- From: David Singer <singer@apple.com>
- Date: Fri, 01 Mar 2013 08:35:11 -0800
- To: Mike O'Neill <michael.oneill@baycloud.com>
- Cc: public-tracking@w3.org
On Mar 1, 2013, at 8:26 , Mike O'Neill <michael.oneill@baycloud.com> wrote: > David, > > Why not just call it the user granted exception request the Tracking Consent > indication i.e. the API would be storeTrackingConsent({...}; - so the > "exception" term can revert to its usual JS definition. Yes, I think that some change of terminology might make things clearer. I think I suggested in Cambridge (and maybe before) that it would be more natural to say that users give permission to track them (currently called an exception) and that DNT:1 stops tracking, except that there are exceptions for some kinds of data (currently called permitted uses), i.e. to my ear the terms are backwards… > > With the possibility of interaction between the DNT protocol and other > browser features it will be easier to describe these using the "consent" > term. For example Firefox and/or Safari could alleviate default 3p cookie > blocking (in a site specific way) if there is an indication of explicit user > consent for tracking. That's an interesting idea and one I'll discuss with people; maybe sites that comply with W3C DNT can be seen as operating in a consensual privacy-protecting mode and cookies are therefore safer. Thanks for the idea > > Mike > > > -----Original Message----- > From: Rigo Wenning [mailto:rigo@w3.org] > Sent: 28 February 2013 10:36 > To: Alexander Hanff > Cc: public-tracking@w3.org; 'John Simpson' > Subject: Re: RE: RE: ISSUE-10 First party definition, ISSUE-60, ACTION-? > > Alexander, > > On Wednesday 27 February 2013 22:23:06 Alexander Hanff wrote: >> As I have stated multiple times now, it is not acceptable to simply >> redefine 3rd party tracking widgets to first party for the purpose of >> putting them out of scope of the DNT compliance policy. TPWG has no >> right whatsoever to presume to know what consumers intend to consent >> to when they interact with a widget. > > The TPWG does not presume. The TPWG does not carry rights. You're on a > complete wrong angle here, if you want to contribute. > > I hear your concern about widgets littered all over the place replacing > tracking 1x1 pixel graphics (web beacons). But those widgets are 1/ not > hidden 2/ there to interact with > > As long as they are passive, the Specification clearly states that if the > widgets are served from the widget's owner's site, they are third party > content. (or if they phone home in any way). > > If the user clicks on them (the Spec clearly says onmouseover is not > sufficient), this is like clicking on a link. Saying that clicking on a link > or a widget on the web you'll expect that it won't bring you somewhere else > is not matching what this technology has been doing since its inception. >> >> In the absence of that knowledge they must assume that the intended >> purpose of the user is to do nothing more than use the widget, not >> that using the widget is consent to being tracked (a peripheral >> purpose of the widget not immediately apparent to the user). > > Oh, what you're saying is that DNT should apply also to first parties. > This is certainly true for the European (regulated) market. The US folks > don't dare going there. So the TPE and the TCS only have very limited > restrictions on first parties. This is certainly not what I would call a > circumvention. It is just the fact that the Group has chosen to exclude > first party tracking so far. Many advocates have trouble with that, but > settled so far by saying: "If we address cross site tracking and find a > solution, that's a good step forward". I hear "not good enough" and I'm > tempted to respond "never good enough, but let's make a first step". >> >> To my knowledge there has been no research by the TPWG to support this >> decision, it is quite simply arbitrary and completely offensive. > > This feeling of offense comes from the misunderstanding that the Group would > also address first party tracking. This is not the case. There will be some > remarks in the global considerations document. >> >> If I click on a like button I am clicking on a button to say I like an >> article, I am not saying "Hey Facebook, use this web site in my >> behavioural profile even though I have DNT set!" - what this group is >> suggesting with the redefinition is a complete mockery of the concept >> of DNT and furthermore shows utter contempt for the choices of the >> users it will impact. > > You're clicking on a link! I click on a button and by some magic, all sites > are federated in a way that they use telepathy to collect information how > many times a document is liked? Seriously, this works because there is a > service counting the clicks. And this is typically not the first party > (content) as often, the same content is on many sites. So please tone down a > bit so that we can understand your concerns. Utter complete complaints don't > do the trick. > > BTW, one of the main reasons to do DNT for the industry is to preserve the > efficiency by such third party services that can service functionality on > demand in a Web 2.0 scenario. If everything comes from the same site, we are > back in HTML 1.0. Charging things from third parties started as early as > HTML 2.0 and Netscape allowing for images with arbitrary URI to be > displayed. > > --Rigo > > David Singer Multimedia and Software Standards, Apple Inc.
Received on Friday, 1 March 2013 16:35:43 UTC