Re: issue-199 from Rigo Wenning on 2013-07-10 (public-tracking@w3.org from July 2013)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 10 Jul 2013 12:25:14 +0200
To: Shane Wiley <wileys@yahoo-inc.com>
Cc: "public-tracking@w3.org" <public-tracking@w3.org>, Mike O'Neill <michael.oneill@baycloud.com>, 'achapell' <achapell@chapellassociates.com>, "npdoty@w3.org" <npdoty@w3.org>, "tlr@w3.org" <tlr@w3.org>, "jeff@democraticmedia.org" <jeff@democraticmedia.org>
Message-ID: <2197314.snd8MZ1RCs@hegel.sophia.w3.org>

Shane, 

I think you don't address my point. 

I do not question that your suggestion is a useful privacy enhancement. 
I applaud the effort. I'm glad Yahoo sees privacy as a competitive 
advantage in the market. Yes, we should have greater permissions for 
those making such privacy enhancements and allow to have a good working 
system. 

My point is: do you have to call that "de-identification"? What if I 
would suggest to call it "pseudo-tracking". You would be shocked. :)

The thing you do is right. The label is wrong, utterly wrong. Because it 
suggests that yellow is actually green. Name it "enhanced 
pseudonymization" and get enhanced permissions in a permitted use. That 
would be fine IMHO.

But you can't say: Yellow is off the hook, a plain permitted use. 
Because you still single out in the analytics. If you don't want to 
single out, create bigger buckets. But you don't suggest to create those 
bigger buckets. And that's not off the hook, not green and still 
somewhat "identified" ; not "de-identified". The target of the analysis 
is still a single person. The name/address/birthday triple starts to get 
almost irrelevant for identity. 

BTW, if you can single out in the profile, you can get back to the user 
by watching traffic for the identified behavioral pattern (fingerprint). 
But you don't want to link back to the user, you want to predict your 
next user. And the user doesn't want to be predictable, thus DNT:1. If I 
want you to predict me, I'll give you a DNT:0

 --Rigo

On Wednesday 10 July 2013 07:47:28 Shane Wiley wrote:
> The element that is missing in your analysis is the "operational
> nature" of the resulting identifier.  Pseudonyms can still be used in
> a production setting - meaning that I can alter a user's experience
> in real-time leveraging historical activity associated with the
> pseudonym.  In our proposal, the result of de-identification does NOT
> allow for this and data's only utility is for analytical purposes
> alone.  Repeat, data in the Yellow Zone CANNOT be used to link back
> to the real user in anyway.
> 
> I believe this is the significant disconnect in attempting to leverage
> pseudonyms in the context of the DNT standard as they would clearly
> live in the Red zone - NOT the Yellow zone.

Received on Wednesday, 10 July 2013 10:25:56 UTC