- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Wed, 10 Oct 2012 16:55:23 -0400
- To: <public-tracking@w3.org>, Jonathan Mayer <jmayer@stanford.edu>
- Message-ID: <CC9B58A5.23177%achapell@chapellassociates.com>
Hi Jonathan - In addition to my questions below, I'm curious whether your research has documented specific examples of these harms occurring in the real world? Thanks again, Alan From: Alan Chapell <achapell@chapellassociates.com> Date: Saturday, October 6, 2012 5:14 AM To: <public-tracking@w3.org>, Jonathan Mayer <jmayer@stanford.edu> Subject: Third-Party Web Tracking: Policy and Technology Paper outlining harms of tracking > Hi Jonathan - > > A few days ago, you invited me (via IRC) to review your recent paper which > among other items outlines some of the potential harms of tracking. (See > https://www.stanford.edu/~jmayer/papers/trackingsurvey12.pdf) > > Thanks As you may have noticed, I've been asking a number of folks in the WG > for examples of harms and haven't received very much information in response. > So I want to applaud your effort to help provide additional information and to > facilitate a dialog. That said, I want to make sure I understand your thinking > here or at least help clarify some of the distinctions you may be drawing. > > I'm curious whether your position is that those harms are equally apparent in > a first party setting where a first party utilizes their own data for ad > targeting across the internet? For example, in your scenario where "an actor > that causes harm to a consumer." Is that not also possible in a first party > context? Does the first party not have both "the means", "the access" and at > least potentially, the ability to take the "action" that causes the harms you > lay out? (e.g., "Publication, a less favorable offer, denial of a benefit, or > termination of employment. Last, a particular harm that is inflicted. The harm > might be physical, psychological, or economic.") > Do you believe that a direct relationship between consumers and first party > websites completely mitigates that risk of harm even where the first parties > have significant stores of personally identifiable data? > > > Has your position evolved over the past few months? Correct me if I'm > mistaken, but I believe that one of the proposals offered by Mozilla / > Stanford and EFF sought to address forms of first party tracking. Do I have > that correct? > > Thanks I look forward to hearing your thoughts. > > > > > > Excerpt from your paper for the convenience of others. > > > "When considering harmful web tracking scenarios, we find it helpful to focus > on four variables. First, an actor that causes harm to a consumer. The actor > might, for example, be an authorized employee, malicious employee, competitor, > acquirer, hacker, or government agency. Second, a means of access that enables > the actor to use tracking data. The data might be voluntarily transferred, > sold, stolen, misplaced, or accidentally distributed. Third, an action that > harms the consumer. The action could be, for example, publication, a less > favorable offer, denial of a benefit, or termination of employment. Last, a > particular harm that is inflicted. The harm might be physical, psychological, > or economic. > The countless combinations of these variables result in countless possible bad > outcomes for consumers. To ex- emplify our thinking, here is one commonly > considered scenario: A hacker (actor) breaks into a tracking company (means of > access) and publishes its tracking information (action), causing some > embarrassing fact about the consumer to become known and inflicting emotional > distress (harm).9 > Risks associated with third-party tracking are heightened by the lack of > market pressure to exercise good security and privacy practices. If a > first-party website is untrustworthy, users may decline to visit it. But, > since users are unaware of the very existence of many third-party websites, > they cannot reward responsible sites and penalize irresponsible sites.10" > >
Received on Wednesday, 10 October 2012 20:55:37 UTC