Re: ISSUE-10 First party definition, ISSUE-60, ACTION-?

On Mar 1, 2013, at 8:26 , Mike O'Neill <> wrote:

> David,
> Why not just call it the user granted exception request the Tracking Consent
> indication i.e. the API would be storeTrackingConsent({...}; - so the
> "exception" term can revert to its usual JS definition. 

Yes, I think that some change of terminology might make things clearer.  I think I suggested in Cambridge (and maybe before) that it would be more natural to say that users give permission to track them (currently called an exception) and that DNT:1 stops tracking, except that there are exceptions for some kinds of data (currently called permitted uses), i.e. to my ear the terms are backwards…

> With the possibility of interaction between the DNT protocol and other
> browser features it will be easier to describe these using the "consent"
> term. For example Firefox and/or Safari could alleviate default 3p cookie
> blocking (in a site specific way) if there is an indication of explicit user
> consent for tracking. 

That's an interesting idea and one I'll discuss with people; maybe sites that comply with W3C DNT can be seen as operating in a consensual privacy-protecting mode and cookies are therefore safer.

Thanks for the idea

> Mike
> -----Original Message-----
> From: Rigo Wenning [] 
> Sent: 28 February 2013 10:36
> To: Alexander Hanff
> Cc:; 'John Simpson'
> Subject: Re: RE: RE: ISSUE-10 First party definition, ISSUE-60, ACTION-?
> Alexander, 
> On Wednesday 27 February 2013 22:23:06 Alexander Hanff wrote:
>> As I have stated multiple times now, it is not acceptable to simply 
>> redefine 3rd party tracking widgets to first party for the purpose of 
>> putting them out of scope of the DNT compliance policy.  TPWG has no 
>> right whatsoever to presume to know what consumers intend to consent 
>> to when they interact with a widget.
> The TPWG does not presume. The TPWG does not carry rights. You're on a
> complete wrong angle here, if you want to contribute. 
> I hear your concern about widgets littered all over the place replacing
> tracking 1x1 pixel graphics (web beacons). But those widgets are 1/ not
> hidden 2/ there to interact with
> As long as they are passive, the Specification clearly states that if the
> widgets are served from the widget's owner's site, they are third party
> content. (or if they phone home in any way). 
> If the user clicks on them (the Spec clearly says onmouseover is not
> sufficient), this is like clicking on a link. Saying that clicking on a link
> or a widget on the web you'll expect that it won't bring you somewhere else
> is not matching what this technology has been doing since its inception.
>> In the absence of that knowledge they must assume that the intended 
>> purpose of the user is to do nothing more than use the widget, not 
>> that using the widget is consent to being tracked (a peripheral 
>> purpose of the widget not immediately apparent to the user).
> Oh, what you're saying is that DNT should apply also to first parties. 
> This is certainly true for the European (regulated) market. The US folks
> don't dare going there. So the TPE and the TCS only have very limited
> restrictions on first parties. This is certainly not what I would call a
> circumvention. It is just the fact that the Group has chosen to exclude
> first party tracking so far. Many advocates have trouble with that, but
> settled so far by saying: "If we address cross site tracking and find a
> solution, that's a good step forward". I hear "not good enough" and I'm
> tempted to respond "never good enough, but let's make a first step". 
>> To my knowledge there has been no research by the TPWG to support this 
>> decision, it is quite simply arbitrary and completely offensive.
> This feeling of offense comes from the misunderstanding that the Group would
> also address first party tracking. This is not the case. There will be some
> remarks in the global considerations document. 
>> If I click on a like button I am clicking on a button to say I like an 
>> article, I am not saying "Hey Facebook, use this web site in my 
>> behavioural profile even though I have DNT set!" - what this group is 
>> suggesting with the redefinition is a complete mockery of the concept 
>> of DNT and furthermore shows utter contempt for the choices of the 
>> users it will impact.
> You're clicking on a link! I click on a button and by some magic, all sites
> are federated in a way that they use telepathy to collect information how
> many times a document is liked? Seriously, this works because there is a
> service counting the clicks. And this is typically not the first party
> (content) as often, the same content is on many sites. So please tone down a
> bit so that we can understand your concerns. Utter complete complaints don't
> do the trick.
> BTW, one of the main reasons to do DNT for the industry is to preserve the
> efficiency by such third party services that can service functionality on
> demand in a Web 2.0 scenario. If everything comes from the same site, we are
> back in HTML 1.0. Charging things from third parties started as early as
> HTML 2.0 and Netscape allowing for images with arbitrary URI to be
> displayed.
> --Rigo

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Friday, 1 March 2013 16:35:43 UTC