Re: Concerns regarding "store"-style DNT exceptions Re: Batch closing of issues ISSUE-144 from Jonathan Mayer on 2013-01-31 (public-tracking@w3.org from January 2013)

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Thu, 31 Jan 2013 10:44:30 -0800
To: Shane Wiley <wileys@yahoo-inc.com>
Cc: Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <470841B3F69D44A994D65780EE5B556D@gmail.com>

The objections that Walter, Nick, and I have raised do not turn on "good" or "bad" motives.  They're about consumer trust and economic incentives to provide informed and meaningful choice.

I don't see any need for further quarrel on ISSUE-144 (and related).  There have been sustained and "substantiated" objections.  The issues should not be CLOSED.

Jonathan  


On Thursday, January 31, 2013 at 8:23 AM, Shane Wiley wrote:

> Walter,
>   
> We have a Server status response on EACH page load that reconfirms the Sites perspective.  For example, if the UA sends DNT:1, the Server can respond with a status that it has prior consent from the user.  It’s because of this per page status model, that I feel strongly front loading the exception process is the wrong path for the standard.
>   
> Both in the exception setting process and in the per page status response everyone will have the opportunity to “catch bad actors”.  Let’s not drag down the standard for good actors since checks and balances are already in place.
>   
> - Shane
>   
> From: Walter van Holst [mailto:walter.van.holst@xs4all.nl]  
> Sent: Thursday, January 31, 2013 8:40 AM
> To: public-tracking@w3.org (mailto:public-tracking@w3.org)
> Subject: Re: Concerns regarding "store"-style DNT exceptions Re: Batch closing of issues ISSUE-144  
>   
> On 1/31/13 4:30 PM, Shane Wiley wrote:
>  
> >   
> > Thank you for the thoughtful exploration of incentives for allowing exception setting from Servers.  I thought we as a working group had originally agreed that if a Site has collected out-of-band (OOB) consent from a user, that they could proactively store this in the UA for appropriate relay on subsequent interactions.  Weren’t you supportive of that position?  If so, I’m curious how this process changes that?   
> >   
> > There is little incentive for Sites to adopt DNT if direct consent mechanisms are second questioned by the UA as they will not be able to relay the context and value exchange messaging in which the consent was originally captured (basically, a Site would be opening up its direct consent with users to a UA confirmation).  As each exception transaction is recorded, it is readily available for advocates and regulators to interrogate for appropriate processing and informed consent.  This continues to be an exercise in burdening the rest of the ecosystem to attempt to weed out bad actors that will likely not implement DNT in the first place.  The edge cases you’ve explored are just that – edge cases – and we should avoid developing remedies to those situations at the cost of the entire standard.
> >   
> > There is a chain of dependencies within the Site, UA, and User ecosystem to develop trust in DNT.  The first step is that each party desire implementing the standard in the first place.  If very few Sites implement DNT in the first place, then User trust will not develop.  I believe we’ll see self-regulation step up globally to wipe out the edge-cases you’ve outlined.
> >   
> > I would ask the working group to continue to avoid overburdening and disintermediating Sites from their Users in this standard.  The current proposal for allowing Sites to register user granted exceptions in the UA is the right course, is supported by many/most in the working group, and will drive higher adoption of the DNT standard – the first step needed to drive User trust in the utility and confidence in DNT.
> >   
>  
>  
>  
> Let's agree that user trust is paramount. Users will not trust DNT if a site can claim OOB consent without the browser at least indicating such claim. I am not asking for additonal dialogs, merely that the UA indicates the level of trust granted to the various parties.
>  
> And yes, I am aware that DNT is based on trust on the good faith of servers. I do not think that trust is nurtured by a standard that requires no indication to users of discrepancies between their browser settings and actual behaviour, even in good faith, of a server, where it can be reasonably detected by the UA. I concur with Nick that this would cast doubt on the meaning of the signal.
>  
> Regards,
>  
>  Walter

Received on Thursday, 31 January 2013 18:44:54 UTC