Re: Issue for discussion on Wed - User Agent Compliance from David Singer on 2013-07-10 (public-tracking@w3.org from July 2013)

From: David Singer <singer@apple.com>
Date: Wed, 10 Jul 2013 16:38:46 +0100
To: Alan Chapell <achapell@chapellassociates.com>
Cc: Sid Stamm <sid@mozilla.com>, public-tracking@w3.org
Message-id: <5C07CF62-52DB-49BE-B41C-5D47A5BA4EB5@apple.com>

On Jul 10, 2013, at 16:22 , Alan Chapell <achapell@chapellassociates.com> wrote:

> Sure. First one was originally offered by Justin, and the second from me
> is a client side version of Justin's use case.
> 
> 1. Server side UA's - Amazon's Kindle Fire MITMs all network requests in
> the cloud in order to more efficiently render them on the relatively
> unsophisticated client.  So it's going to collect all the user's urls on
> Amazon servers.  A prohibition on sharing that data wouldn't stop Amazon
> from retaining the logs forever and using for OBA or anything else.
> 
> 2. Client side UA's - Browser X takes all network interactions and: a)
> provides raw data to advertisers, social networking platforms, publishers,
> ad networks, etc for ad targeting or content customization across the web
> and/or b) provides information derived from those network interactions to
> advertisers, social networking platforms, publishers, ad networks, etc for
> ad targeting or content customization across the web.
> 
> 
> Does that help?
> 
> 
> I'm wondering if Justin's approach might work better --- A UA is a third
> party when engaging in behaviors outside XXXX uses.
> 
> Alan

I wonder if we also need to cover explicit consent (e.g. if I consent to using Fire, and it says that to work it needs to share information with Amazon?)

> 
> On 7/10/13 11:07 AM, "Sid Stamm" <sid@mozilla.com> wrote:
> 
>> 
>> On 7/10/13 7:59 AM, Alan Chapell wrote:
>>> Thanks Sid / Justin - I'm wondering if this addresses things better.
>>> 
>>> Proposed language:
>>> "A user agent MUST NOT share information related to the network
>>> interaction with parties outside such interaction without consent."
>> 
>> I think my original concern remains valid:
>> 
>>> On 7/10/13 10:39 AM, "Sid Stamm" <sid@mozilla.com> wrote:
>>>> This suggests to me that the user agent must not share information
>>>> about
>>>> one network interaction (A) with another network interaction (B)....
>>>> which in turn makes me wonder about multi-interaction sites (those with
>>>> first party A and third party B).
>>>> 
>>>> Do UAs stop sending referrers?  That is a direct share of URL from A
>>>> with entity in B.  I don't think we want to go down this path.
>> 
>> Can you list a few specific examples of specific things that should be
>> turned off when DNT is 1?  I suspect referrer-sending is not one such
>> thing you'd like to disable when DNT is 1.
>> 
>> -Sid
>> 
>> 
> 
> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 10 July 2013 15:39:18 UTC