- From: <mts-std@schunter.org>
- Date: Thu, 13 Jun 2013 10:06:43 -0700
- To: "Chris Mejia" <chris.mejia@iab.net>
- Cc: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Hi Chris, thanks for raising this concern. I fully agree that there will be many levels of grey between a privacy tool and a browser and in some cases, the line will be difficult to draw. Regards, matthias > Hi Matthias, > > I'm concerned with: > > "this is a very strong expression of a desire for privacy" > > It represents a slippery slope, open to personal interpretation, and a > certain vagueness that's hard to program for-- and thus should not be in a > tech spec. It would leave DNT compliance open for rather loose > interpretation-- and that would be a problem for publishers who are left > to make sense of this spec for their users. > > Here's a tangible and real example/concern, to support my point: > Microsoft is currently running strong television ads in some jurisdictions > around privacy. In some spots, they connect privacy, even 'tracking > protection,' to their IE10 product offering. Does that make Microsoft's > IE10 a "privacy browser", and are we now ok allowing them to set/send DNT > by default and be "compliant" with our spec? I thought we already agreed, > no, that's not ok. > > But if we allow this to be the case, what will keep any browser company or > other UA from simply saying that privacy is a key feature of their browser > and then also setting DNT by default, without any real user > action/understanding of the setting? Nothing. And then DNT:1 will become > ubiquitous, it will harm industry (especially long-tail small publishers), > and so on... > > Chris > > > On Jun 13, 2013, at 10:49 AM, "Matthias Schunter (Intel Corporation)" > <mts-std@schunter.org<mailto:mts-std@schunter.org>> wrote: > > Hi! > > my 2cents: > - From a user expectation point of view, I would expect that whatever is > turned on by private browsing (e.g., turning on DNT;1) > is then undone when I exit this mode (i.e., returning DNT to the prior > state). > > - The original intent (AFAIR) of the language I cited was to allow > installation of privacy tools (such as the anonymous browsing tool "Tor") > and - since this is a very strong expression of a desire for privacy - > these tools may send DNT;1 by default. > Naturally, these tools MUST still need to implement the exception API > and provide a feature to return from DNT;1 to unset or DNT;0. > > > Matthias > > > On 13/06/2013 16:27, Alan Chapell wrote: > Thanks Craig - > > I probably wasn't being clear enough in my question. As I understand it, > Safari turns on DNT automatically during a Private Browsing session. I'm > asking if DNT remains on, or is turned off when the Private Browsing > session ends. > > > From: Craig Spiezle <craigs@otalliance.org<mailto:craigs@otalliance.org>> > Date: Thursday, June 13, 2013 10:18 AM > To: Alan Chapell > <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>>, > 'Justin Brookman' <jbrookman@cdt.org<mailto:jbrookman@cdt.org>>, 'David > Singer' <singer@apple.com<mailto:singer@apple.com>> > Cc: 'Shane Wiley' <wileys@yahoo-inc.com<mailto:wileys@yahoo-inc.com>>, > 'Peter Swire' <peter@peterswire.net<mailto:peter@peterswire.net>>, > <public-tracking@w3.org<mailto:public-tracking@w3.org>> > Subject: RE: June Draft of the DNT compliance spec > Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>> > Resent-Date: Thu, 13 Jun 2013 14:19:33 +0000 > > This is really determined by the browser vendor and or user setting if > “private browsing” (InPrivate, Incognito…) is a session based or > persistent setting. > > From: Alan Chapell [mailto:achapell@chapellassociates.com] > Sent: Thursday, June 13, 2013 7:07 AM > To: Justin Brookman; Craig Spiezle; David Singer > Cc: 'Shane Wiley'; 'Peter Swire'; > public-tracking@w3.org<mailto:public-tracking@w3.org> > Subject: Re: June Draft of the DNT compliance spec > > Thanks Justin. I was unaware of the Private Browsing feature. > > David, does Private Browsing turn on DNT automatically during a private > browsing session, and then turn it off automatically once the private > browsing session is over? > > > > From: Justin Brookman <jbrookman@cdt.org<mailto:jbrookman@cdt.org>> > Date: Monday, June 10, 2013 12:37 PM > To: Craig Spiezle <craigs@otalliance.org<mailto:craigs@otalliance.org>> > Cc: 'Shane Wiley' <wileys@yahoo-inc.com<mailto:wileys@yahoo-inc.com>>, > Alan Chapell > <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>>, > 'Peter Swire' <peter@peterswire.net<mailto:peter@peterswire.net>>, > <public-tracking@w3.org<mailto:public-tracking@w3.org>> > Subject: Re: June Draft of the DNT compliance spec > > Previously, I thought we had agreement that selection of a special > privacy-protective product or setting could imply consent to send DNT:1 > This agreement is currently reflected in the TPE in Section 3: > http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining. > For example, I believe that Safari turns on DNT:1 whenever someone > engages "Private Browsing" mode, despite no specific language about Do Not > Track: http://www.apple.com/safari/features.html > > However, that language/agreement may have been subsumed by more recent > discussions. > > On Jun 10, 2013, at 11:15 AM, "Craig Spiezle" > <craigs@otalliance.org<mailto:craigs@otalliance.org>> wrote: > > > I apologize for possibly bringing up a closed issue, but do you see a > distinction between a browser or a privacy / security enhancing product? > I agree with what is proposed by a browser, but see there might be other > scenarios where the consumer is making an implied decision when acquiring > a third party security / privacy add-on?. > > Conceptually let’s call the product Privacy and Data Protector which by > default out of the box offers “maximized protection of your data > collection and privacy”. Could one argue that one who purchases such a > product in effect is making an implied decision to use such functionality. > Better yet Ad-Block Plus? > > > > > > From: Shane Wiley [mailto:wileys@yahoo-inc.com<http://yahoo-inc.com>] > Sent: Monday, June 10, 2013 7:17 AM > To: Alan Chapell; Peter Swire; > public-tracking@w3.org<mailto:public-tracking@w3.org> > Subject: RE: June Draft of the DNT compliance spec > > Friendly amendment suggestion: > > “…unless they have otherwise obtained consent from the user to do so.” > > - Shane > > From: Alan Chapell [mailto:achapell@chapellassociates.com] > Sent: Monday, June 10, 2013 6:31 AM > To: Peter Swire; public-tracking@w3.org<mailto:public-tracking@w3.org> > Subject: Re: June Draft of the DNT compliance spec > > Thanks Peter. I'm still generally uncomfortable that DNT doesn't place > requirements on First Parties. > > One item of particular concern that seems to have fallen off the radar is > the scenario where a party collects data in a first party context and > attempts to use it in a third party context when DNT is enabled. I thought > there was agreement on this issue. However, I keep raising it, and it > doesn't seem to make it into the drafts. Perhaps its implied in the > language "… customize the content, services, and advertising in the > context of the first party experience." However, it is not clear enough, > IMHO. > > To address, I offer the following language to Section 4 (First Party > Compliance). The new language is below. > > First Parties must not use data collected while a First Party when acting > as a Third-Party when DNT = 1. > > > Nick – if I need to open up another issue on this, please let me know. > Thanks! > > Alan > From: Peter Swire <peter@peterswire.net<mailto:peter@peterswire.net>> > Date: Monday, June 10, 2013 7:47 AM > To: "public-tracking@w3.org<mailto:public-tracking@w3.org>" > <public-tracking@w3.org<mailto:public-tracking@w3.org>> > Subject: June Draft of the DNT compliance spec > Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>> > Resent-Date: Mon, 10 Jun 2013 11:47:58 +0000 > > To the Working Group: > > Attached please find a June Draft of the compliance spec. The > spec is also available at: > > http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.html > > This draft builds directly on the Consensus Action Summary from the > Sunnyvale F2F. Working closely with W3C staff, and based on numerous > discussions with members of the WG, this June Draft is my best current > estimate of a document that can be the basis for a consensus document in > time for Last Call. > > The June Draft includes a number of grammatical and stylistic > edits to various provisions of the previous working drafts. These > sorts of edits were done in hopes of adding clarity and good > writing to the provisions. In the spirit of humility, W3C staff > and I recognize that members of the WG may spot substantive > objections to these stylistic edits – let us work within a > constructive spirit of the working group process to examine and, > where appropriate, make changes to these edits. > > The Draft also addresses the four task areas included in the > Consensus Action Summary. In proposing language in the June > Draft, my intent and belief was to make good substantive judgments > about an overall package that may achieve consensus, as well as > item-by-item judgments about what is substantively most defensible > within the context of the WG. Clearly, the group will need to > work through each piece of the text, members can suggest > alternatives, and we will need to determine where and whether > consensus exists. > > The June Draft contains normative text but not non-normative text. > In part, this reflects my view that we have the best chance to > work constructively on a relatively short amount of normative > text. Proposed non-normative text can be proposed for provisions > in time for Last Call. As a potentially useful alternative, W3C > has various mechanisms for publishing notes or other documents > that illuminate a standard. The best time for detailed discussion > of most non-normative text quite possibly will be after Last Call. > > The June Draft discusses only items that the W3C WG can address. > Clearly, the actions of others on these issues may be relevant to > the overall outcome. For instance, the DAA has discussed changes > to its code, including on its market research and product > development exceptions. There has been discussion of a > potentially useful limit on any blocking of 3d party cookies for > sites that comply withDNT. There may also be new and useful > technical measures that would be important to the future of > advertising in a privacy-protective manner. The text here, as > indicated, addresses what would be within the compliance spec > itself. > > W3C staff and I are working on further explanatory materials that > will seek to clarify the changes here, and link the June Draft to > the issues on the WG site. > > The regular call this Wednesday will be an opportunity for the > Group to have an initialdiscussion of the June Draft. To give > everyone a chance to review this material, we will not be seeking > to close compliance issues during this Wednesday’s calls. > > Thank you, > > Peter > > > > Prof. Peter P. Swire > C. William O'Neill Professor of Law > Ohio State University > 240.994.4142 > www.peterswire.net<http://www.peterswire.net> > > Beginning August 2013: > Nancy J. and Lawrence P. Huang Professor > Law and Ethics Program > Scheller College of Business > Georgia Institute of Technology > > > >
Received on Thursday, 13 June 2013 17:07:05 UTC