- From: Tamir Israel <tisrael@cippic.ca>
- Date: Wed, 20 Jun 2012 23:33:53 -0400
- To: David Singer <singer@apple.com>
- CC: Kevin Kiley <kevin.kiley@3pmobile.com>, "public-tracking@w3.org" <public-tracking@w3.org>, "mts-std@schunter.org" <mts-std@schunter.org>, "fielding@gbiv.com" <fielding@gbiv.com>, "rigo@w3.org" <rigo@w3.org>
Hi David,
On 6/19/2012 7:46 PM, David Singer wrote:
> Indeed, we had a compromise here:
>
> * there may be some User Agents that are specifically made and
> marketed as being privacy-enhancing, and they could indeed have a
> default (and maybe they use Tor, reduce fingerprinting, and so on)
> * there may be some Sites that are specifically for the purpose of
> tracking ('TrackMyReading.com') where signing up for the site implies
> out-of-band permission to track.
>
> General-purpose UAs cannot claim to be the first; and general-purpose
> sites cannot claim to be the second. They both need to take extra
> steps (to allow the user to turn on DNT, or to ask the user for an
> exception).
>
> This is a balance, and a compromise; if we discard one, we should
> discard the other. The text currently in the TPE I believe respects
> both. We should probably critique what is actually written...
What restrictions does the current spec place on out of band consent? I
thought it was largely left to server discretion, so the server might
accept notice buried in its linked TOU coupled with minimal interaction
as out-of-band permission regardless of whether 'site.com' is
self-evidently a tracking site or not.
I personally do not have a problem with implying consent in cases where
tracking is self-evident from the nature of the service.
Best regards,
Tamir
Received on Thursday, 21 June 2012 03:34:40 UTC