- From: David Singer <singer@apple.com>
- Date: Wed, 10 Jul 2013 11:47:37 +0100
- To: Shane Wiley <wileys@yahoo-inc.com>
- Cc: Mike O'Neill <michael.oneill@baycloud.com>, 'achapell' <achapell@chapellassociates.com>, "npdoty@w3.org" <npdoty@w3.org>, "tlr@w3.org" <tlr@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "jeff@democraticmedia.org" <jeff@democraticmedia.org>
On Jul 9, 2013, at 19:29 , Shane Wiley <wileys@yahoo-inc.com> wrote: > Mike, > > Deidentification is about removing the association between a unique ID (any source: cookie, digital fingerprint, etc.) and the actual/specific user/device. In this context: > > Red: actual user/device > Yellow: not actual user/device but events are linkable (and only usable for analytics/reporting) I think that yellow data is fairly easily related to a user/device, isn't it, given that the same 'key' is consistently used for the same user/device? a) if I get access to the association from the user/device to the key b) if I know the algorithm to calculate the key from a transaction c) if I can trigger the user into performing a 'tracer' transaction, and see which record that gets appended to d) if I can look at the accumulated data and infer who it is, under some circumstances (geography, gender, and so on) There are probably more. It might be harder to identify them than if the user's obvious identifiers are in the record, but it's still a tracking record of a specific user/device. So I agree, it's not until we get to green that we get out of scope: > Green: not actual user/device and events are not linkable (outside the scope of DNT) David Singer Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 10 July 2013 10:48:08 UTC