Re: ISSUE-4 and clarity regarding browser defaults, and a plea to 'stay the course'

On Jun 3, 2012, at 18:44 , Shane Wiley wrote:

> Thank you Jeff.  Letís hope we can close on the opt-in vs. opt-out issue THIS WEEK.
> - Shane
> From: Jeffrey Chester [] 
> Sent: Sunday, June 03, 2012 2:41 PM
> To: Shane Wiley
> Cc: Roy T. Fielding; Justin Brookman;
> Subject: Re: ISSUE-4 and clarity regarding browser defaults
> I support what the working group agreed to, with DNT not being shipped as on.  That is part of the set of compromises we have agreed to within the working group.  I was surprised as everyone else with Microsoft's announcement.  I was just responding the tone of some of the comments in the press where various industry players suggest that Microsoft is a digital Benedict Arnold.  That said, we need to conclude this work with agreement on definition for policy.  I still believe there is a win-win here that can be achieved.  If we can all agree on meaningful final policy, it will be the norm which everyone should abide.  
> So to be clear.  I am not trying to undo the agreement and urge us to stay in discussions.  
> But it sounds like there will be a lot of sleeplessness in Seattle!  Those Microsoft people better lock their doors!
> Regards,
> Jeff

I think we have a number of areas where we have spent a lot of time in mutual understanding, and come to positions which reflect that.  I don't want to see all that hard-won understanding lost.  Two that stand out, for me, in the current debate, are as follows:

The first concerns 'user intent'.  We have been really clear that though there may be specialist user-agents with a primary focus on privacy, that might turn on DNT by default, we didn't think it was appropriate for general-purpose user-agents, as that weakens the idea of 'informed choice' by the user.  Similarly, we realize that there may be specialist sites with a primary purpose of tracking (the example '' I have given), that might claim an out-of-band exception as resulting from signing up for the service, we didn't think it was appropriate for more general sites to claim an out-of-band exception through their policies, as that weakens the concept of 'informed consent' by the user.  These are both compromises: no doubt the world would be simpler if we ruled them both out, but we are being realists.

The second concerns retention and use.  It's probably true that for business, life is easier if retention is uncontrolled, and only use is controlled - resulting in the 'do not target' approach.  And it's probably true that for users wanting privacy, the best privacy happens when there are no records - resulting in the 'do not record' approach.  Unsurprisingly, the group has realized the need for some retention (and, indeed, use), but also the virtue of having some limits on it.  Again, this is a compromise position, and again, life might be simpler -- but unrealistic -- at either end of the spectrum.

I think we should *expect* to see both sites and user-agents that initially do not conform to our understanding, and I also think that people should call them out. 

What I don't think *we* should do, in the working group, is over-react; the existence of these, as long as they are outliers, does not call the work of this group into question, or make it pointless.  (Of course, if we find that for good reason some aspect of our specification is broadly not implemented as specified, we should absolutely revisit.  But I don't think that time has come.)

So, in summary, let's not take decisions (or trials) by individuals or corporations as calling into question all we have achieved.  Indeed, let's stay the course and produce something worthy of soliciting broader comment (a public document) on schedule; we are on track to do it, and I don't think we should get distracted and revisit old agreements unless there is new data.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 4 June 2012 17:20:16 UTC