- From: イアンフェッティ <ifette@google.com>
- Date: Wed, 17 Oct 2012 01:09:30 -0700
- To: Dan Auerbach <dan@eff.org>
- Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-ID: <CAF4kx8ciOi4Goe7UBjpY511cy4ygUyTtyzqLc=PJnFvR-jectw@mail.gmail.com>
Dan, Clearly we can't expect everyone to read the entire spec to figure out all the nitty gritty details. However, I would personally consider a checkbox that says "Enable Do Not Track" or "Send a Do Not Track header with my web requests" to not meet a bar of informed consent. Neither come close to actually describing any impact in a manner that a user can understand. I don't propose adding a quiz or anything of the sort, but I think that a forced user choice goes in the exact opposite direction of informed user consent. Lorrie Cranor has some related work on how people make decisions w.r.t security contexts. I'm in a meeting and can't find the best reference right now (and need to drop offline), but http://repository.cmu.edu/cgi/viewcontent.cgi?article=1049&context=isr is a good read. On Tue, Oct 16, 2012 at 3:23 PM, Dan Auerbach <dan@eff.org> wrote: > On 10/16/2012 12:54 AM, Ian Fette (イアンフェッティ) wrote: > > I also question whether a single sentence would adequately convey to the > user the tradeoffs involved in the choice they are making. Further, if you > are forcing a choice / getting in the user's way when they are just trying > to get something else done (e.g. see what the heck this program is that > they just installed, or in the case of an upgrade, "I just want to get to > my email." I think forced timing like this would probably degrade the > extent to which whatever signal you collect actually reflects user > preference as opposed to just "make the dialogs go away!" > > > I'm sure we're all in agreement that having the user read several books on > online advertising will lead to the most accurate choices. In absence of > this, it seems to me that a forced-choice dialog provides quite a > reasonable balance. It certainly seems more fair to me than having a > default. > > As far as degrading the user choice, I'd be very interested in learning > more if there were literature on the subject. My intuition is that it's > probably pretty accurate, but we could measure it. Here's an experiment: > run forced-choice on a neutral issue (e.g. "do you prefer red or blue > background"), and measure how people choose. Then one could go back and ask > them questions about their preference over coffee, and match the > chosen-on-the-spot distribution against the more accurate survey data. > > But perhaps your point is less about degrading user experience, and more > that users must have some sort of minimum requirement of understanding > before they can even be trusted to make a choice? I'm certainly not opposed > to giving the user more information, so long as it is balanced between > turning DNT on and off. Do you agree? So, for example, if you insist on a > dialog in which a user takes a quiz before turning DNT on, then a similar > quiz should exist in any context in which the user can turn DNT off (of > course including adding exceptions). What I think is unfair is making the > user jump through hoops to go in one direction, but allowing her to go in > the other direction without any effort at all. > > > On Oct 16, 2012 3:01 AM, "Roy T. Fielding" <fielding@gbiv.com> wrote: > >> On Oct 12, 2012, at 11:04 AM, Dan Auerbach wrote: >> >> > There has been a lot of discussion on this list about user agents >> respecting user preference when it comes to setting DNT:1. As a temperature >> check, I want to make sure we have consensus about the compliance of a >> "forced user choice" implementation of DNT. For example, a browser during >> the installation process would have a screen with three radio buttons, none >> of which are selected, which respectively denote "turn DNT on", "turn DNT >> off", and "I do not wish to make a selection regarding DNT". In order to >> proceed, the user would have to make a selection, and nothing would be >> selected by default. This implementation could appear in the installation >> process, or, say, as a splash screen that the user must get through after a >> browser update. >> >> No, not during the installation process. It makes no sense to >> say that a user can make a choice during installation when the >> user we are talking about rarely does browser installations. >> For example, the IE10 dialogs are never seen by the users of >> a PC running Windows 8 unless one of those users happens to >> be the admin who did the installation. >> >> What we have talked about is a user choice at any time during the >> selection or use of the user agent. For a general-purpose UA, >> it would be fine to have a dialog presented, with neither "on" >> nor "off" preselected, when the user's profile is created (or >> upon first use after the DNT functionality has been upgraded >> for an existing user profile). That is the natural time for >> such options, since the choice should be recorded in the user's >> own configuration, be applicable to all UAs that share that >> user profile, and not have to be asked again every time the UA >> is upgraded. >> >> If I were to implement such a dialog, the third option would be >> preselected ("I do not wish to make a selection regarding DNT", >> a.k.a. "unset"). There is no reason to force a user to make >> a choice, since they can configure it later. >> >> > I think it is important to make sure we have consensus on this issue. >> If I were an ad network, from a business perspective I think I would care >> much more about the rate of adoption of DNT:1, instead of respecting user >> preference. >> >> No, that is just machiavellian. The key is user preference. >> If an advertiser truly believes that personalizing an ad for >> a given user is going to upset that user, and that the DNT signal >> is a reasonably accurate signal of that preference, then it is >> the advertiser that will force the ad network to adhere to DNT. >> Most of advertising is about establishing brand awareness, and >> the advertisers with money have no desire to spend it in a way >> that makes their brand annoying. >> >> The rate of adoption of DNT is irrelevant if it reflects an >> actual user's preference -- it simply changes the relative >> value of ad placement for that user, which may in turn result >> in either more ads being displayed or limitations on non-account >> use. The ad networks are not responsible for keeping websites >> in business -- they can adjust accordingly. >> >> However, if DNT does not reflect a user's preference, then there >> is simply no reason to adhere to it regardless of the signal's >> deployment. Advertisers won't care, so ad networks won't care; >> the existing opt-out mechanisms are more accurate than an invalid >> DNT signal. >> >> ....Roy >> > > > -- > Dan Auerbach > Staff Technologist > Electronic Frontier Foundationdan@eff.org415 436 9333 x134 > >
Received on Wednesday, 17 October 2012 08:09:59 UTC