Re: Issue 153 from Jeffrey Chester on 2013-12-12 (public-tracking@w3.org from December 2013)

From: Jeffrey Chester <jeff@democraticmedia.org>
Date: Thu, 12 Dec 2013 12:30:19 -0500
To: Shane M Wiley <wileys@yahoo-inc.com>
Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, Brad Kulick <kulick@yahoo-inc.com>, Nicholas Doty <npdoty@w3.org>, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>, Christopher Olsen <colsen@ftc.gov>
Message-Id: <CB972621-E8BA-4161-BB57-1108366A7EC8@democraticmedia.org>
Why should we give away what we are telling the FTC and others!


Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009
www.democraticmedia.org
www.digitalads.org
202-986-2220

On Dec 12, 2013, at 11:42 AM, Shane M Wiley wrote:

> Jeff,
>  
> Could you please share what methods have been created by industry to purposefully bypass parents and target children?
>  
> - Shane
>  
> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] 
> Sent: Thursday, December 12, 2013 9:40 AM
> To: Shane M Wiley
> Cc: Mike O'Neill; Brad Kulick; Nicholas Doty; Matthias Schunter (Intel Corporation); public-tracking@w3.org (public-tracking@w3.org); Christopher Olsen
> Subject: Re: Issue 153
>  
> The industry has also created methods to purposefully bypass parents and target the child.  Since COPPA has been raised, I will ask the FTC to review this point and send something to the list.  As well as our COPPA attorney's.  We should also get input from relevant experts on child privacy protection in the EU and elsewhere.
>  
> Justin--what do you propose?
>  
> Thanks,
>  
> Jeff
>  
> Jeffrey Chester
> Center for Digital Democracy
> 1621 Connecticut Ave, NW, Suite 550
> Washington, DC 20009
> www.democraticmedia.org
> www.digitalads.org
> 202-986-2220
>  
> On Dec 12, 2013, at 11:11 AM, Shane M Wiley wrote:
> 
> 
> Mike,
> 
> A parent can override all signals at the device.  An entire industry has been built around parental controls with many operating systems and some browsers coming with these built in.  There is no need for an intermediary.
> 
> - Shane
> 
> -----Original Message-----
> From: Mike O'Neill [mailto:michael.oneill@baycloud.com] 
> Sent: Thursday, December 12, 2013 6:18 AM
> To: Brad Kulick; 'Nicholas Doty'
> Cc: 'Matthias Schunter (Intel Corporation)'; public-tracking@w3.org
> Subject: RE: Issue 153
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I strongly object to this text. It would rule out intermediaries being even able to override DNT unset which would, for example, make it impossible for a parent to override deemed consent never mind consent erroneously obtained from a child. 
> 
> Mike
> 
> 
> From: Brad Kulick [mailto:kulick@yahoo-inc.com] 
> Sent: 12 December 2013 12:18
> To: Nicholas Doty
> Cc: Matthias Schunter (Intel Corporation); public-tracking@w3.org (public-tracking@w3.org)
> Subject: Re: Issue 153
> 
> Nick,
> 
> To make this proposal more clear, I have updated it. Along with clarifying the what to remove/alter I have added some non-normative text might be helpful per yesterday's discussion.
> 
> Thanks,
> 
> Brad
> 
> 
> Existing text
> - ----------------------------------------------------------------------------------------
> A user agent must have a default tracking preference of unset (not enabled) unless a specific tracking preference is implied by the decision to use that agent. For example, use of a general-purpose browser would not imply a tracking preference when invoked normally as "SuperFred", but might imply a preference if invoked as "SuperDoNotTrack" or "UltraPrivacyFred". A user agent extension or add-on must not alter the tracking preference unless the act of installing and enabling that extension or add-on is an explicit choice by the user for that tracking preference.
> 
> A user agent extension or add-on must not alter the user's tracking preference setting unless it complies with the requirements in this document, including but not limited to this section (Determining a User Preference). Software outside of the user agent that causes a DNT header to be sent (or causes existing headers to be modified) must not do so without ensuring that the requirements of this section are met; such software also must ensure the transmitted preference reflects the individual user's preference.
> - ----------------------------------------------------------------------------------------
> 
> 
> New text
> - ----------------------------------------------------------------------------------------
> A user agent must have a default tracking preference of unset (not enabled) unless a specific tracking preference is implied by the decision to use that agent. For example, use of a general-purpose browser would not imply a tracking preference when invoked normally as "SuperFred", but might imply a preference if invoked as "SuperDoNotTrack" or "UltraPrivacyFred".
> 
> A user agent extension, add-on, or software outside of the user agent must not alter the tracking preference.
> 
> Non-normative:
> User agent plug-ins and add-ons as well as software outside of a user agent are under continued review for future addition, whereby recognized limitations affecting a balanced implementation can be addressed.
> - ----------------------------------------------------------------------------------------
> 
> 
> 
> On Dec 11, 2013, at 6:51 AM, "Brad Kulick" <kulick@yahoo-inc.com> wrote:
> Nick, 
> 
> You are correct. Removing "Likewise" would be suffice. But Given the paragraph that following we would want to add intermediaries as well. Therefore, it would be:
> 
> "A user agent extension, add-on, or software outside of the user agent must not alter the tracking preference."
> 
> Also, the paragraph following it would need to be altered to remove or sync with the above.
> 
> Thanks,
> 
> Brad
> 
> 
> On Dec 8, 2013, at 11:43 PM, Nicholas Doty wrote:
> 
> I've set up a wiki with what I believe are the two proposals (the existing text which was the basis for sometime and for the batch closing period; and Brad's alternative to remove the "unless" clause).
> 
> http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_limitations_for_add-ons
> 
> Brad, we might want to clarify the wording of your suggestion: the sentence begins with "Likewise", but I believe you're proposing a different result (prohibition, rather than explicit choice) for user agent extensions / add-ons.
> 
> Thanks,
> Nick
> 
> On December 4, 2013, at 12:48 PM, Brad Kulick <kulick@yahoo-inc.com> wrote:
> 
> Matthias,
> 
> Respectfully, I would like to maintain my objection for closing Issue-153 and allow it to proceed to CFO. Given the lower than normal participation for today's call, I would appreciate allowing for process to complete to ensure any other similar viewpoints are represented.
> 
> Thanks,
> 
> Brad
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (MingW32)
> Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/
> Charset: utf-8
> 
> iQEcBAEBAgAGBQJSqbd1AAoJEHMxUy4uXm2JWhgIAK1L9+EeFMkGVhq/VPjkjsdi
> w/KMyIILjFFMAGNX+mc7vS8ULjygNOXJyftNHrcsS8vKFwTqsauUqYgsxmLFrqLV
> TssreX8gAB2IO84Tws4E+Jq69cr6E3MjnojFknJmLTxnO6zwN63VtJn0WNlNOs/3
> R1p5wWT+jjiEvKATjeUu0FoKTbm77+dDCQZMf5CdjPAo2PHcTHmRz+CXdnbt0Oqj
> Yurj6zdbYF749HN7e2asc0e/FmV0iE+aG5ytXGorKFoXwb6AX6cC9lXbOtwY7jSX
> cRdFC379CDKgHhiS0o/tExQp1txkrneFEzkvHx8qZXXwLaPpMOsphH8dpye3UZA=
> =jsiC
> -----END PGP SIGNATURE-----
>
Received on Thursday, 12 December 2013 17:30:42 UTC