Re: ISSUE-5: Consensus definition of "tracking" for the intro? from Matthias Schunter (Intel Corporation) on 2013-10-10 (public-tracking@w3.org from October 2013)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Thu, 10 Oct 2013 12:15:03 +0200
To: Mike O'Neill <michael.oneill@baycloud.com>
CC: public-tracking@w3.org, "'Roy T. Fielding'" <fielding@gbiv.com>, David Singer <singer@apple.com>
Message-ID: <52567E27.5080607@schunter.org>

Hi Mike,

thanks for your feedback!

I have two questions:
- Could you live with the proposed text if we decided not to change it?
- If not, are there specific (hopefully small) text changes that we 
could make to allow you to live with this proposal?

Personal remark: While I agree with your points, it is important to note 
that we aim for a text that is "good enough" and  does not need to be 
perfect.
I.e., an outcome that introduces tracking in a understandable way while 
covering 80% of what we mean would IMHO be good enough even if there are 
some corner cases that are not captured 100% accurately.

Regards,
matthias
On 09/10/2013 22:11, Mike O'Neill wrote:
> I agree with David Singer that this is unclear. It seems to say retention of
> identifiers is OK within one domain origin but that would allow them by
> third-party frames and via redirection via other origin hosts. I know we
> don't mean that it could be read that way. To make it clear we would then
> have to further qualify the definition, maybe later when it is used for
> instance in the third-party compliance section. We would have to say data
> cannot be retained if referer(sic) headers, URL query parameters,
> postMessage events and whatever communicate cross-domain data i.e. that the
> identifier is somehow "attributable" to another domain/service.
>
> We could make this clear in the definition by adding some non-normative text
> like:
>
> Non-normative.
> It follows from this that data such as unique identifiers cannot be retained
> by a third-party if they can be associated with another host domain or
> service.
>
> Anyway, in my opinion the cross-domain qualification is already adequately
> made elsewhere and putting it here just complicates things, so we should
> remove "across multiple parties' domains or services and"  or use Option 3
> or 4.
>
> Mike
>
>
> -----Original Message-----
> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
> Sent: 09 October 2013 18:36
> To: public-tracking@w3.org (public-tracking@w3.org)
> Subject: ISSUE-5: Consensus definition of "tracking" for the intro?
>
> Hi Team,
>
> during our call, it seemed that the group was converging on a consensus for
> this definition of tracking (option 5 by Roy):
>
>           Tracking is the collection of data across multiple parties'
> domains or services and retention of that data in a
>           form that remains attributable to a specific user, user agent, or
> device.
>
> It is our "old" definition - corrected for grammar.
>
> Questions:
>    (a) Are there further required improvements that we need to introduce?
>    (b) Are there participants that cannot live with this style/type of
> definition (assuming we can provide the required final fine-tuning)?
>
> Regards,
> matthias
>
>

Received on Thursday, 10 October 2013 19:20:49 UTC