- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Fri, 21 Oct 2016 11:12:36 +0100
- To: "'Matthias Schunter \(Intel Corporation\)'" <mts-std@schunter.org>, <public-tracking@w3.org>
- Cc: "'John Simpson'" <john@consumerwatchdog.org>, <singer@apple.com>
I also agree with John and David that there should be a better description of what DNT means, and this should be in technically implementable terms. We now have set the scene (with the "compliance" property) for a spectrum of compliance responses, from "soft" DNT using the TCS to "harder" DNT using say the EFF policy. We could have a base particularisation built into the TPE, i.e. "hard" DNT meaning no retention of state (i.e. no UIDs) beyond some small number of hours (I think 12 works quite well), with no fingerprinting and no regeneration of UIDs. Anything "harder" would not be much use because session state would not be persisted long enough. Then any declared compliance documents adds alleviation to the base, such as "strictly necessary" for ePrivacy compliance or the permitted uses and 1st party relaxation for the TCS. Sites that wanted to show a clear response to DNT could have a TSR without the "compliance" property, meaning "hard" DNT. -----Original Message----- From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org] Sent: 21 October 2016 09:14 To: public-tracking@w3.org Subject: Re: Revised Charter Proposal - Feedback by Oct 26 Hi Folks, I agree that - if used alone - the TPE should provide baseline guarantees to a user that receives "I am not tracking you" from a site. My intuition / plan so far was to use our definition of "tracking" / "no tracking" as the baseline. If you claim you are not tracking, then this gives a user certain guarantees. Sites are free to choose an appropriate implementation to implement "not tracking". The TCS then only provides (a) One proposed way to implement "not tracking" (b) Further permitted uses that provide additional transparency what kind of tracking an organisation does (if you use a permitted use, you will need to send a "tracking" signal). {I just thought that we may benefit from a "no further tracking" qualifier to, e.g., say "[I am tracking] ("T" signal), for [frequency capping] (permitted use), and [no forther tracking] (the new signal).} IMHO If we get the definition of "not tracking" right, then we do not need to mandate a TCS. Regards matthias Am 21.10.2016 06:17, schrieb David Singer: >> On Oct 21, 2016, at 2:35 , John Simpson <john@consumerwatchdog.org> wrote: >> >> Hello, >> >> Admittedly, I’ve more or less dropped out of the W3C process, but I still get the emails. I must say it seems very strange to me to have a standard that specifies how to send a DNT message (TPE), but to have nothing about how you’re supposed to comply when you get one (TCS). > agreed > > and I am unclear what we tell users that DNT does for them if it’s “anything that anyone can write in a compliance document”. I wonder whether we need to say that you can only use TPE if you comply with at least one compliance specification that is at least as protective as the TCS, i.e. TCS is a baseline? > > the formal statement of that would be that TCS is required or assumed to be part of the compliance array, > >> Regards, >> John >> >>> On Oct 20, 2016, at 3:23 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote: >>> >>> Hi Folks, >>> >>> >>> enclosed is the charter V05 that has been revised based on the feedback >>> in our call. >>> >>> Changes: >>> - I added an outline describing the current content of the TPE. >>> - I redefined goals and added two stretch goals. The intuition is that >>> we want to publish TPE in August for adoption _in any case_ (no stalling >>> by the chairs in 2017 ;-). >>> The more we can align with the EU and demonstrate benefits, the >>> better. But we want to publish what we have nevertheless to e.g, allow >>> user agents to finalize their implementation. >>> - I state that we put the TCS into "maintenance mode". This means that >>> we continue collecting feedback but that we do not plan to push TCS to >>> recommendation unless there are stronger signs of adoption. >>> >>> Any further feedback is welcome. If there are no substantiated >>> objections, I would submit the revision to W3C for processing next >>> Wednesday (Oct 26) >>> >>> >>> Regards. >>> matthias >>> <Tracking Protection Working Group Charter-v05-2016-10-20.docx><Tracking Protection Working Group Charter-v05-2016-10-20-ChangeHighlighted.pdf> >> > David Singer > Manager, Software Standards, Apple Inc. > >
Received on Friday, 21 October 2016 10:13:43 UTC