- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Mon, 8 Jul 2013 11:37:41 -0700
- To: David Singer <singer@apple.com>
- Cc: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
- Message-ID: <5C9E622F514D465B91DDE730BF8EDA4E@gmail.com>
Great: we're in agreement on the use cases we want to cover. In terms of implementing text, I don't read our current definition of "retain" to cover client-side information. (And what about fingerprinting, where there is no client-side information stored?) At any rate, I'm inclined to hold this (constructive!) conversation until we decide a) to have a definition of "tracking" and b) to make that definition normative. Best, Jonathan On Monday, July 8, 2013 at 11:16 AM, David Singer wrote: > > On Jul 7, 2013, at 21:48 , Jonathan Mayer <jmayer@stanford.edu (mailto:jmayer@stanford.edu)> wrote: > > > Perhaps a concrete example would help clarify: Suppose a third-party website starts tagging browsers with ID cookies for no particular reason. I think that should be covered, even if the website quickly discards the data. > > It already is. That's retaining something (an ID on the user) after the transaction is complete. And the only purpose/utility would be to link that ID to some data records, so that would be a further violation. > > > A parallel in the recent NSA coverage may also be instructive. The NSA has argued that it does not "collect" information when it is swept into a dragnet. Some observers have criticized this perspective, noting that privacy risks arise from data being made available to the NSA, independent of how it is retained or used. > > Agreed again, and that again is covered by the 'don't retain after the transaction is over'. > > > > > Jonathan > > > > On Monday, July 1, 2013 at 9:46 AM, David Singer wrote: > > > > > > > > On Jun 27, 2013, at 20:17 , Jonathan Mayer <jmayer@stanford.edu (mailto:jmayer@stanford.edu)> wrote: > > > > > > > David, > > > > > > > > This definition is trying to get at two issues. First, privacy risks flow from the very collection of certain information (e.g. linkable non-protocol information). Second, the standard should prohibit certain collection practices. Much like the June Draft usage of the term "tracking," the intent here is to reflect the aims and sweep of the compliance document. Other sections of text provide detail, including that protocol information can be used. > > > > > > I am still not getting what you mean by 'collect' that is different from 'retain'. > > > > > > Example (we worked with this before): 'collect' means actively gathering information that is additional to that found in the protocol exchange. Examples would be looking up a geographic location (using IP address), or looking the user up in some database held by another party (distinguishing this collected data from data already known by the party). > > > > > > We already seem to be working towards 'retain' as holding information after the transaction is over. > > > > > > > > > > > > > > Best, > > > > Jonathan > > > > On Thursday, June 27, 2013 at 6:49 PM, David Singer wrote: > > > > > > > > > Can you tell us what you mean by 'collect' (that distinguishes it from 'retain', and that allows use of in-transaction data for satisfying the transaction)? > > > > > > > > > > > > > > > On Jun 26, 2013, at 5:57 , Jonathan Mayer <jmayer@stanford.edu (mailto:jmayer@stanford.edu)> wrote: > > > > > > > > > > > I would propose that we not define "tracking" within the TCS document. > > > > > > > > > > > > In the alternative, if the group elects to proceed with a definition, I would propose this small change: > > > > > > > Tracking is the collection, retention, or use of data records that are, or can be, associated with a specific user, user agent, or device. > > > > > > > > > > > > > > > > > > This definition encompasses collection of information, unlike the June Draft text. > > > > > > > > > > David Singer > > > > > Multimedia and Software Standards, Apple Inc. > > > > > > > > > > > > > > > > > > > > > > David Singer > > > Multimedia and Software Standards, Apple Inc. > > > > > > > > > > David Singer > Multimedia and Software Standards, Apple Inc. > >
Received on Monday, 8 July 2013 18:38:13 UTC