- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Tue, 13 Nov 2012 12:20:40 -0500
- To: Mike O'Neill <michael.oneill@baycloud.com>
- CC: <public-tracking@w3.org>
- Message-ID: <CCC7EB80.2597E%achapell@chapellassociates.com>
Hi Mike - Thanks for the clarification. Cheers, Alan Chapell Chapell & Associates 917 318 8440 From: Mike O'Neill <michael.oneill@baycloud.com> Date: Monday, November 12, 2012 3:15 PM To: Alan Chapell <achapell@chapellassociates.com> Cc: <public-tracking@w3.org> Subject: RE: Proposals for Compliance issue clean up > Hi Alan, > > I have no problem (in the DNT case) with reasonable commercial purposes like > frequency capping, click fraud detection etc., as long as minimum entropy UUID > were only around for a short period (hours rather than months), not be > recreated or cloned etc. and solely used for those purposes. What most people > don’t want is their web history gathered without their consent, and that needs > persistent or constantly recreated UUIDs. If they were confident their > non-consent would be strictly honoured, and consent could be easily revoked, > then I’m sure ultimately most people would not have a problem with OBA. > > Mike > > > > > > From: Alan Chapell [mailto:achapell@chapellassociates.com] > Sent: 12 November 2012 14:54 > To: Mike O'Neill; public-tracking@w3.org > Cc: ifette@google.com; tlr@w3.org > Subject: Re: Proposals for Compliance issue clean up > > > Good Morning Mike, pls see below… > > > > > > From: Mike O'Neill <michael.oneill@baycloud.com> > Date: Saturday, November 10, 2012 10:40 AM > To: <public-tracking@w3.org> > Cc: <ifette@google.com>, <tlr@w3.org> > Subject: RE: Proposals for Compliance issue clean up > Resent-From: <public-tracking@w3.org> > Resent-Date: Sat, 10 Nov 2012 15:41:40 +0000 > > >> >> It has been pointed out to me that my last message may have been too brief to >> be constructive, for which I apologise. >> >> I was simply offering an opinion, namely that the early decision (to make the >> compliance spec mean different things to sites receiving DNT:1) is one of >> the reasons our process is stuck, which in turn has opened it up to ridicule. >> My interjection was to what I perceived as an example of this, applying the >> 1st party rule to redirector hosts. > > > > Agree completely re: the 1st party and 3rd party distinctions – when taken to > the extreme – are creating all kinds of issues with the spec. Specifically, > (and at risk of sounding like a broken record) significant anti-competitive > issues, a negative impact upon diversity of content choices for Users, and > (quite ironically) little to no improvement on consumer privacy choices. > Although given that we haven't done a great job as a group of articulating the > privacy harms we're trying to address, I suspect this final point may be lost > on some. > > > > I may have missed your point re: redirector hosts. What is the issue we're > trying to get at by pushing for redirector hosts to be treated as 3rd parties? > > >> >> >> I think it also underlies the emotional reaction to debates shown by some, >> either because they feel disadvantaged by the lack of a level playing field, >> or they feel that the original conception of DNT as a simple declarative >> indication of intent has been lost. >> >> I believe the idea was a compromise in order to reach agreement, but that has >> patently not happened. In fact it has had the opposite effect. >> >> Because only servers accessed in a 3rd party context need to amend their >> business practices, companies naturally try to ensure their operation is in >> the other category. This has led to continued debate about how the >> categories are defined and differentiated in the TPC and overly complex >> additions of protocol elements to the TPE. For example, extra qualifiers in >> the request and the response headers have had to be invented, which Ian >> pointed out was becoming tedious. >> >> I also think this had made reaching agreement on exemptions more difficult, >> because DNT has a greater impact on parties that rely on 3rd party elements >> and do not have the high traffic sites. This fundamental unfairness has led >> to some inventing ever more exemption categories to get their operations off >> the hook. >> >> My opinion is that there should be no difference in the compliance spec >> between 1st and 3rd parties, the DNT:1 signal should mean UUIDs must not be >> allocated or used without consent, and we should put more effort in designing >> an effective and transparent exception protocol. As has been pointed out many >> times this distinction cannot apply in Europe anyway. The reason most of us >> are here is to respond to people’s unease about privacy and loss of trust in >> the web, and we should primarily address that. > > > > As I've said, I'm increasingly uncomfortable with a complete first party > immunity to the DNT spec. But outside of trying to reign this notion in a bit, > I've been unable to come up with a solution that would not result in > accusations that I'm trying to blow up the whole process here. > > > > Can you sketch out your idea a bit more? Are you advocating that items like > frequency capping would be covered under Permitted Uses? Or are you saying > that the storage of ANY UDID (other than fraud, security, etc) post enactment > of DNT would be off limits? > > >> >> >> Mike >> >> >> >> >> From: Mike O'Neill [mailto:michael.oneill@baycloud.com] >> Sent: 10 November 2012 09:20 >> To: ifette@google.com >> Cc: public-tracking@w3.org >> Subject: RE: Proposals for Compliance issue clean up >> >> Ian, >> >> Redirections are invisible to users so we cannot give the parties that host >> them carte blanche to ignore DNT. The 1st party/ 3rd party distinction is >> starting to make this whole process look ridiculous. >> >> Mike >> >> From: Ian Fette (イアンフェッティ) [mailto:ifette@google.com] >> Sent: 09 November 2012 21:07 >> To: Aleecia M. McDonald >> Cc: public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org) >> Subject: Re: Proposals for Compliance issue clean up >> >> >> Aleecia, there was proposed text as an alternative to ISSUE-97/ACTION/196. >> See my work on ACTION-303 and proposals on that thread. >> http://www.w3.org/2011/tracking-protection/track/actions/303 >> >> >> >> In particular, I am not satisfied with redirects being treated as third >> parties and would object to that concept. >> >> >> >> -Ian >> >> >> >> On Fri, Nov 9, 2012 at 12:04 PM, Aleecia M. McDonald <aleecia@aleecia.com> >> wrote: >> Here are places we might have straight-forward decisions. If there are no >> responses within a week (that is, by Friday 16 November,) we will adopt the >> proposals below. >> >> >> For issue-97 (Re-direction, shortened URLs, click analytics -- what kind of >> tracking is this?) with action-196, we have text with no counter proposal. >> Unless someone volunteers to take an action to write opposing text, we will >> close this with the action-196 text. >> PROPOSED: We adopt the text from action-196, >> http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0106.html >> >> For issue-60 (Will a recipient know if it itself is a 1st or 3rd party?) we >> had a meeting of the minds >> (http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0129.html) but >> did not close the issue. We have support for 3.5.2 Option 2, >> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#de >> f-first-third-parties-opt-2, with one of the authors of 3.5.1 Option 1, >> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#de >> f-first-third-parties-opt-2 accepting Option 2. There was no sustained >> objection against Option 2 at that time. Let us find out if there is >> remaining disagreement. >> PROPOSED: We adopt 3.5.2 Option 2, >> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#de >> f-first-third-parties-opt-2 >> >> For action-306, we have a proposed definition with accompanying non-normative >> examples >> PROPOSED: We adopt the text from action-306 to define declared data, >> to be added to the definitions in the Compliance document, >> http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0296.html >> PROPOSED: We look for volunteers to take an action to write text >> explaining when and how declared data is relevant (See the note in 6.1.2.3, >> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#fi >> rst-party-data) to address issue-64 >> >> Aleecia >>
Received on Tuesday, 13 November 2012 17:21:28 UTC