Re: ISSUE-5: Consensus definition of "tracking" for the intro? from Matthias Schunter (Intel) on 2013-10-11 (public-tracking@w3.org from October 2013)

From: Matthias Schunter (Intel) <mts-std@schunter.org>
Date: Fri, 11 Oct 2013 15:33:49 +0300
To: David Singer <singer@apple.com>
Cc: Mike O'Neill <michael.oneill@baycloud.com>, John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "Roy T. Fielding" <fielding@gbiv.com>
Message-Id: <5E16CE3C-19EB-48A8-B72B-46818D3E9A15@schunter.org>
I suggest to follow this approach: non-normative explanation what we understand (on simple terms) under 'tracking'.

-- 
Sent from a phone...

Am 11.10.2013 um 03:12 schrieb David Singer <singer@apple.com>:

> I think I should look at all the definitions, find what the key points in each are, and try to see if there is something that synthesizes the best of them.
> 
> If our goal is to say "In rough terms, tracking is…" then this is easier than a formal definition which can be cited as establishing what our scope etc. is
> 
> 
> On Oct 10, 2013, at 16:17 , Mike O'Neill <michael.oneill@baycloud.com> wrote:
> 
>> Hi Roy, Matthias
>> 
>> How about we use option 4 (or a combination of options 3 & 4 with Rob’s non-normative text) for a definition of tracking and then add a derivative definition of cross-domain tracking that contains the context qualification.
>> 
>> As in:
>> 
>> Cross-domain Tracking is a type of tracking in which data is collected or retained by a party without the user being aware, i.e. by a party other than the one in control of the web page the user has explicitly linked to or visited.
>> 
>> Non-Normative Text
>> This standard is intended to give a user the capability to limit cross-domain tracking. In some jurisdictions the DNT signal could also be taken to communicate explicit consent to wider data collection but the standard does not address that.
>> 
>> The last bit is my attempt at non-normative sugar which might help make the signal more useful in the EU.
>> 
>> Mike
>> 
>> From: John Simpson [mailto:john@consumerwatchdog.org] 
>> Sent: 10 October 2013 21:32
>> To: Matthias Schunter (Intel Corporation)
>> Cc: Mike O'Neill; public-tracking@w3.org; 'Roy T. Fielding'; David Singer
>> Subject: Re: ISSUE-5: Consensus definition of "tracking" for the intro?
>> 
>> Sorry for typos:
>> that should be " xxxx his suggested non-normative text:" at end of 1st graph.
>> John
>> 
>> On Oct 10, 2013, at 1:15 PM, John Simpson <john@consumerwatchdog.org> wrote:
>> 
>> 
>> Hi Matthias,
>> 
>> I don't want to rain on your march toward consensus parade, but I have trouble with the " across multiple parties' domains or services" language. It seems to me Rob's language -- proposal 4 -- has it exactly right, particular;y when you include is suggested uninformative text:
>> 
>> "Tracking is any form of collection, retention, use and/or application of data that are, or can be, associated with a specific user, user agent, or device.
>> 
>> "non normative explanation: Tracking is not exclusively connected to unique ID cookies. Tracking includes automated real time decisions, intended to analyse or predict the personality or certain personal aspects relating to a natural person, including the analysis and prediction of the person’s health, economic situation, information on political or philosophical beliefs , performance at work, leisure, personal preferences or interests, details and patterns on behavior, detailed location or movements. Tracking is defined in a technological neutral way and includes e.g. cookie based tracking technology, active and passive fingerprinting techniques."
>> 
>> I can live with what's in the the current editors draft:
>> 
>> Tracking is the retention or use, after a network interaction is complete, of data that are, or can be, associated with a specific user, user agent, or device.
>> 
>> Regards,
>> John
>> 
>> 
>> On Oct 10, 2013, at 3:15 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:
>> 
>> 
>> Hi Mike,
>> 
>> thanks for your feedback!
>> 
>> I have two questions:
>> - Could you live with the proposed text if we decided not to change it?
>> - If not, are there specific (hopefully small) text changes that we could make to allow you to live with this proposal?
>> 
>> Personal remark: While I agree with your points, it is important to note that we aim for a text that is "good enough" and  does not need to be perfect.
>> I.e., an outcome that introduces tracking in a understandable way while covering 80% of what we mean would IMHO be good enough even if there are some corner cases that are not captured 100% accurately.
>> 
>> Regards,
>> matthias
>> On 09/10/2013 22:11, Mike O'Neill wrote:
>> 
>> I agree with David Singer that this is unclear. It seems to say retention of
>> identifiers is OK within one domain origin but that would allow them by
>> third-party frames and via redirection via other origin hosts. I know we
>> don't mean that it could be read that way. To make it clear we would then
>> have to further qualify the definition, maybe later when it is used for
>> instance in the third-party compliance section. We would have to say data
>> cannot be retained if referer(sic) headers, URL query parameters,
>> postMessage events and whatever communicate cross-domain data i.e. that the
>> identifier is somehow "attributable" to another domain/service.
>> 
>> We could make this clear in the definition by adding some non-normative text
>> like:
>> 
>> Non-normative.
>> It follows from this that data such as unique identifiers cannot be retained
>> by a third-party if they can be associated with another host domain or
>> service.
>> 
>> Anyway, in my opinion the cross-domain qualification is already adequately
>> made elsewhere and putting it here just complicates things, so we should
>> remove "across multiple parties' domains or services and"  or use Option 3
>> or 4.
>> 
>> Mike
>> 
>> 
>> -----Original Message-----
>> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
>> Sent: 09 October 2013 18:36
>> To: public-tracking@w3.org (public-tracking@w3.org)
>> Subject: ISSUE-5: Consensus definition of "tracking" for the intro?
>> 
>> Hi Team,
>> 
>> during our call, it seemed that the group was converging on a consensus for
>> this definition of tracking (option 5 by Roy):
>> 
>>         Tracking is the collection of data across multiple parties'
>> domains or services and retention of that data in a
>>         form that remains attributable to a specific user, user agent, or
>> device.
>> 
>> It is our "old" definition - corrected for grammar.
>> 
>> Questions:
>>  (a) Are there further required improvements that we need to introduce?
>>  (b) Are there participants that cannot live with this style/type of
>> definition (assuming we can provide the required final fine-tuning)?
>> 
>> Regards,
>> matthias
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
>
Received on Friday, 11 October 2013 12:34:18 UTC