RE: Proposals for Compliance issue clean up

It has been pointed out to me that my last message may have been too brief to be constructive, for which I apologise.

 

I was simply offering an opinion, namely that the early decision (to make the compliance spec mean different things to sites receiving DNT:1)  is one of the reasons our process is stuck, which in turn has opened it up to ridicule. My interjection was to what I perceived as an example of this, applying the 1st party rule to redirector hosts.

 

I think it also underlies the emotional reaction to debates shown by some, either because they feel disadvantaged by the lack of a level playing field, or they feel that the original conception of DNT as a simple declarative indication of intent has been lost.

 

I believe the idea was a compromise in order to reach agreement, but that has patently not happened. In fact it has had the opposite effect.

 

Because only servers accessed in a 3rd party context need to amend their business practices, companies naturally try to ensure their operation is in the other category. This has led to continued debate about how the  categories are defined and differentiated  in the TPC and overly complex additions of protocol elements to the TPE. For example, extra qualifiers in the request and the response headers have had to be invented, which Ian pointed out was becoming tedious.

 

I also think this had made reaching agreement on exemptions more difficult, because DNT has a greater impact on parties that rely on 3rd party elements and do not have the high traffic sites. This fundamental unfairness has led to some inventing ever more exemption categories to get their operations off the hook.

 

My opinion is that there should be no difference in the compliance spec between 1st and 3rd parties, the DNT:1 signal should mean UUIDs must not be allocated or used without consent, and we should put more effort in designing an effective and transparent exception protocol. As has been pointed out many times this distinction cannot apply in Europe anyway. The reason most of us are here is to respond to people’s unease about privacy and loss of trust in the web, and we should primarily address that.

 

Mike

 

 

 

From: Mike O'Neill [mailto:michael.oneill@baycloud.com] 
Sent: 10 November 2012 09:20
To: ifette@google.com
Cc: public-tracking@w3.org
Subject: RE: Proposals for Compliance issue clean up

 

Ian,

 

Redirections are invisible to users so we cannot give the parties that host them carte blanche to ignore DNT. The 1st party/ 3rd party distinction is starting to make this whole process look ridiculous.

 

Mike

 

From: Ian Fette (イアンフェッティ) [mailto:ifette@google.com] 
Sent: 09 November 2012 21:07
To: Aleecia M. McDonald
Cc: public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org)
Subject: Re: Proposals for Compliance issue clean up

 

Aleecia, there was proposed text as an alternative to ISSUE-97/ACTION/196. See my work on ACTION-303 and proposals on that thread. http://www.w3.org/2011/tracking-protection/track/actions/303

 

In particular, I am not satisfied with redirects being treated as third parties and would object to that concept.

 

-Ian

 

On Fri, Nov 9, 2012 at 12:04 PM, Aleecia M. McDonald <aleecia@aleecia.com> wrote:

Here are places we might have straight-forward decisions. If there are no responses within a week (that is, by Friday 16 November,) we will adopt the proposals below.


For issue-97 (Re-direction, shortened URLs, click analytics -- what kind of tracking is this?)  with action-196, we have text with no counter proposal. Unless someone volunteers to take an action to write opposing text, we will close this with the action-196 text.
        PROPOSED: We adopt the text from action-196, http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0106.html

For issue-60 (Will a recipient know if it itself is a 1st or 3rd party?) we had a meeting of the minds (http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0129.html) but did not close the issue. We have support for 3.5.2 Option 2, http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-first-third-parties-opt-2, with one of the authors of 3.5.1 Option 1, http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-first-third-parties-opt-2 accepting Option 2. There was no sustained objection against Option 2 at that time. Let us find out if there is remaining disagreement.
        PROPOSED: We adopt 3.5.2 Option 2, http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-first-third-parties-opt-2

For action-306, we have a proposed definition with accompanying non-normative examples
        PROPOSED: We adopt the text from action-306 to define declared data, to be added to the definitions in the Compliance document, http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0296.html
        PROPOSED: We look for volunteers to take an action to write text explaining when and how declared data is relevant (See the note in 6.1.2.3, http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#first-party-data) to address issue-64

        Aleecia

 

Received on Saturday, 10 November 2012 15:41:38 UTC