- From: Tamir Israel <tisrael@cippic.ca>
- Date: Wed, 20 Jun 2012 23:33:53 -0400
- To: David Singer <singer@apple.com>
- CC: Kevin Kiley <kevin.kiley@3pmobile.com>, "public-tracking@w3.org" <public-tracking@w3.org>, "mts-std@schunter.org" <mts-std@schunter.org>, "fielding@gbiv.com" <fielding@gbiv.com>, "rigo@w3.org" <rigo@w3.org>
Hi David, On 6/19/2012 7:46 PM, David Singer wrote: > Indeed, we had a compromise here: > > * there may be some User Agents that are specifically made and > marketed as being privacy-enhancing, and they could indeed have a > default (and maybe they use Tor, reduce fingerprinting, and so on) > * there may be some Sites that are specifically for the purpose of > tracking ('TrackMyReading.com') where signing up for the site implies > out-of-band permission to track. > > General-purpose UAs cannot claim to be the first; and general-purpose > sites cannot claim to be the second. They both need to take extra > steps (to allow the user to turn on DNT, or to ask the user for an > exception). > > This is a balance, and a compromise; if we discard one, we should > discard the other. The text currently in the TPE I believe respects > both. We should probably critique what is actually written... What restrictions does the current spec place on out of band consent? I thought it was largely left to server discretion, so the server might accept notice buried in its linked TOU coupled with minimal interaction as out-of-band permission regardless of whether 'site.com' is self-evidently a tracking site or not. I personally do not have a problem with implying consent in cases where tracking is self-evident from the nature of the service. Best regards, Tamir
Received on Thursday, 21 June 2012 03:34:40 UTC