W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: Third-Party Web Tracking: Policy and Technology Paper outlining harms of tracking

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 16 Oct 2012 14:22:23 -0700
Cc: "public-tracking@w3.org Group" <public-tracking@w3.org>
Message-Id: <D8B08B27-3A27-4AD0-AD8B-ABE3AE6953A7@gbiv.com>
To: Rigo Wenning <rigo@w3.org>
On Oct 16, 2012, at 11:46 AM, Rigo Wenning wrote:

> We either have a few items of very high entropy or large amounts of 
> data that create privacy risks (Westin's dossiers, reduced autonomy, 
> loss of control of one's image/only for stars in US). In security, 
> the breach of only one item may be decisive and make the system 
> vulnerable. In Privacy/data protection it is the profile or the raw 
> material to create such a profile. The more powerful our computers 
> are, the easier it is to create a profile out of raw data. 
> With this in mind, I'm willing to help tailor a solution that 
> addresses the risk. Unique IDs are precisely a problem because they 
> allow for easy profile building out of raw data.

You just fell into the same fallacy that has consumed the ePrivacy
Directive.  You were on track to addressing actual harms until that
last sentence.

Unique IDs on user agents are not the problem, nor are cookies a
problem in themselves when implemented according to the
well-established origin security models.  They are merely tools
with the potential for misuse.  It's like asking for laws against
cooking knives just because a very small minority use them with
evil intent.

The fact is that cookies make it easier to track a user agent, yes,
just like knives make it easier to cook a meal.  That is not the
privacy problem we need to solve.

The real problem is that browser activity over multiple sites is
a subtle form of personal information, and thus should be treated
as personal information under existing regulations (in EU) or
new regulations (elsewhere).  It is reasonable to suggest that
some sites have an implied consent relationship with the user
for purposes necessary to provide a high quality web experience,
but even that data should remain under the user's control.

That's all there is to it.  All of this focus on Cookies, data
collection (in general), tracking (in general), DNT preference,
and first party versus third party are just the consequences of
our various governments' collective inability to understand the
difference between computers as tools and computers as bad actors.
Quite frankly, the reason for that is because advocates (on both
sides) are so focused on fighting to the death over every minor
issue that they peddle a constant stream of irrelevant or misleading
information to the folks writing laws and regulations.

If we are allowed to work on the actual problem  retention and use
of user activity records without adequate user control  then
we might actually reach an agreement that would solve the privacy
issue without breaking everything else.  Instead, we are being held up
by woefully ignorant and absolutist positions on identifier cookies.


> I'm not putting a risk forward, but rather exemplify the panopticon-
> effect and the psychologic fallout. If they know enough to precisely 
> target my wishes, what do they know about me? You know it, you'll 
> say "this is trivial and does no harm". But none of us has yet 
> argued for an API for data subject access so they can see what is 
> held on them and how it is organized. 

That's not quite true  it is one of the reasons that I put a
control link in the tracking status representation.  We don't
need to do everything in a javascript API.

Received on Tuesday, 16 October 2012 21:22:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:39:07 UTC