W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

Re: ISSUE-5: Consensus definition of "tracking" for the intro?

From: David Singer <singer@apple.com>
Date: Thu, 10 Oct 2013 17:12:29 -0700
Cc: 'John Simpson' <john@consumerwatchdog.org>, "'Matthias Schunter (Intel Corporation)'" <mts-std@schunter.org>, public-tracking@w3.org, "'Roy T. Fielding'" <fielding@gbiv.com>
Message-id: <9DB2EB5F-F80F-45D0-AF21-DD43F0CF3955@apple.com>
To: Mike O'Neill <michael.oneill@baycloud.com>
I think I should look at all the definitions, find what the key points in each are, and try to see if there is something that synthesizes the best of them.

If our goal is to say "In rough terms, tracking isÖ" then this is easier than a formal definition which can be cited as establishing what our scope etc. is


On Oct 10, 2013, at 16:17 , Mike O'Neill <michael.oneill@baycloud.com> wrote:

> Hi Roy, Matthias
>  
> How about we use option 4 (or a combination of options 3 & 4 with Robís non-normative text) for a definition of tracking and then add a derivative definition of cross-domain tracking that contains the context qualification.
>  
> As in:
>  
> Cross-domain Tracking is a type of tracking in which data is collected or retained by a party without the user being aware, i.e. by a party other than the one in control of the web page the user has explicitly linked to or visited.
>  
> Non-Normative Text
> This standard is intended to give a user the capability to limit cross-domain tracking. In some jurisdictions the DNT signal could also be taken to communicate explicit consent to wider data collection but the standard does not address that.
>  
> The last bit is my attempt at non-normative sugar which might help make the signal more useful in the EU.
>  
> Mike
>  
> From: John Simpson [mailto:john@consumerwatchdog.org] 
> Sent: 10 October 2013 21:32
> To: Matthias Schunter (Intel Corporation)
> Cc: Mike O'Neill; public-tracking@w3.org; 'Roy T. Fielding'; David Singer
> Subject: Re: ISSUE-5: Consensus definition of "tracking" for the intro?
>  
> Sorry for typos:
> that should be " xxxx his suggested non-normative text:" at end of 1st graph.
> John
>  
> On Oct 10, 2013, at 1:15 PM, John Simpson <john@consumerwatchdog.org> wrote:
> 
> 
> Hi Matthias,
>  
> I don't want to rain on your march toward consensus parade, but I have trouble with the " across multiple parties' domains or services" language. It seems to me Rob's language -- proposal 4 -- has it exactly right, particular;y when you include is suggested uninformative text:
>  
> "Tracking is any form of collection, retention, use and/or application of data that are, or can be, associated with a specific user, user agent, or device.
> 
> "non normative explanation: Tracking is not exclusively connected to unique ID cookies. Tracking includes automated real time decisions, intended to analyse or predict the personality or certain personal aspects relating to a natural person, including the analysis and prediction of the personís health, economic situation, information on political or philosophical beliefs , performance at work, leisure, personal preferences or interests, details and patterns on behavior, detailed location or movements. Tracking is defined in a technological neutral way and includes e.g. cookie based tracking technology, active and passive fingerprinting techniques."
> 
> I can live with what's in the the current editors draft:
>  
> Tracking is the retention or use, after a network interaction is complete, of data that are, or can be, associated with a specific user, user agent, or device.
>  
> Regards,
> John
>  
>  
> On Oct 10, 2013, at 3:15 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:
> 
> 
> Hi Mike,
> 
> thanks for your feedback!
> 
> I have two questions:
> - Could you live with the proposed text if we decided not to change it?
> - If not, are there specific (hopefully small) text changes that we could make to allow you to live with this proposal?
> 
> Personal remark: While I agree with your points, it is important to note that we aim for a text that is "good enough" and  does not need to be perfect.
> I.e., an outcome that introduces tracking in a understandable way while covering 80% of what we mean would IMHO be good enough even if there are some corner cases that are not captured 100% accurately.
> 
> Regards,
> matthias
> On 09/10/2013 22:11, Mike O'Neill wrote:
> 
> I agree with David Singer that this is unclear. It seems to say retention of
> identifiers is OK within one domain origin but that would allow them by
> third-party frames and via redirection via other origin hosts. I know we
> don't mean that it could be read that way. To make it clear we would then
> have to further qualify the definition, maybe later when it is used for
> instance in the third-party compliance section. We would have to say data
> cannot be retained if referer(sic) headers, URL query parameters,
> postMessage events and whatever communicate cross-domain data i.e. that the
> identifier is somehow "attributable" to another domain/service.
> 
> We could make this clear in the definition by adding some non-normative text
> like:
> 
> Non-normative.
> It follows from this that data such as unique identifiers cannot be retained
> by a third-party if they can be associated with another host domain or
> service.
> 
> Anyway, in my opinion the cross-domain qualification is already adequately
> made elsewhere and putting it here just complicates things, so we should
> remove "across multiple parties' domains or services and"  or use Option 3
> or 4.
> 
> Mike
> 
> 
> -----Original Message-----
> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
> Sent: 09 October 2013 18:36
> To: public-tracking@w3.org (public-tracking@w3.org)
> Subject: ISSUE-5: Consensus definition of "tracking" for the intro?
> 
> Hi Team,
> 
> during our call, it seemed that the group was converging on a consensus for
> this definition of tracking (option 5 by Roy):
> 
>          Tracking is the collection of data across multiple parties'
> domains or services and retention of that data in a
>          form that remains attributable to a specific user, user agent, or
> device.
> 
> It is our "old" definition - corrected for grammar.
> 
> Questions:
>   (a) Are there further required improvements that we need to introduce?
>   (b) Are there participants that cannot live with this style/type of
> definition (assuming we can provide the required final fine-tuning)?
> 
> Regards,
> matthias
> 
> 
>  
>  

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Friday, 11 October 2013 00:12:59 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC