Re: ISSUE-5: Consensus definition of "tracking" for the intro? from John Simpson on 2013-10-10 (public-tracking@w3.org from October 2013)

From: John Simpson <john@consumerwatchdog.org>
Date: Thu, 10 Oct 2013 13:15:20 -0700
To: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, public-tracking@w3.org, "'Roy T. Fielding'" <fielding@gbiv.com>, David Singer <singer@apple.com>
Message-Id: <00944F72-7D45-432A-857F-0146F4FC60D2@consumerwatchdog.org>

Hi Matthias,

I don't want to rain on your march toward consensus parade, but I have trouble with the " across multiple parties' domains or services" language. It seems to me Rob's language -- proposal 4 -- has it exactly right, particular;y when you include is suggested uninformative text:

"Tracking is any form of collection, retention, use and/or application of data that are, or can be, associated with a specific user, user agent, or device.

"non normative explanation: Tracking is not exclusively connected to unique ID cookies. Tracking includes automated real time decisions, intended to analyse or predict the personality or certain personal aspects relating to a natural person, including the analysis and prediction of the person’s health, economic situation, information on political or philosophical beliefs , performance at work, leisure, personal preferences or interests, details and patterns on behavior, detailed location or movements. Tracking is defined in a technological neutral way and includes e.g. cookie based tracking technology, active and passive fingerprinting techniques."

I can live with what's in the the current editors draft:

Tracking is the retention or use, after a network interaction is complete, of data that are, or can be, associated with a specific user, user agent, or device.

Regards,
John

On Oct 10, 2013, at 3:15 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:

> Hi Mike,
> 
> thanks for your feedback!
> 
> I have two questions:
> - Could you live with the proposed text if we decided not to change it?
> - If not, are there specific (hopefully small) text changes that we could make to allow you to live with this proposal?
> 
> Personal remark: While I agree with your points, it is important to note that we aim for a text that is "good enough" and  does not need to be perfect.
> I.e., an outcome that introduces tracking in a understandable way while covering 80% of what we mean would IMHO be good enough even if there are some corner cases that are not captured 100% accurately.
> 
> Regards,
> matthias
> On 09/10/2013 22:11, Mike O'Neill wrote:
>> I agree with David Singer that this is unclear. It seems to say retention of
>> identifiers is OK within one domain origin but that would allow them by
>> third-party frames and via redirection via other origin hosts. I know we
>> don't mean that it could be read that way. To make it clear we would then
>> have to further qualify the definition, maybe later when it is used for
>> instance in the third-party compliance section. We would have to say data
>> cannot be retained if referer(sic) headers, URL query parameters,
>> postMessage events and whatever communicate cross-domain data i.e. that the
>> identifier is somehow "attributable" to another domain/service.
>> 
>> We could make this clear in the definition by adding some non-normative text
>> like:
>> 
>> Non-normative.
>> It follows from this that data such as unique identifiers cannot be retained
>> by a third-party if they can be associated with another host domain or
>> service.
>> 
>> Anyway, in my opinion the cross-domain qualification is already adequately
>> made elsewhere and putting it here just complicates things, so we should
>> remove "across multiple parties' domains or services and"  or use Option 3
>> or 4.
>> 
>> Mike
>> 
>> 
>> -----Original Message-----
>> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
>> Sent: 09 October 2013 18:36
>> To: public-tracking@w3.org (public-tracking@w3.org)
>> Subject: ISSUE-5: Consensus definition of "tracking" for the intro?
>> 
>> Hi Team,
>> 
>> during our call, it seemed that the group was converging on a consensus for
>> this definition of tracking (option 5 by Roy):
>> 
>>          Tracking is the collection of data across multiple parties'
>> domains or services and retention of that data in a
>>          form that remains attributable to a specific user, user agent, or
>> device.
>> 
>> It is our "old" definition - corrected for grammar.
>> 
>> Questions:
>>   (a) Are there further required improvements that we need to introduce?
>>   (b) Are there participants that cannot live with this style/type of
>> definition (assuming we can provide the required final fine-tuning)?
>> 
>> Regards,
>> matthias
>> 
>> 
>

Received on Thursday, 10 October 2013 20:16:11 UTC