- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Wed, 3 Jul 2013 19:41:07 +0100
- To: "'David Singer'" <singer@apple.com>
- Cc: <public-tracking@w3.org>
Yes, I was confusing the permitted use section with the "not tracking" claim. I liked the "tracking data" terminology because it contains the idea of persistent (unique) identifiers, and you are right 1) rules out fingerprinting. I was just saying there should be some explanatory set clarifying that (i.e. DNT:1 always rules out fingerprinting because identifying data cannot be retained in the server). If a data controller causes JS to gather fonts etc. and XHR them back this is a pretty good sign they are using fingerprinting, which is not TPC compliant behaviour when DNT:1. When we get to talking about permitted uses then "tracking data" needs qualification. Some tracking data may be OK (like a short duration identifier to distinguish unique visitors), while others would not (multi year duration cookies or fingerprinting). Mike -----Original Message----- From: David Singer [mailto:singer@apple.com] Sent: 03 July 2013 17:59 To: Mike O'Neill Cc: public-tracking@w3.org Subject: Re: 'not tracking', amendment to the change proposal On Jul 3, 2013, at 0:13 , Mike O'Neill <michael.oneill@baycloud.com> wrote: > David, > > I agree, and "tracking data" is more technology neutral than my text > on fingerprinting and identifier duration. We should still explicitly > rule out fingerprinting but data associated with a fingerprint would fail test (1) or (2), wouldn't it? > and encourage short duration identifiers for permitted uses in some > explanatory non-normative text. you can't possibly claim simultaneously any permitted use, and be 'absolutely not tracking'. You can't even retain log files (raw data permission). can you explain? > > Mike > > -----Original Message----- > From: David Singer [mailto:singer@apple.com] > Sent: 03 July 2013 01:08 > To: public-tracking@w3.org List > Subject: 'not tracking', amendment to the change proposal > > http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_No_Tracking > > problem: > > Though I doubt many sites will want to or be able to claim this state, > I don't see a problem in defining it (it is at worst harmless), but I > don't think the definition works. > > > proposal: > > A party may claim that it is not tracking, if it does not retain > tracking data after the network transaction is complete. Retaining > tracking data > includes: > > 1) Retention by the server of data that falls into the definition of > tracking data. > > 2) Causing the user-agent to retain data, such as cookies, that > contains or can be linked to tracking data. > > Note that tracking data applies to data after a transaction is > complete; the site may use in-transaction data for the purposes of > satisfying the transaction. > > > > > David Singer > Multimedia and Software Standards, Apple Inc. > > > David Singer Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 3 July 2013 18:41:40 UTC