Re: June Draft of the DNT compliance spec

Hi Craig,

thanks for clarifying. I personally agree that these questions are the 
right questions to ask.
I also agree with your assessment.

However, I am not sure whether can formalise necessary and sufficient 
conditions under which the use of a tool expresses a preference (i.e., a 
condition that says "use of a tool is an explicit expression of 
preference if and only if [text to be added]".

Matthias






On 13/06/2013 19:24, Craig Spiezle wrote:
>
> Fair point, but I think we need to look as some criteria
>
> ·What is the primary utility of a product / add on?
>
> ·How is it acquire / installed ? (pre-installed vs. purchase or download)
>
> In the case of a pre-installed browser one might suggest the primary 
> purpose is web browsing and searching, so for one pre-configured with 
> DNT=1 in the US is not compliant.  It would be hard to conceive the 
> purchase of such a device was driven by a browser setting.   
> Conversely if one chooses to install a browser or add-on, not 
> pre-installed on their device in part due to the prominent positioning 
> of these privacy focused features(s) on by default one could argue 
> they made an explicit decision.
>
> *From:*Chris Mejia [mailto:chris.mejia@iab.net]
> *Sent:* Thursday, June 13, 2013 9:09 AM
> *To:* Matthias Schunter (Intel Corporation)
> *Cc:* public-tracking@w3.org
> *Subject:* Re: June Draft of the DNT compliance spec
>
> Hi Matthias,
>
> I'm concerned with:
>
> /"this is a very strong expression of a desire for privacy"/
>
> It represents a slippery slope, open to personal interpretation, and a 
> certain vagueness that's hard to program for-- and thus should not be 
> in a tech spec.  It would leave DNT compliance open for rather loose 
> interpretation-- and that would be a problem for publishers who are 
> left to make sense of this spec for their users.
>
> Here's a tangible and real example/concern, to support my point: 
>  Microsoft is currently running strong television ads in some 
> jurisdictions around privacy.  In some spots, they connect privacy, 
> even 'tracking protection,' to their IE10 product offering. Does that 
> make Microsoft's IE10 a "privacy browser", and are we now ok allowing 
> them to set/send DNT by default and be "compliant" with our spec?  I 
> thought we already agreed, no, that's not ok.
>
> But if we allow this to be the case, what will keep any browser 
> company or other UA from simply saying that privacy is a key feature 
> of their browser and then also setting DNT by default, without any 
> real user action/understanding of the setting?  Nothing.  And then 
> DNT:1 will become ubiquitous, it will harm industry (especially 
> long-tail small publishers), and so on...
>
> Chris
>
>
> On Jun 13, 2013, at 10:49 AM, "Matthias Schunter (Intel Corporation)" 
> <mts-std@schunter.org <mailto:mts-std@schunter.org>> wrote:
>
>     Hi!
>
>     my 2cents:
>     - From a user expectation point of view, I would expect that
>     whatever is turned on by private browsing (e.g., turning on DNT;1)
>     is then undone when I exit this mode (i.e., returning DNT to the
>     prior state).
>
>     - The original intent (AFAIR) of the language I cited was to allow
>     installation of privacy tools (such as the anonymous browsing tool
>     "Tor")
>       and - since this is a very strong expression of a desire for
>     privacy - these tools may send DNT;1 by default.
>       Naturally, these tools MUST still need to implement the
>     exception API and provide a feature to return from DNT;1 to unset
>     or DNT;0.
>
>
>     Matthias
>
>     On 13/06/2013 16:27, Alan Chapell wrote:
>
>         Thanks Craig -
>
>         I probably wasn't being clear enough in my question. As I
>         understand it, Safari turns on DNT automatically during a
>         Private Browsing session. I'm asking if DNT remains on, or is
>         turned off when the Private Browsing session ends.
>
>         *From: *Craig Spiezle <craigs@otalliance.org
>         <mailto:craigs@otalliance.org>>
>         *Date: *Thursday, June 13, 2013 10:18 AM
>         *To: *Alan Chapell <achapell@chapellassociates.com
>         <mailto:achapell@chapellassociates.com>>, 'Justin Brookman'
>         <jbrookman@cdt.org <mailto:jbrookman@cdt.org>>, 'David Singer'
>         <singer@apple.com <mailto:singer@apple.com>>
>         *Cc: *'Shane Wiley' <wileys@yahoo-inc.com
>         <mailto:wileys@yahoo-inc.com>>, 'Peter Swire'
>         <peter@peterswire.net <mailto:peter@peterswire.net>>,
>         <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>         *Subject: *RE: June Draft of the DNT compliance spec
>         *Resent-From: *<public-tracking@w3.org
>         <mailto:public-tracking@w3.org>>
>         *Resent-Date: *Thu, 13 Jun 2013 14:19:33 +0000
>
>             This is really determined by the browser vendor and or
>             user setting if "private browsing" (InPrivate,
>             Incognito...)  is a session based or persistent setting.
>
>             *From:*Alan Chapell [mailto:achapell@chapellassociates.com]
>             *Sent:* Thursday, June 13, 2013 7:07 AM
>             *To:* Justin Brookman; Craig Spiezle; David Singer
>             *Cc:* 'Shane Wiley'; 'Peter Swire'; public-tracking@w3.org
>             <mailto:public-tracking@w3.org>
>             *Subject:* Re: June Draft of the DNT compliance spec
>
>             Thanks Justin. I was unaware of the Private Browsing feature.
>
>             David, does Private Browsing turn on DNT automatically
>             during a private browsing session, and then turn it off
>             automatically once the private browsing session is over?
>
>             *From: *Justin Brookman <jbrookman@cdt.org
>             <mailto:jbrookman@cdt.org>>
>             *Date: *Monday, June 10, 2013 12:37 PM
>             *To: *Craig Spiezle <craigs@otalliance.org
>             <mailto:craigs@otalliance.org>>
>             *Cc: *'Shane Wiley' <wileys@yahoo-inc.com
>             <mailto:wileys@yahoo-inc.com>>, Alan Chapell
>             <achapell@chapellassociates.com
>             <mailto:achapell@chapellassociates.com>>, 'Peter Swire'
>             <peter@peterswire.net <mailto:peter@peterswire.net>>,
>             <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>             *Subject: *Re: June Draft of the DNT compliance spec
>
>                 Previously, I thought we had agreement that selection
>                 of a special privacy-protective product or setting
>                 could imply consent to send DNT:1  This agreement is
>                 currently reflected in the TPE in Section 3:
>                 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#determining.
>                  For example, I believe that Safari turns on DNT:1
>                 whenever someone engages "Private Browsing" mode,
>                 despite no specific language about Do Not Track:
>                 http://www.apple.com/safari/features.html
>
>                 However, that language/agreement may have been
>                 subsumed by more recent discussions.
>
>                 On Jun 10, 2013, at 11:15 AM, "Craig Spiezle"
>                 <craigs@otalliance.org <mailto:craigs@otalliance.org>>
>                 wrote:
>
>
>
>
>                 I apologize for possibly bringing up a closed issue,
>                 but do you see a distinction between a browser or a
>                 privacy / security enhancing product?   I agree with
>                 what is proposed by a browser, but see there might be
>                 other scenarios where the consumer is making an
>                 implied decision when acquiring a third party security
>                 / privacy add-on?.
>
>                 Conceptually let's call the product Privacy and Data
>                 Protector which by default out of the box offers
>                 "maximized protection of your data collection and
>                 privacy".   Could one argue that one who purchases
>                 such a product in effect is making an implied decision
>                 to use such functionality.  Better yet Ad-Block Plus?
>
>                 *From:*Shane Wiley [mailto:wileys@yahoo-inc.com
>                 <http://yahoo-inc.com>]
>                 *Sent:*Monday, June 10, 2013 7:17 AM
>                 *To:*Alan Chapell; Peter Swire;public-tracking@w3.org
>                 <mailto:public-tracking@w3.org>
>                 *Subject:*RE: June Draft of the DNT compliance spec
>
>                 Friendly amendment suggestion:
>
>                 "...unless they have otherwise obtained consent from
>                 the user to do so."
>
>                 - Shane
>
>                 *From:*Alan Chapell
>                 [mailto:achapell@chapellassociates.com]
>                 *Sent:*Monday, June 10, 2013 6:31 AM
>                 *To:*Peter Swire;public-tracking@w3.org
>                 <mailto:public-tracking@w3.org>
>                 *Subject:*Re: June Draft of the DNT compliance spec
>
>                 Thanks Peter. I'm still generally uncomfortable that
>                 DNT doesn't place requirements on First Parties.
>
>                 One item of particular concern that seems to have
>                 fallen off the radar is the scenario where a party
>                 collects data in a first party context and attempts to
>                 use it in a third party context when DNT is enabled. I
>                 thought there was agreement on this issue. However, I
>                 keep raising it, and it doesn't seem to make it into
>                 the drafts. Perhaps its implied in the language
>                 "... customize the content, services, and advertising
>                 in the context of the first party experience."
>                 However, it is not clear enough, IMHO.
>
>                 To address, I offer the following language to Section
>                 4 (First Party Compliance). The new language is below.
>
>                 First Parties /must not/ use data collected while a
>                 First Party when acting as a Third-Party when DNT = 1.
>
>                 Nick -- if I need to open up another issue on this,
>                 please let me know. Thanks!
>
>                 Alan
>
>                 *From:*Peter Swire <peter@peterswire.net
>                 <mailto:peter@peterswire.net>>
>                 *Date:*Monday, June 10, 2013 7:47 AM
>                 *To:*"public-tracking@w3.org
>                 <mailto:public-tracking@w3.org>"
>                 <public-tracking@w3.org <mailto:public-tracking@w3.org>>
>                 *Subject:*June Draft of the DNT compliance spec
>                 *Resent-From:*<public-tracking@w3.org
>                 <mailto:public-tracking@w3.org>>
>                 *Resent-Date:*Mon, 10 Jun 2013 11:47:58 +0000
>
>                     To the Working Group:
>
>                     Attached please find a June Draft of the
>                     compliance spec. The spec is also available at:
>
>                     http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-june.html
>
>                     This draft builds directly on the Consensus Action
>                     Summary from the Sunnyvale F2F.  Working closely
>                     with W3C staff, and based on numerous discussions
>                     with members of the WG, this June Draft is my best
>                     current estimate of a document that can be the
>                     basis for a consensus document in time for Last Call.
>
>                     The June Draft includes a number of_grammatical
>                     and stylistic edits_to various provisions of the
>                     previous working drafts.  These sorts of edits
>                     were done in hopes of adding clarity and good
>                     writing to the provisions.  In the spirit of
>                     humility, W3C staff and I recognize that members
>                     of the WG may spot substantive objections to these
>                     stylistic edits -- let us work within a
>                     constructive spirit of the working group process
>                     to examine and, where appropriate, make changes to
>                     these edits.
>
>                     The Draft also addresses the_four task
>                     areas_included in the Consensus Action Summary. 
>                     In proposing language in the June Draft, my intent
>                     and belief was to make good substantive judgments
>                     about an_overall package_that may achieve
>                     consensus, as well as item-by-item judgments about
>                     what is substantively most defensible within the
>                     context of the WG.  Clearly, the group will need
>                     to work through each piece of the text, members
>                     can suggest alternatives, and we will need to
>                     determine where and whether consensus exists.
>
>                     The June Draft contains_normative text but not
>                     non-normative text_.  In part, this reflects my
>                     view that we have the best chance to work
>                     constructively on a relatively short amount of
>                     normative text. Proposed non-normative text can be
>                     proposed for provisions in time for Last Call.  As
>                     a potentially useful alternative, W3C has various
>                     mechanisms for publishing notes or other documents
>                     that illuminate a standard.  The best time for
>                     detailed discussion of most non-normative text
>                     quite possibly will be after Last Call.
>
>                     The June Draft discusses_only items that the W3C
>                     WG can address_.  Clearly, the actions of others
>                     on these issues may be relevant to the overall
>                     outcome.  For instance, the DAA has discussed
>                     changes to its code, including on its market
>                     research and product development exceptions.  
>                     There has been discussion of a potentially useful
>                     limit on any blocking of 3d party cookies for
>                     sites that comply withDNT. There may also be new
>                     and useful technical measures that would be
>                     important to the future of advertising in a
>                     privacy-protective manner.  The text here, as
>                     indicated, addresses what would be within the
>                     compliance spec itself.
>
>                     W3C staff and I are working on further explanatory
>                     materials that will seek to clarify the changes
>                     here, and link the June Draft to the issues on the
>                     WG site.
>
>                     The regular call this Wednesday will be an
>                     opportunity for the Group to have an
>                     initialdiscussion of the June Draft.  To give
>                     everyone a chance to review this material, we will
>                     not be seeking to close compliance issues during
>                     this Wednesday's calls.
>
>                     Thank you,
>
>                     Peter
>
>                     Prof. Peter P. Swire
>
>                     C. William O'Neill Professor of Law
>
>                     Ohio State University
>
>                     240.994.4142
>
>                     www.peterswire.net <http://www.peterswire.net>
>
>                     Beginning August 2013:
>
>                     Nancy J. and Lawrence P. Huang Professor
>
>                     Law and Ethics Program
>
>                     Scheller College of Business
>
>                     Georgia Institute of Technology
>

Received on Thursday, 13 June 2013 20:53:05 UTC