- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 14 Mar 2012 00:54:40 -0700
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
On Mar 13, 2012, at 11:42 PM, Jonathan Mayer wrote: > Industry participants have expressed concern that DNT could curtail their ability to detect fraud and thwart attacks. I think you misunderstand. Industry will not reduce fraud detection or attack prevention just because the potential attacker has DNT on, for obvious reasons. It would not be beneficial for legitimate DNT users. This is not even open to debate. > Civil society participants have expressed concern that blanket exceptions for fraud and security would undermine DNT's privacy protections. > > I'd like to propose proportionate response as a direction for compromise. The notion is straightforward: once there is reason to suspect a user or user agent of foul play, DNT's limits dissipate. Proportionate response is nothing new in online advertising; many businesses, including some in the group, have already deployed it. (To some measure proportionate response is already necessary since an attacker could trivially clear cookies.) In a word, no. I will not compromise here. Some sites use cookies as a means to differentiate legitimate traffic from other traffic -- clearing cookies doesn't impact that at all because the user just gets directed back to the setting part. Generally speaking, cookie setting for fraud is only relevant to first-party sites. Third-party fraud control is a lot more aggressive, and none of those folks will ever implement DNT. It is their function not to. Laws and regulations are the only things that will ever impact their function (and for some cases, not even then). There are existing regulatory vehicles for limiting fraud protection and associated data retention to what is necessary to perform that function. The "necessary" will be different for every site. It should be evaluated by folks who are competent in the specific market for which the fraud is being prevented. In some cases, a proportionate response will be the recommended course of action; in others, it won't. In any case, the same limitations will apply with or without DNT. We should ignore collection by fraud prevention companies and focus instead on ways to limit the damage. For example, forbid data sharing of collected data -- only allow aggregate/probabilistic answers regarding a specific user so that there is no dual-use of the data and no sharing of user activity trails across sites. Limit retention to what is necessary. We could also suggest specific examples of performing fraud prevention in specific markets (like online advertising) in ways that are more DNT-friendly than storing user activity. In other words, reduce the scope of "necessary" for folks who read the spec. ....Roy
Received on Wednesday, 14 March 2012 07:55:25 UTC