Re: ISSUE-5: Consensus definition of "tracking" for the intro?

On 11/10/2013 02:39, Roy T. Fielding wrote:
> Ah, now I can critique two definitions in one response ...

Maybe we can also realise that given the exemption for 1st parties, Rob
and John's position is less inane than you may realise.

Having said that, I don't think anyone is advocating a full stop
prohibition of any usage statistics under DNT:1. The reason I like your
last definition most is because of its conciseness, not because it is

Just thinking out loud (and possibly shoddy, so bear with me) here:
since this is very intimately related to the notion of 1st and 3rd
party, as well as what my understanding is of what David Wainberg means
by context, we might as well have a definition of context here:

A context is the set of network interactions that arise during or upon a
user agent's request of an URL, including any network interactions that
subsequently arise without any intentional action by the user agent's user.

A party is any natural person, legal entity or groups thereof that can
be, either jointly and severally or by one person or entity taking
responsibility for all other persons or entities, considered liable for
having network interactions with the user agent in a given context
outside any contractual exonerations of such liability.

If a context is provided by multiple parties, they are considered to be
either first or third parties. A party is a first party in a given
context if a user can be reasonably expected to be aware of the network
interactions with that party or if the context arises from an
intentional interaction by the user with the party in a preceding
context in which it was a third party. Such awareness must not be
expected on the basis of brief or otherwise peripheral messages in the
UA's UI.

A party's status may be elevated from third to first party through the

Tracking is any form of collection, retention, use and/or application of
data that are, or can be, associated with a specific user, user agent,
or device by any third-party in a given context.

A third party that claims to be honouring a DNT:1 expression by the UA
must not track, unless the tracking meets the requirements for  the
permitted uses or in case it has obtained consent for that context from
the user through the UGE mechanism.

If the above makes any sense, we're fixing a bunch of issues in one go:

- I think this meets David Wainberg's wishes not to tie the party
definition to notions of ownership or control;
- I hope this will find merit in David Singer's eyes given is previous
criticism for the use of terms like 'domains';
- It also implies context separation quite a few of us like to see
between first and third party contexts;
- It allows for data gathering by first parties.
- Each concept in the list above can be tested to a large extent by all
involved. Some of it from a technical perspective, some from a legal
perspective and some from a psychological perspective.



Received on Friday, 11 October 2013 10:18:47 UTC