- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 26 Jun 2014 04:31:36 -0700
- To: Walter van Holst <walter.van.holst@xs4all.nl>
- Cc: W3C DNT Working Group Mailing List <public-tracking@w3.org>
On Jun 26, 2014, at 12:08 AM, Walter van Holst wrote: > On 2014-06-26 03:05, Chris Pedigo wrote: >> Thank you Walter for pointing out that consumers are not surprised by >> tracking within a 1st party context. > > That is not what I wrote, Chris. I wrote that it is a different problem than the problem this group intends to address. > > For the record: this group chose long before I joined to give 1st parties a blanket exemption. No, we did not. Claiming we chose such a thing when it obviously isn't true is not helpful. The original intention of DNT was to apply only to subrequests to third parties, as stated in the drafts at the IETF long before this working group was chartered. After changing that to send the signal on all requests, in order to inform all parties of the user's preference, it follows that we will have to make corresponding decisions regarding how DNT will be interpreted by first parties. If we redefined DNT to turn off data collection by first parties in the same way that it does to third parties, then a user with DNT:1 would have to provide an exception or consent to almost every site they intentionally used on the Internet. There is abundant evidence that such a design doesn't work well for anyone, least of all the users, and does not solve an identifiable privacy problem. So, we identified the privacy problem we are trying to address (tracking of a user's activity across multiple contexts) and are currently trying to decide what requirements on first parties are necessary in order to satisfy DNT:1. We have not given a blanket exemption on tracking by first parties. Remembering a user from one visit to the next is not tracking. Data collection is not synonymous with tracking. > While I think that is overly broad, I also think that the nature and impact of tracking within a single context is by and large of a different order of magnitude than that of tracking across different contexts. The ability to achieve something on the latter problem justifies putting 1st party tracking on a back burner *provided* that there aren't loopholes for 3rd parties that also happen to be 1st parties at times. I think we should focus on what we have actually decided and (not yet) written in the drafts, rather than assume one extreme opinion or another based on vague memories of email conversations long ago. ....Roy
Received on Thursday, 26 June 2014 11:31:59 UTC