Re: Issue for discussion on Wed

Hi Edward - 


I'm not looking to have another charter scope discussion, nor am I looking
to have a debate on what users are worried about and wether this spec is
going to address those concerns as that has historically been a rathole
for this WG.

That said, I'm trying to get at a User agent that is either: a) taking the
URL string to create segments to sell to advertisers (or others) for ad
targeting across the web, or b) enabling other entities to do so. To my
eyes, that type of behavior would be considered tracking.

Let me know if you agree. Assuming you agree, I'm open to alternative
wording to get at what I'm trying to address.

Thanks!

Alan



On 7/9/13 1:52 PM, "Edward O'Connor" <eoconnor@apple.com> wrote:

>Hi,
>
>Alan wrote:
>
>>> Proposed language:
>>> "A user agent MUST NOT track information related to the network
>>> interaction outside of the [Permitted Uses] and any explicitly-granted
>>> exceptions without consent."
>
>This language doesn't work as proposed. The User Agent is a piece of
>software acting on behalf of the user‹hence the term. And as David said,
>one cannot track onself.
>
>Users reasonably worry that information about them is being collected
>and retained by websites they don't have a direct relationship with.
>This is the concern that we are trying to address within the context of
>this Working Group, and this is the problem that we are chartered to
>solve. Now, it's entirely sensible for users to *also* worry about the
>information their User Agent is storing about them‹most browsers have a
>special mode (Private Browsing, "Incognito," etc.) within which they
>retain less information about the user. It might be worthwhile to pursue
>standardization of this feature at the W3C‹in a Working Group chartered
>to do so. But this WG is not so chartered.
>
>>> Rationale: 
>>> In reviewing the June draft with colleagues, it occurred to me that
>>> some User Agents ­ technically speaking ­ could engage in tracking.
>
>The basic architecture of all user agents includes all manner of
>features that retain data across network transactions. Off the top of my
>head, here are some of them. This list is by no means exhaustive.
>
>* Browsing history (the cache used by the back button, etc.)
>* Form data (for form autofill features)
>* Cookies, local storage, etc. (for session state)
>* The page cache
>
>I'm sure you didn't mean to affect features like these with your
>proposed text. Instead, you provided Amazon's Silk browser as an
>example. David replied:
>
>> OK, this one is more interesting. To what extent is the Silk browser
>> effectively a 'distributed user agent'? I agree with others that
>> trying to restrict what my local software can remember locally on my
>> behalf is not needed (it's part of me, the presumably second party),
>
>I think it's dangerous to rely on a distinction between 'local' and
>'distributed' here. Consider the syncing features offered by Google
>Chrome[1], Firefox[2], Safari[3], Internet Explorer[4], and Opera[5].
>Such syncing does not alter the relationship between user and User
>Agent‹in all these cases, User Agents act on behalf of their users, and
>do not fall under either the first- or third-party definitions.
>
>David went on to say:
>
>> but I agree with you that the browser *vendor* or other 'parties' are
>> third parties by definition.
>[Š]
>> But yes, we need to be clear that all other parties (including the
>> user-agent vendor) are third parties and subject to these controls.
>
>Yes, I think it's worth distinguishing between, say, "Google in the
>context of Chrome's sync and other browser features" and "Google in the
>context of AdSense." The latter certainly falls under our work in this
>WG‹$CORP doesn't get a pass simply because $CORP also happens to
>manufature the User Agent being used. I support adding text that makes
>this clear, but Alan's proposed text doesn't accomplish this.
>
>
>Ted
>
>1. https://support.google.com/chrome/answer/165139
>2. http://www.mozilla.org/en-US/mobile/sync/
>3. http://www.apple.com/safari/#icloud
>4. http://windows.microsoft.com/en-us/windows-8/sync-settings-pcs
>5. http://www.opera.com/link
>
>

Received on Tuesday, 9 July 2013 18:06:11 UTC