- From: Dan Auerbach <dan@eff.org>
- Date: Wed, 10 Apr 2013 07:23:52 -0700
- To: public-tracking@w3.org
- Message-ID: <516575F8.1060700@eff.org>
I second the idea that specific examples are useful, and regrettably I, too, won't be able to make today's call. Best, Dan On 04/09/2013 04:03 PM, Jonathan Mayer wrote: > Alan, > > I'm afraid I may not be able to join the call owing to an academic > obligation. Could you very briefly dash off how the text would > address current implementations? Even something as simple as thumbs > up/down for each browser would help a lot. > > Thanks, > Jonathan > > On Tuesday, April 9, 2013 at 3:50 PM, Alan Chapell wrote: > >> Sure – will provide some additional thoughts in the morning. >> >> Alan >> >> From: Jonathan Mayer <jmayer@stanford.edu <mailto:jmayer@stanford.edu>> >> Date: Tuesday, April 9, 2013 6:37 PM >> To: Alan Chapell <achapell@chapellassociates.com >> <mailto:achapell@chapellassociates.com>> >> Cc: Justin Brookman <justin@cdt.org <mailto:justin@cdt.org>>, >> <public-tracking@w3.org <mailto:public-tracking@w3.org>> >> Subject: Re: DNT: Agenda for April 10 call >> >> Alan, >> >> I think some practical examples would greatly assist in >> illustrating your proposal. Would the current versions of >> Internet Explorer, Chrome, Firefox, and Safari be compliant? If >> not, what alterations would be required? >> >> Thanks, >> Jonathan >> >> On Tuesday, April 9, 2013 at 3:26 PM, Alan Chapell wrote: >> >>> I'll be presenting the language with input from others. Once we >>> reach consensus on this language I'd be happy to work with you >>> on language for exception requests. >>> >>> >>> From: Justin Brookman <justin@cdt.org <mailto:justin@cdt.org>> >>> Date: Tuesday, April 9, 2013 5:26 PM >>> To: <public-tracking@w3.org <mailto:public-tracking@w3.org>> >>> Subject: Re: DNT: Agenda for April 10 call >>> Resent-From: <public-tracking@w3.org >>> <mailto:public-tracking@w3.org>> >>> Resent-Date: Tue, 09 Apr 2013 21:26:58 +0000 >>> >>> Who is presenting the language on user interface? The group >>> had previously agreed that the degree of specificity on user >>> agent presentation of DNT options should also be mirrored in >>> presentation requirements for exception requests. So if >>> we're requiring "clear and conspicuous" presentation and an >>> explanatory link for turning DNT on in the first place, >>> we're also going to have to require the same for parties >>> seeking to get permission to ignore a DNT:1 signal. >>> >>> Justin Brookman >>> Director, Consumer Privacy >>> Center for Democracy & Technology >>> tel 202.407.8812 >>> justin@cdt.org <mailto:justin@cdt.org>http://www.cdt.org >>> @JustinBrookman >>> @CenDemTech >>> >>> On 4/9/2013 4:59 PM, Peter Swire wrote: >>>> >>>> (Very roughly, first half on compliance spec and second >>>> half on TPE spec.) >>>> >>>> >>>> --------------------------- >>>> >>>> Administrative >>>> >>>> --------------------------- >>>> >>>> >>>> >>>> *_1. Confirmation of scribe_*– glad to accept volunteer -- >>>> no volunteer thus far. >>>> >>>> >>>> >>>> *_2. Offline-caller-identification: _* >>>> >>>> If you intend to join the phone call, youmusteither >>>> associate your phone number with your IRC username once >>>> you've joined the call (command: "Zakim, [ID] is [name]" >>>> e.g., "Zakim, ??P19 is schunter" in my case), or let Nick >>>> know your phone number ahead of time. If you are not >>>> comfortable with the Zakim IRC syntax for associating your >>>> phone number, please email your name and phone number >>>> to npdoty@w3.org <mailto:npdoty@w3.org>. We want to reduce >>>> (in fact, eliminate) the time spent on the call identifying >>>> phone numbers. Note that if your number is not identified >>>> and you do not respond to off-the-phone reminders via IRC, >>>> you will be dropped from the call. >>>> >>>> >>>> >>>> --------------------------- >>>> >>>> Compliance Spec – Peter Swire >>>> >>>> --------------------------- >>>> >>>> _ _ >>>> >>>> *_3. User education/ User interface. _* >>>> >>>> >>>> >>>> *Proposed Text:* >>>> >>>> *5. User Agent Compliance* >>>> >>>> A user agent /MUST/ offer a control to express a tracking >>>> preference to third parties. The control /MUST/ communicate >>>> the user's preference in accordance with the >>>> [/TRACKING-DNT/ >>>> <http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#bib-TRACKING-DNT>] >>>> recommendation and otherwise comply with that >>>> recommendation. A user agent /MUST NOT/ express a tracking >>>> preference for a user unless the user has given express and >>>> informed consent to indicate a tracking preference. >>>> >>>> >>>> >>>> While we do not specify how tracking preference choices are >>>> offered to the user or how the preference is enabled, each >>>> implementation MUST follow the following user interface >>>> guidelines: >>>> >>>> 1. The User Agent is responsible for determining the >>>> user experience by which a tracking preference is enabled. >>>> For example, a user might select a check-box in their user >>>> agent's configuration, or install an extension or add-on >>>> that is specifically designed to add a tracking preference >>>> expression so long as the checkbox, extension or add-on >>>> otherwise follows these user interface guidelines; >>>> >>>> 2. The User Agent MUST ensure that the tracking >>>> preference choices are communicated to users clearly and >>>> conspicuously, and shown at the time and place the tracking >>>> preference choice is made available to auser; >>>> >>>> 3. The User Agent MUST ensure that the tracking >>>> preference choices accurately describe DNT, including the >>>> parties to whom DNT applies, and MUST make available via a >>>> link in explanatory text where DNT is enabled to provide >>>> more detailed information about DNT functionality. >>>> >>>> >>>> >>>> Non-Normative: >>>> >>>> >>>> >>>> The User Agent plays a key role in enacting the DNT >>>> functionality. As a result, it is appropriate for the User >>>> Agent to play an equally key role in describing DNT >>>> functionality and educating users about DNT in order for >>>> this standard to be meaningful. >>>> >>>> >>>> >>>> While the user interface guidelines do not specify the >>>> exact presentation to the user, they are intended to help >>>> ensure that users understand their choices with respect to >>>> DNT. For example, outlining the parties (e.g., First >>>> Parties, Service Providers, Third Parties) to >>>> whomDNTapplies and using language that a reasonable user is >>>> likely to understand is critical for ensuring that users >>>> are in position to provide their informed consent to a >>>> tracking preference. >>>> >>>> >>>> >>>> Moreover, as DNT functionality is complex, it is important >>>> that User Agents educate users about DNT, including but not >>>> limited to offering a clearly described link that takes the >>>> user to additional information about DNT functionality. For >>>> example, given that some parties may chose not to comply >>>> with DNT, it would be helpful for browsers to educate users >>>> about how to check the response header and/or tokens to see >>>> if a server is responding with a “public commitment” of >>>> compliance. >>>> >>>> >>>> >>>> Finally, recognizing that DNT settings may be set by >>>> non-browser User Agents acting in violation of the user >>>> interface guidelines, the browsers should take reasonable >>>> steps to ensure that DNT settings are valid. >>>> >>>> >>>> >>>> *_4. ACTION-373: Append._* Text proposed by John Simpson >>>> and Alan Chapell, with concurrence by Jeff Chester. >>>> Clarifications to list in emails by John Simpson April 8 >>>> and Peter Swire April 9. Peter Swire circulated a >>>> background memo on April 9. >>>> >>>> >>>> >>>> /Normative: / >>>> >>>> /When DNT:1 is received:/ >>>> >>>> /-- A 1st Party MUST NOT combine or otherwise use >>>> identifiable data received from another party with data it >>>> has collected while a 1st Party./ >>>> >>>> /-- A 1st Party MUST NOT shareidentifiable data with >>>> another party unless the data was provided voluntarily by >>>> the user and is necessary to complete a business >>>> transaction with the user./ >>>> >>>> /-- A Party MUST NOT usedata gathered while a 1st Party >>>> when operating as a 3rd Party./ >>>> >>>> /Non-Normative: / >>>> >>>> When DNT:1 is received, a 1st Party retains the ability to >>>> customize content, services, and advertising only within >>>> thecontext of the first party experience. A 1st party takes >>>> the user interaction outside of the 1st party experience if >>>> it receives identifiabledata from another party and uses >>>> that data for customization of content, services, >>>> oradvertising. >>>> >>>> When DNT:1 is received the 1st Party maycontinue to utilize >>>> user provided data in order to complete or fulfill a user >>>> initiated business transaction such as fulfilling an order >>>> for goods or a subscription. >>>> >>>> When DNT:1 is received and a Party has become a 3rd Party >>>> it is interacting with the user outside of the 1st Party >>>> experience. Using data gathered while a 1st party is >>>> incompatible with interaction as a third party. >>>> >>>> >>>> >>>> Chris Pedigo gave five examples on data append in >>>> September, 2012, which are useful to consider in light of >>>> the proposed language: >>>> >>>> http://www.w3.org/2011/tracking-protection/track/actions/229 >>>> >>>> >>>> >>>> --------------------------- >>>> >>>> TPE Spec – Matthias Schunter >>>> >>>> --------------------------- >>>> >>>> *_5. Restructuring the response indicators._*We currently >>>> discuss thefollowing three fields: >>>> >>>> >>>> >>>> - Optional Prefix "!" (I do not conform and I do not claim >>>> that whatever letters follow this sign are correct) >>>> >>>> - Tracking Status >>>> >>>> 1, 3, ... >>>> >>>> - Permitted uses: >>>> >>>> C(onsent), ... >>>> >>>> >>>> >>>> *_6. ISSUE-187 Discuss Site Requirements Consent_* >>>> >>>> One general concern related to exceptions in general was >>>> that sites register exceptions while neither the browser >>>> (in the old model) nor the site (in the new model) gather >>>> consent in a reliable way. Our current TPE spec states in >>>> Section 6.3.1: >>>> >>>> The call to store an exception /MUST/ reflect the user's >>>> intention to grant an exception, at the time of the call. >>>> This intention /MUST/ be determined by the site prior to >>>> each call to store an exception, at the time of the call. >>>> (This allows the user to change their mind, and delete a >>>> stored exception, which might then trigger the site to >>>> explain, and ask for, the exception again). It is the >>>> responsibility solely of the site making the call to >>>> determine that a call to record an exception reflects the >>>> user's informed consent at the time of the call. >>>> >>>> >>>> >>>> Jonathan proposed these three requirements that refine this >>>> language and that I would like to gather feedback on: >>>> >>>> 1) Actual presentation: The choice mechanism MUST be >>>> actually presented to the user. It MUST NOT be on a linked >>>> page, such as a terms of service or privacy policy. >>>> >>>> >>>> >>>> 2) Independent choice: The choice mechanism MUST be >>>> presented independent of other choices. It MUST NOT be >>>> bundled with other user preferences. >>>> >>>> >>>> >>>> 3) No default permission: The choice mechanism MUST NOT >>>> have the user permission preference selected by default. >>>> >>>> >>>> >>>> (Fromhttp://lists.w3.org/Archives/Public/public-tracking/2012Apr/0004.html >>>> ) >>>> >>>> >>>> >>>> *_7. Steps towards the next working draft._* >>>> >>>> >>>> >>>> Discuss what needs to be updated before publishing our next >>>> TPE working draft. >>>> >>>> >>>> >>>> I have previously preferred distinguishing "who I am" from >>>> "how I am operating", and I feel that have C and ! as >>>> 'status' indicators rather than qualifiers means that I can >>>> no longer tell whether I am interacting with someone who >>>> adheres to 1st or 3rdparty constraints. So I agree, rather >>>> than C or ! as the first character, I think that >>>> >>>> >>>> >>>> 1C -- content produced under first party rules with consent >>>> >>>> 3C -- third party under 3rd party rules with consent >>>> >>>> >>>> >>>> *_8. Announce next meeting & adjourn_* >>>> >>>> >>>> >>>> >>>> >>>> ================ Infrastructure ================= >>>> >>>> >>>> >>>> Zakim teleconference bridge: >>>> >>>> VoIP: sip:zakim@voip.w3.org >>>> <file://localhost/sip/zakim@voip.w3.org> >>>> >>>> Phone +1.617.761.6200 passcode TRACK (87225) >>>> >>>> IRC Chat: irc.w3.org <http://irc.w3.org/>, port 6665, #dnt >>>> >>>> >>>> >>>> ***** >>>> >>>> >>>> >>>> Professor Peter P. Swire >>>> C. William O'Neill Professor of Law >>>> Ohio State University >>>> 240.994.4142 >>>> www.peterswire.net <http://www.peterswire.net> >>> >> > -- Dan Auerbach Staff Technologist Electronic Frontier Foundation dan@eff.org 415 436 9333 x134
Received on Wednesday, 10 April 2013 14:24:24 UTC