ISSUE-5: definition of tracking from Roy T. Fielding on 2012-09-04 (public-tracking@w3.org from September 2012)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 4 Sep 2012 15:20:54 -0700
To: Aleecia M. McDonald <aleecia@aleecia.com>
Cc: W3 Tracking <public-tracking@w3.org>
Message-Id: <BBA292A8-7266-471A-A155-A682B9376F26@gbiv.com>

On Sep 4, 2012, at 10:07 AM, Aleecia M. McDonald wrote:

>  (c) Buried in this discussion (of "absolutely not tracking") was David Singer's attempt to define tracking: "Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user." (I'd append: ", user agent, or device.")   Unlike every other time someone has made the attempt, the one and only reply was in support. Does that mean we can live with this? [Note that issue-5 is currently raised]

Probably not.  It does us very little good to define tracking such
that it encompasses all access logs, since they are essential
to any site that isn't deliberately acting as an open gateway.
Are we agreed to that at least?

If so, as Shane has said a few million times, the definition of
tracking has to reflect actively tracking the user/device
(operational use of the data collected).  Additional restrictions
on the retention of data for specific and necessary purposes can
also be required for compliance, but that doesn't need to be
reflected in the definition of "Do Not Track".

A variation on David's definition would be:

  Tracking is the retention or sharing of data collected from an
  interaction to associate that interaction with a specific user
  (or their personal user agent or device) and use that association
  to obtain, collect, or correlate that user's behavior beyond
  the scope of a single session.

Note, however, that this still doesn't reflect the distinction between
first-party tracking and third-party tracking.  We need guidance in the
spec for UA configuration, such that the options reflect the truth.
For example, Firefox's config says:

  [√] Tell websites I do not want to be tracked

whereas the compliance spec (and our consensus so far) would suggest

  [√] Tell websites I do not want to be tracked by third parties

or

  [√] Enable "Do Not Track"
      [√] Tell websites I do not want to be tracked by third parties
      [ ] Tell websites it is okay for third parties to track me

Cheers,

....Roy

Received on Tuesday, 4 September 2012 22:21:17 UTC