- From: Lee Tien <tien@eff.org>
- Date: Wed, 18 Dec 2013 14:02:18 -0800
- To: Justin Brookman <jbrookman@cdt.org>
- Cc: David Singer <singer@apple.com>, Tracking Protection Working Group <public-tracking@w3.org>
"Context" confuses me. For instance, this language... >>> "For the purpose of this definition, a context is a set of resources that share the same data controller, same privacy policy, and a common branding, such that a user would expect that data collected by one of those resources is available to all other resources within the same context." ...seems clearly to rely on user expectations. I don't have a fundamental problem with that -- but many in the group argued a while back that they could not know what a user would expect. Lee On Dec 18, 2013, at 12:36 PM, Justin Brookman wrote: > Right, I think I understand you now. I think that would be a perverse reading of context --- and not one that any working group participant would want --- but we can make that more clear. I think Roy's notion is that there are *millions* of different contexts out there, and DNT is a request that servers not merge data across those contexts. > > I think that most participants would be willing to offer clarifying language on at least that point, but the harder question is what other guidance we want to add. I think Roy's language is a good starting point, but I'd be interested to hear other ideas. > > On Dec 18, 2013, at 2:25 PM, David Singer <singer@apple.com> wrote: > >> The point I made on the call I will put here just for the record. >> >> We have, in the past, used context to distinguish “first party” and “third party” contexts, i.e. there are only two contexts. (Well, perhaps also service-provider acting for 1st or 3rd). >> >> If someone reads this definition of tracking and there is NO definition of context, they might understand >> >> "the retention, use, or sharing of data derived from that activity outside the context in which it occurred” >> >> as allowing data collected in “a third party context” and then used or shared also in a “third party context” as staying in the same context, and not tracking. This is not what Roy writes below or what we intend, but, without a definition, it could be misunderstood that way. >> >> >> On Dec 18, 2013, at 10:37 , Tracking Protection Working Group Issue Tracker <sysbot+tracker@w3.org> wrote: >> >>> tracking-ISSUE-240 (Context): Do we need to define context? [Tracking Preference Expression (DNT)] >>> >>> http://www.w3.org/2011/tracking-protection/track/issues/240 >>> >>> Raised by: Justin Brookman >>> On product: Tracking Preference Expression (DNT) >>> >>> The definition of tracking that was adopted by the group includes a concept of "context" that some members have asked that the text define more clearly. >>> >>> Roy Fielding was the author of this definition, and included this language on context in the Call for Objections poll: >>> >>> The above definition also depends on there being a definition of context that bounds a scope of user activity, though it is not dependent on any particular definition of that term. For example, something along the lines of: "For the purpose of this definition, a context is a set of resources that share the same data controller, same privacy policy, and a common branding, such that a user would expect that data collected by one of those resources is available to all other resources within the same context." >>> >>> Alternatively, the group might decide that the common sense meaning of context is sufficient, as it more closely approximates a user's general intent in turning on the Do Not Track signal. >>> >>> We will continue discussion of this topic on the January 8th call, but we encourage discussion of these (and other) ideas on the list in the meantime. >>> >>> >>> >> >> David Singer >> Multimedia and Software Standards, Apple Inc. >> >> > > > >
Received on Wednesday, 18 December 2013 22:02:47 UTC