- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Tue, 16 Oct 2012 14:22:23 -0700
- To: Rigo Wenning <rigo@w3.org>
- Cc: "public-tracking@w3.org Group" <public-tracking@w3.org>
On Oct 16, 2012, at 11:46 AM, Rigo Wenning wrote: > We either have a few items of very high entropy or large amounts of > data that create privacy risks (Westin's dossiers, reduced autonomy, > loss of control of one's image/only for stars in US). In security, > the breach of only one item may be decisive and make the system > vulnerable. In Privacy/data protection it is the profile or the raw > material to create such a profile. The more powerful our computers > are, the easier it is to create a profile out of raw data. > With this in mind, I'm willing to help tailor a solution that > addresses the risk. Unique IDs are precisely a problem because they > allow for easy profile building out of raw data. You just fell into the same fallacy that has consumed the ePrivacy Directive. You were on track to addressing actual harms until that last sentence. Unique IDs on user agents are not the problem, nor are cookies a problem in themselves when implemented according to the well-established origin security models. They are merely tools with the potential for misuse. It's like asking for laws against cooking knives just because a very small minority use them with evil intent. The fact is that cookies make it easier to track a user agent, yes, just like knives make it easier to cook a meal. That is not the privacy problem we need to solve. The real problem is that browser activity over multiple sites is a subtle form of personal information, and thus should be treated as personal information under existing regulations (in EU) or new regulations (elsewhere). It is reasonable to suggest that some sites have an implied consent relationship with the user for purposes necessary to provide a high quality web experience, but even that data should remain under the user's control. That's all there is to it. All of this focus on Cookies, data collection (in general), tracking (in general), DNT preference, and first party versus third party are just the consequences of our various governments' collective inability to understand the difference between computers as tools and computers as bad actors. Quite frankly, the reason for that is because advocates (on both sides) are so focused on fighting to the death over every minor issue that they peddle a constant stream of irrelevant or misleading information to the folks writing laws and regulations. If we are allowed to work on the actual problem — retention and use of user activity records without adequate user control — then we might actually reach an agreement that would solve the privacy issue without breaking everything else. Instead, we are being held up by woefully ignorant and absolutist positions on identifier cookies. ... > I'm not putting a risk forward, but rather exemplify the panopticon- > effect and the psychologic fallout. If they know enough to precisely > target my wishes, what do they know about me? You know it, you'll > say "this is trivial and does no harm". But none of us has yet > argued for an API for data subject access so they can see what is > held on them and how it is organized. That's not quite true — it is one of the reasons that I put a control link in the tracking status representation. We don't need to do everything in a javascript API. ....Roy
Received on Tuesday, 16 October 2012 21:22:44 UTC