- From: イアンフェッティ <ifette@google.com>
- Date: Wed, 30 May 2012 21:31:58 -0700
- To: Lauren Gelman <gelman@blurryedge.com>
- Cc: Shane Wiley <wileys@yahoo-inc.com>, Justin Brookman <justin@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <CAF4kx8cBzWDZcsY5Fs1ibpBYJOW0LRDBMZEC9tQaUWFkCR6tLw@mail.gmail.com>
It's also to note that over time, things have tended to shift, e.g. some browsers are now blocking third party cookies by default... On Wed, May 30, 2012 at 4:44 PM, Lauren Gelman <gelman@blurryedge.com>wrote: > > Of course-- but realistically, majority default DNT is not the world this > standard will exist in. DNT is going to be a 10% solution. > > Frankly, having done privacy for almost 20 years, the idea that millions > of users are going to turn on any privacy setting such that they > unknowingly stop sharing their data in a way that actually has any impact > on any businesses bottom line is unrealistic at best. (Can anyone point to > any internet business, ever, where this has happened??) I've heard of spam, > spyware, fishing, spear fishing, etc. I've never heard of a massive > pro-privacy viral campaign that worked. There's lots of $ behind > companies trying to get users to turn off DNT and no $ to try to get them > to turn it on, so I think this is really orthogonal to what this group is > working on. > > Lauren Gelman > BlurryEdge Strategies > 415-627-8512 > > On May 30, 2012, at 4:05 PM, Ian Fette (イアンフェッティ) wrote: > > I think the desire though is that DNT is a representation of a user's > explicit preference. If a browser set it by default, for instance, would a > site be obligated to respect it? > > -Ian > > On Wed, May 30, 2012 at 3:33 PM, Lauren Gelman <gelman@blurryedge.com>wrote: > >> >> I don't see the parity here. One is a user's affirmative action being >> overruled by another entity. The other is the user opting to change a >> default setting. >> >> Lauren Gelman >> BlurryEdge Strategies >> 415-627-8512 >> >> On May 30, 2012, at 3:22 PM, Shane Wiley wrote: >> >> Justin,**** >> ** ** >> If companies are expected to achieve “informed and explicit” consent to >> turn off DNT, then it is only fair that User Agents also achieve “informed >> and explicit” consent to turn on DNT. Do you disagree?**** >> ** ** >> - Shane**** >> ** ** >> *From:* Justin Brookman [mailto:justin@cdt.org] >> *Sent:* Wednesday, May 30, 2012 3:17 PM >> *To:* public-tracking@w3.org >> *Subject:* Re: tracking-ISSUE-150: DNT conflicts from multiple user >> agents [Tracking Definitions and Compliance]**** >> ** ** >> What problem? You honor the header by doing what the spec says. There >> is no need for you to try to discern user intent, and indeed, no way for >> you to do so. Ad networks cannot be and are not expected to be responsible >> for every UI or every possible bit of misinformation someone saw in a >> comment thread on Reddit to get them to turn on DNT in the first place. >> >> Today, if someone sets their browser to block third-party cookies, you >> don't try to circumvent that on the theory that someone maybe didn't >> understand what cookies did in the first place. Nor do we dictate to the >> user agents how and when to surface and describe those capabilities. >> >> If there are conflicting headers, that's a different issue, and Ian and >> Jonathan are putting together draft text on that issue. >> >> **** >> >> Justin Brookman**** >> >> Director, Consumer Privacy**** >> >> Center for Democracy & Technology**** >> >> 1634 I Street NW, Suite 1100**** >> >> Washington, DC 20006**** >> >> tel 202.407.8812**** >> >> fax 202.637.0969**** >> >> justin@cdt.org**** >> >> http://www.cdt.org**** >> >> @CenDemTech**** >> >> @JustinBrookman**** >> >> >> On 5/30/2012 3:34 PM, Chris Mejia wrote:**** >> I believe new Issue-150 is closely related to open Issue-143. If the >> user's intent in turning on/off DNT is not clear (especially in cases where >> the user doesn't even know they are specifically sending a DNT:1 header), >> there is no way for publishers to understand how to accurately "honor" any >> consumer's DNT header flag— *it's a fundamental flaw with this scope of >> this proceeding*. I laid out the concern in some detail in my previous >> email to the group ("In Support of Issue-143"); so I'll just give the brief >> version here: if publishers do not understand the context of the user's DNT >> expression (was the user properly informed about what setting does/means, >> before it was set) how are publishers to determine what the user actually >> intended, or if they user is even aware that a DNT flag is being sent? If >> any question/statement in any UI can lead to the sending of DNT:1 or DNT:0, >> where is the integrity of the system/solution? **** >> ** ** >> To give just one example (there are many) of how a DNT mechanism that >> lacks a uniform informed consent requirement might be abused, consider the >> theoretical yet plausible scenario where an email is sent to (millions of) >> users informing the users that they should "*click here to prevent evil >> doers from knowing who you are*" or even worse, "*click here if you >> think blue is a pretty color*" (replace with a variety of malware >> tactics), the user's click leading to a programatic setting of DNT, without >> the user's informed consent under uniform compliance rules. When that >> happens (some zealot decides to abuse the system), I'm sure we'll >> eventually learn about it, after some amount of damage being done. **** >> ** ** >> *When it becomes known that users were deceived into sending a DNT >> expression (no uniform informed consent), here's what the end-game of >> publishers might be: * without a way of discerning how DNT was set >> (which program; who owns the program; being able to inspect the program), >> and under which auspices it was set (what did the user agree to when they >> clicked?), when learning of a set of users who were deceived into setting >> DNT, publishers may be forced to consider if they should honor any DNT >> header requests at all, in an effort to protect the web experience of all >> users. Under this scenario, publishers may be compelled to issue public >> statements outlining the fatal flaws of this W3C DNT mechanism, citing the >> specific abuses, and walking away from compliance on the grounds that being >> "compliant" with such a system would be harmful to the majority of its >> users.**** >> ** ** >> Is that really the result that this working group is looking for? If >> not, I strongly suggest that we all get on board with defining a system >> where the actual intent of the user is absolutely clear— the only way I can >> think to accomplish this is to require compliance with a uniform >> requirement to properly educate/inform the user about their choice, at the >> point user choice is made. Of course I'm open to hearing other suggestions >> for solving this problem, but I feel that "*it's out of scope/Charter >> for this project*" is not an acceptable solution— that answer does not >> solve the problem described here and in open Issue-143. Please, let's >> solve the actual problem.**** >> ** ** >> Chris Mejia, IAB/DAA**** >> ** ** >> ** ** >> On 5/30/12 1:35 PM, "Tracking Protection Working Group Issue Tracker" < >> sysbot+tracker@w3.org> wrote:**** >> ** ** >> >> tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking >> Definitions and Compliance]**** >> ** ** >> http://www.w3.org/2011/tracking-protection/track/issues/150**** >> ** ** >> Raised by: Aleecia McDonald**** >> On product: Tracking Definitions and Compliance**** >> ** ** >> Due to multiple addons that support Do Not Track, there could be >> conflicts. For example, a user could turn off DNT (not unset, actually off, >> sending DNT:0) in Firefox, yet install Abine's "Do Not Track Plus" addon >> (which sends DNT:1). More fun, users could have three different addons, >> each with a different value. Do we have either best practices or >> requirements for user agents here?**** >> ** ** >> Created from original issue-148, with actions taken by ifette and jmayer >> to write proposals.**** >> ** ** >> ** ** >> ** ** >> ** ** >> >> >> > >
Received on Thursday, 31 May 2012 04:32:31 UTC