Q: tracking status value 'N'?

A tracking status value of 'N' is defined as:
"None: The designated resource does not perform tracking of any kind, not even for a permitted use, and does not make use of any data collected from tracking."

There is still a definition of 'tracking' in section 3.9 of the compliance spec. but there is a note that it will be removed which would make the above definition rather meaningless.  Further the current wording in section 3.9 suggests that 'tracking' does not apply for the first party so the language 'does not perform tracking of any kind' would seem rather disingenuous if adopted.

Could I suggest that the status value 'N' should mean that no data is collected, used, shared, or retained, for any purpose apart from the bare minimum necessary to maintain the connection.  This would exclude cookies, fingerprinting, leaking any UA state, logging IP addresses, and would not be appropriate once a user has signed in, or placed items in a shopping cart, etc.

There would also appear to be a need for another tracking status value that allows necessary collection, use, and retention of data.  This would support users signing in, placing items in a shopping cart, etc.  This would still exclude all permitted uses, and would apply to the first party.  It may be possible to word this such that it meets EU expectations, and this could be of value to US online businesses with EU customers.  Lets call this tracking status value 'E' for discussion.

There is currently no way for users to express the above tracking options, and thus no way for websites to adapt to these.  Use case: a website that respects user privacy may want to limit tracking and respond with 'N' when visitors express this tracking option, but would otherwise want to make use of tracking.  Thus I propose that DNT: N, and DNT: E, be added so support such case.

I understand that the DNT spec. has a goal of limiting options available to users, but this has created the problem of everyone needing to agree on what these limited options are.  A user may well want to express that first parties not track them, but if members of this group reject this as one of the limited cooked options then the user has no choice, and thus the limitation to just a few options is failing the user.  I suggest that expanding the options is the only way to shift the power back to the user.  If users can express their desired privacy level, and not just select from a range of cooked options, and if users can confirm acceptance in the tracking status values, then users can simply block resources that do not meet their expectations and this creates a reward for websites that respect user privacy.

cheers
Fred

 		 	   		  

Received on Sunday, 7 October 2012 00:01:18 UTC