W3C home > Mailing lists > Public > public-tracking@w3.org > September 2013

Re: issue-151

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Mon, 2 Sep 2013 16:34:02 +0100
To: <public-tracking@w3.org>
Message-ID: <016401cea7f1$da5c92e0$8f15b8a0$@baycloud.com>


I agree with you that the fact people are setting DNT is evidence of intent,
but for now the signal is mostly being ignored by the receiving servers. We
both want a way for users to express their agreement (or disagreement) for
tracking but it has to mean something real. We either get that through
regulatory law (not entirely successful thus far), technical enforcement by
browsers or add-ons (effective, and more evidence of intent, but blunt and
often not good for innovation), or trying for consensus. The last is what
this group is about, and the motivation for my post.





From: Peter Cranstone [mailto:peter.cranstone@3pmobile.com] 
Sent: 02 September 2013 14:57
To: Mike O'Neill; public-tracking@w3.org
Cc: 'Chris Mejia'; Rigo Wenning
Subject: Re: issue-151




Here's the current MAKET reality. There are no 3rd party programs or
browsers for that matter, that are turning on DNT by default, even Microsoft
has removed that capability. What's happening in the marketplace is that
USERS are turning on DNT in an attempt to gain some privacy. Every DNT
signal being sent is VALID because its the USER setting it.


That's what everyone keeps missing - without the NSA/PRISM/DEA events in the
market place you could have added DNT years ago and gotten ZERO (or close to
it) adoption. But USERS have now woken up to the fact that privacy is
important and ergo they're finding out how to turn on a Privacy signal.


California Governor Brown will most likely sign into law AB 370 this week.
When 78 politicians can unanimously agree on something it should send a
message - they've managed to do what nobody thought possible. And they did
so because unless we start taking our Privacy seriously then at least in the
USA there is no more 4th amendment. 


IMO you can debate Issue-151 until the cows come home - but in this case you
need to know that the cows have left the barn permanently and will never be
returning home - the only thing that trumps a voluntary standard is
regulation - and this week Do Not Track will be regulated.  


A certified API/APP is not going to stop people from turning on a Privacy
Signal - and for that you can thank (blame) the NSA & DEA.  





Peter J. Cranstone



From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Monday, September 2, 2013 2:58 AM
To: "public-tracking@w3.org" <public-tracking@w3.org>
Cc: 'Chris Mejia' <chris.mejia@iab.net>, Rigo Wenning <rigo@w3.org>
Subject: re: issue-151
Resent-From: <public-tracking@w3.org>
Resent-Date: Monday, September 2, 2013 2:58 AM


Other W3C groups are working on cross-platform standards for web apps. Web
apps need access to device interfaces for such things as telephony,
geo-location and contact lists so "certified" apps are being defined which
those that would have access to such "sensitive" APIs. A certified app is
cryptographically signed by an organisation such as an app webstore to prove
it has been vetted.


I wonder if we could leverage this approach to help solve the "valid DNT
signal" problem. If the DNT signal (general pref. as well as the
site-specific exception) could be managed by an API that was only available
to certified applications, and we could agree the parameters to decide what
institutions could make vetting decisions, maybe that would help us reach
consensus. These certified apps could be hosted or packaged, and could
reside in UAs (built-in). As it stands only packaged apps are certifiable
right now but hosted apps could have this facility also (signing the
manifest?) , and so why not simple web sites.








Received on Monday, 2 September 2013 15:34:33 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:18 UTC