- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Tue, 16 Jul 2013 23:14:09 -0700
- To: John Simpson <john@consumerwatchdog.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Jul 16, 2013, at 5:58 PM, John Simpson wrote: > > Lee's approach makes sense and is worth discussing. Lee's approach is based on a theory that we can identify the nature of a threat before collecting any data on the user agent. If the WG can't figure out why that approach is wrong, then we have a serious problem. Initial data collection for security occurs because we don't know if there are "reasonable grounds to believe ...". The main point of performing the data collection is to determine if those grounds exist for this particular client request (or sequence of requests). After the grounds are obtained, then a graduated response can begin (i.e., more data collection, or retention for a longer period). This kind of data collection has nothing to do with OBA or building user profiles -- it is attack profiling and short-term retention of request traces. The reason we don't need two separate permitted uses for fraud and security is because the exact same phrasing and limitations ought to apply to each of the listed concerns provided in my suggested text. I don't want to have five separate discussions about the same text when the limitations and data collection are identical. Like other permitted uses, the retention ends as soon as retention is no longer reasonably necessary, so there is no need to argue about distinct retention periods for the various threats being protected against. Lee's suggested text is also specific to advertising, including some incorrect examples about clicking on ads being a third party request. The Security permitted use is NOT about advertising. DNT does not limit itself to advertising. The purpose of this section is to acknowledge that tracking will occur, regardless of DNT, to provide for what is reasonably necessary to keep the third party service secure, or for a third party to provide a security-specific service to a first party (e.g., a third party that does not qualify as a service provider because its data might not be siloed per first party site). This includes third party user authentication, protection from general fraud (not click-fraud), and other fun things like obeying national export controls. Advertising data collection should already be accounted for in the permitted use for financial billing and auditing. That data may be impacted by security collection, such as the exclusion of counts for clients that are later determined to be part of a zombie network, but the two permitted uses tend to be separate data stores with completely different administrative controls. ....Roy
Received on Wednesday, 17 July 2013 06:14:24 UTC