>> online ecosystem, will prompt many to develop overly inclusive 
>>> opt-in approaches, and ultimately consumers lose after being 
>>> barraged with a sea of opt-in requests.  I'm saddened by this sudden 
>>> 180 on this very key perspective but hopefully saner minds will 
>>> prevail.
>>>
>>> In my opinion, we need to resolve this fundamentally core issue 
>>> prior to moving forward on any other issues at the TPWG.  Please let 
>>> me know if you agree.
>>>
>>> Thank you,
>>> Shane
>>>
>>> From: Jeffrey Chester [mailto:jeff@democraticmedia.org]
>>> Sent: Sunday, June 03, 2012 7:16 AM
>>> To: Roy T. Fielding
>>> Cc: Justin Brookman; 
>>> public-tracking@w3.org<mailto:public-tracking@w3.org>
>>> Subject: Re: ISSUE-4 and clarity regarding browser defaults
>>>
>>> I believe having DNT:1 turned on from the start is appropriate for 
>>> users.  The industry has created a ubiquitous data collection system 
>>> by default (which it terms an "ecosystem").  Users have little 
>>> choice in an online world shaped by immersive and invisible 
>>> strategies designed to trigger conversion, viral social marketing, 
>>> lead gen and related data techniques (let alone a person sold to 
>>> highest bidder on exchanges).  The cross-platform measurement 
>>> systems being put in place, which mirror the unified marketing 
>>> platforms, is another example of a world where users have no real 
>>> choices.   With DNT on from the start,  a user can make more 
>>> informed decisions about their data collection practices and then 
>>> decide how to proceed.
>>>
>>> Groups such as mine have already taken key issues off the 
>>> table--such as the need to control first parties.  We believe we can 
>>> have both monetization and privacy.  But we need to make DNT 
>>> meaningful--to stop tracking and collection.  I know that the 
>>> consumer and privacy community is committed to strike the right 
>>> balance.  I look to the industry leaders in this group to help make 
>>> DNT a reality.
>>>
>>>
>>> Jeffrey Chester
>>> Center for Digital Democracy
>>> 1621 Connecticut Ave, NW, Suite 550
>>> Washington, DC 20009
>>> www.democraticmedia.org<http://www.democraticmedia.org/>
>>> www.digitalads.org<http://www.digitalads.org/>
>>> 202-986-2220
>>>
>>> On Jun 2, 2012, at 10:45 PM, Roy T. Fielding wrote:
>>>
>>>
>>>
>>>
>>>
>>> On Jun 2, 2012, at 6:29 PM, Justin Brookman wrote:
>>>
>>>
>>>
>>>
>>>
>>> Roy, this precise issue came up on the weekly call on Wednesday, and 
>>> Aleecia concluded that there was disagreement among the group on the 
>>> precise question of whether DNT:1 could be on by default, and that 
>>> we would discuss the issue in Seattle.
>>>
>>> What we talked about was whether a non-specific add-on (AVG) can
>>> set the header field (ISSUE-149) and the impact of conflicting
>>> extensions and configuration (ISSUE-150).
>>>
>>> You can obviously do whatever you like to the document, but I just 
>>> wanted to point out that the editors seem to disagree with your 
>>> statement that we have reached consensus on this point.  The minutes 
>>> from the last call (http://www.w3.org/2012/05/30-dnt-minutes) seem 
>>> to back up my argument, but perhaps I am confused and misunderstood 
>>> what was said on Wednesday --- guidance from the chairs on this 
>>> point would be helpful.  (Also, FWIW, there is also another raised 
>>> ISSUE-143 on whether "activating a tracking preference must require 
>>> explicit, informed consent from a user" . . .)
>>>
>>> I believe 143 is about additional requirements on user awareness
>>> of the new setting when DNT is enabled by an add-on/extension.
>>>
>>>
>>>
>>>
>>>
>>> In the meantime, if you or anyone else could shed some light on why 
>>> DNT:1 on by default would make the standard more challenging to 
>>> implement, I would very much like to hear substantive arguments 
>>> about how that would not be workable.
>>>
>>> It isn't more challenging to implement.  It just won't be
>>> implemented because it obscures the user's choice.  The essence
>>> of any Recommendation is to encourage deployment of a given
>>> protocol because it is good for everyone to do so, and we already
>>> established that most of industry will deploy DNT if it accurately
>>> reflects an individual user's choice.  We already discussed this
>>> and made a decision. It has not yet been reopened to further
>>> discussion, so I am not going to explain it further.
>>>
>>>   Thus far, I have only heard assertions by fiat that we can't 
>>> discuss the issue and tautological interpretations of the word 
>>> "preference."  If there are technical reasons by DNT:1 on by default 
>>> would pose problems, what are they (I'm not saying they don't exist, 
>>> I just don't know)?
>>>
>>> The technical reason is that it wouldn't match the defined
>>> semantics for the field.  That could obviously be fixed by
>>> changing the definition of the field, but since that is one
>>> of the few things we have agreed to already, we have a process
>>> that must be followed to reopen the issue.  Otherwise, we have
>>> no chance of finishing anything.
>>>
>>> ....Roy
>>>
>>>
>>>
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>>
>>>
>
Received on Friday, 27 July 2012 15:55:18 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:53 UTC