W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

Re: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current]

From: Walter van Holst <walter.van.holst@xs4all.nl>
Date: Fri, 04 Oct 2013 09:39:15 +0200
Message-ID: <524E70A3.8020709@xs4all.nl>
To: "public-tracking@w3.org WG" <public-tracking@w3.org>
On 03/10/2013 21:16, David Wainberg wrote:
> Mike,
> On 2013-10-03 7:20 AM, Mike O'Neill wrote:
>> If a user sees personalisation when they have explicitly requested not
>> to be tracked they will assume their wishes are being ignored, and
>> this will damage the credibility of Do Not Track.
> I disagree. I realize it will be a challenge to get right, but since
> users will be educated about what DNT does or does not do before they
> make the choice to turn it on, they'll understand that any post-DNT:1
> personalization they're seeing is being done in accordance with the DNT
> rules, and so with limited data retention. In fact, users could come to
> understand it as a great benefit: they get the personalization, but
> without their browsing history being accumulated and retained.

I rather doubt if that nuance will be caught by users who tend not to
have an overly sophisticated mental model of how web browsing works. As
Mike already said: customisation can to a certain extent be achieved
through low-entropy cookies. Which may not always be easy to get right
either, but is something that is objectively achievable.

Trust is a precious thing and things have to change in order to stop the
trust in the web being eroded by short term interests. This standard
must be transparent and understandable to the average user.

To give a few examples:

- Facebook can easily change its like buttons based on a low-entropy
cookie that indicates that a user is still logged in.

- Facebook can also set a low-entropy cookie qualifying a user in a
certain market segment or with a certain interest ("likes to travel")
which would be helpful in its 3rd party context for customisation, but
not for tracking.

The latter may already be dodgy from a user trust perspective and need a
lot of education. What you are proposing will be frankly impossible to
sell to users.

Also, I do distinctly recall you objecting to a free flow of data
between 1st and 3rd party contexts on anti-competition grounds during
the Amsterdam F2F.


Received on Friday, 4 October 2013 07:39:43 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC