RE: Moving "C"onsent from Tracking Status to Permitted Use?

From: Ronan Heffernan []
Sent: Friday, March 29, 2013 7:01 AM
To: Mike O'Neill
Cc: Tracking Protection Working Group WG
Subject: Re: Moving "C"onsent from Tracking Status to Permitted Use?

Most users *never* visit our website directly (a common problem), and when they arrive, if they are able to refuse an in-band exception, despite having granted an out-of-band exception, then we must be able to rely on the out-of-band exception.  We will also not be able to even query the exception API, for a large portion of our hits, since JS will not be allowed by the publishers.  That entire mechanism is basically useless for us.  If it works for some sites, that's great; but I am fairly certain that we will have to rely on out-of-band exceptions.
BTW, unless the spec is going to mandate a common per-machine repository for exceptions, you will have a problem of different User Agents on a machine having different sets of granted exceptions. It is not really "one visit" to set the exception(s); it is at least one visit per UA profile.

<bryan> Exactly the point I have been making for some time, that the whole UA/UI-based approach to tracking preference management will not scale, when on my smartphone I may have three different Web browsers installed, and a dozen or more hybrid Web apps (which to me are indistinguishable from native apps); as well as several other devices: laptops, desktops, tablets, web-enabled TVs/bluray/car/appliances etc etc. And multiple users of many of those devices, who all will need to be served equivalently under a common preferences UI unless it considers persona. The exceptions API will be useful so that the UA can be aligned with an overall OOB system of preferences management, but an OOB system is what's fundamentally needed so that the privacy UX will scale and be personalizable. I have recommended that the Sysapps WG consider a system-wide API for privacy preferences management [1] and will be pursuing that under Sysapps as part of its second phase charter deliverables. I think that's really the only practical, scalable approach to managing preferences on a device-wide basis, but even so users will need something with a broader scope that can help manage preferences across the many devices they use.


Received on Friday, 29 March 2013 14:45:22 UTC