Re: ISSUE-161: Discussion of semantics and alternatives to "!" from Rob van Eijk on 2013-04-21 (public-tracking@w3.org from April 2013)

From: Rob van Eijk <rob@blaeu.com>
Date: Sun, 21 Apr 2013 18:33:28 +0200
To: David Singer <singer@apple.com>, Jonathan Mayer <jmayer@stanford.edu>, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, <public-tracking@w3.org>
Message-ID: <75ab75170012cb30e381aae97a1b2e71@xs4all.nl>
s/TPE 5.4.2/TPE 5.4.3/

Rob van Eijk schreef op 2013-04-21 18:31:
> Also, on a more fundamental level, my position is that ALL permitted
> uses in the TCS section 6.2.2.7 MUST have a qualifying equivalent in
> the TPE section 5.4.2.
> 
> Rob
> 
> Rob van Eijk schreef op 2013-04-21 18:15:
>> David wrote:
>>> I think we have heard from very few people here.
>> The discussion about a tracking status value of ! is useful in the
>> sense that it allows to rethink if the granular dialogue that has 
>> been
>> crafted is fit for purpose. In my opinion it is not. It makes no 
>> sense
>> to me that a company can make representations to honor DNT in e.g.
>> it's DNT statement on the website and then ignore DNT by responding
>> with !. It contradicts with transparency.
>> If a party representations is such that is honors DNT, the best way
>> IMHO to signal testing or debugging is not in the tracking status
>> value, but in the qualifier (TPE section 5.4.3).
>> So I suggest to remove "!" in TPE section 5.2.1 and adjust the table
>> in TPE section 5.4.2 such that it links to the permitted use for
>> debugging (TCS section 6.2.2.7).
>> Rob
>> 
>> David Singer schreef op 2013-04-21 03:56:
>>> On Apr 21, 2013, at 2:42 , Jonathan Mayer <jmayer@stanford.edu> 
>>> wrote:
>>> 
>>>> On Saturday, April 20, 2013 at 1:43 AM, David Singer wrote:
>>>> 
>>>>> On Apr 19, 2013, at 13:02 , Jonathan Mayer <jmayer@stanford.edu> 
>>>>> wrote:
>>>>> 
>>>>>> David,
>>>>>> I disfavor having any selective noncompliance flag. I'm open to 
>>>>>> the idea of a debugging/testing/phasing-in flag, but it would have 
>>>>>> to be narrowly scoped (e.g. specific uses and limited duration) 
>>>>>> and explicitly disallowed as a basis for claiming Do Not Track 
>>>>>> protocol or policy compliance.
>>>>> well, the specific use is for when a site is not yet ready to 
>>>>> claim compliance; why would the duration need a formal limit?
>>>> A website might repurpose an indefinite 
>>>> debugging/testing/phasing-in flag as a de facto selective 
>>>> non-compliance flag. I'd like to mitigate that possibility.
>>> I don't understand the "selective" in your sentence.
>>> 
>>>>> yes, agreed, the documentation needs to state that the use of this 
>>>>> flag is a declaration that compliance is not claimed.
>>>>> * * * *
>>>>> On 'I am Disregarding you', I am trying to work out your 
>>>>> alternative in my mind. It seems that if there are going to be 
>>>>> sites that will ignore DNT signals, you would prefer a state in 
>>>>> which they could say nothing, and signal nothing, unless someone 
>>>>> finds out (and how would they)? The site could, if challenged, say 
>>>>> "we decided to ignore signals we deemed non-compliant". The user, 
>>>>> unable to see that their data is being added to a database, is none 
>>>>> the wiser, the privacy researcher is unaware, and so on. Is this 
>>>>> really better?
>>>> If a website claimed to support Do Not Track but surreptitiously 
>>>> ignored certain DNT: 1 signals, it could face grave legal, business, 
>>>> and media consequences.
>>> "…if it is found out, and they don't successfully argue that they 
>>> can
>>> be non-compliant in response to what they believe are non-compliant
>>> signals"
>>> As for detection, there are a number of technical options that I'd 
>>> be
>>> glad to discuss.
>>> For what it's worth, note the lineup of stakeholders on this issue:
>>> it's not the advocates, regulators, and researchers clamoring for a
>>> selective noncompliance signal. It's the websites that want to
>>> practice selective noncompliance.
>>> I think we have heard from very few people here. I suggested it,
>>> since I like transparency. Shane accepted it, and almost no-one else
>>> has said
>>> 
>>>>> 
>>>> For what it's worth, I don't think it's OK to practice selective 
>>>> non-compliance, unless forced. But I do support transparency. Yes, 
>>>> they may be trying to 'soften the blow' by not being accused of 
>>>> lying to users as well as not always complying. "Yes, it's true we 
>>>> don't always observe DNT signals, but we're up front about it".
>>> 0, 0, 0); font-family: Helvetica; font-size: medium; font-style:
>>> normal; font-variant: normal; font-weight: normal; letter-spacing:
>>> normal; line-height: normal; orphans: 2; text-align: auto;
>>> text-indent: 0px; text-transform: none; white-space: normal; widows:
>>> 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px;
>>> -webkit-border-vertical-spacing: 0px;
>>> -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust:
>>> auto; -webkit-text-stroke-width: 0px; ">
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
Received on Sunday, 21 April 2013 16:33:59 UTC