Re: Revised Charter Proposal - Feedback by Oct 26

As the Working Group has not discussed or agreed upon a "hard TCS document" I don't believe we can add a specific requirement for the EFF or any other compliance standard in the TPE.  The WG had discussed adding it as a "reference" item in a footnote as one possible solution but I would recommend steering clear of attempting to define hardline or minimum requirements or we'll be rehashing the TCS from scratch again.
- Shane Shane Wiley
VP, Privacy Policy
Yahoo

      From: Mike O'Neill <michael.oneill@baycloud.com>
 To: 'Roy T. Fielding' <fielding@gbiv.com> 
Cc: 'Matthias Schunter' <mts-std@schunter.org>; public-tracking@w3.org
 Sent: Friday, October 21, 2016 1:12 PM
 Subject: RE: Revised Charter Proposal - Feedback by Oct 26
   
OK fair point (on importing TCS/legislative stuff into TPE), though we already did some of that with the definition of tracking.

I still think there needs to be a hard TCS document to define that end of the spectrum. It could be the EFF's one but maybe other folks might want to put their oar in. If anybody wants to help with that speak up.

-----Original Message-----
From: Roy T. Fielding [mailto:fielding@gbiv.com] 
Sent: 21 October 2016 19:42
To: Mike O'Neill <michael.oneill@baycloud.com>
Cc: Matthias Schunter <mts-std@schunter.org>; public-tracking@w3.org (public-tracking@w3.org) <public-tracking@w3.org>
Subject: Re: Revised Charter Proposal - Feedback by Oct 26

-1

I cannot emphasize this enough. We will not be changing TPE to be TCS-Lite
without starting the process over from scratch.  If anything, we have a path
for removing stuff from TPE to be less of a technical burden to implement.
Adding stuff is right out, and that includes adding new semantics that were
not already approved by consensus.

Everything you suggest here is trivially accomplished by minting a small URI
for baseline compliance.  That can be done without any change to TPE.
EFF already have a URI for that (and hopefully they will get smart enough to
use it instead of misleading people about their non-standard mechanisms).

Anyone with a small domain (like gbiv.com, or w3.org) can mint a small URI.
Give it a static spec to return as representation, and you're done!

....Roy


> On Oct 21, 2016, at 3:12 AM, Mike O'Neill <michael.oneill@baycloud.com> wrote:
> 
> I also agree with John and David that there should be a better description of what DNT means, and this should be in technically implementable terms.
> 
> We now have set the scene (with the "compliance" property) for a spectrum of compliance responses, from "soft" DNT using the TCS to "harder" DNT using say the EFF policy.
> 
> We could have a base particularisation built into the TPE, i.e. "hard" DNT meaning no retention of state (i.e. no UIDs)  beyond some small number of hours (I think 12 works quite well), with no fingerprinting and no regeneration of UIDs. Anything "harder" would not be much use because session state would not be persisted long enough.
> 
> Then any declared compliance documents adds alleviation to the base, such as "strictly necessary" for ePrivacy compliance or the permitted uses and 1st party relaxation for the TCS. 
> 
> Sites that wanted to show a clear response to DNT could have a TSR without the "compliance" property, meaning "hard" DNT.
> 
> -----Original Message-----
> From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org] 
> Sent: 21 October 2016 09:14
> To: public-tracking@w3.org
> Subject: Re: Revised Charter Proposal - Feedback by Oct 26
> 
> Hi Folks,
> 
> 
> I agree that - if used alone - the TPE should provide baseline
> guarantees to a user that receives "I am not tracking you" from a site.
> 
> My intuition / plan so far was to use our definition of "tracking" / "no
> tracking" as the baseline.
> If you claim you are not tracking, then this gives a user certain
> guarantees. Sites are free to choose an appropriate implementation to
> implement "not tracking".
> 
> The TCS then only provides
> (a) One proposed way to implement "not tracking"
> (b) Further permitted uses that provide additional transparency what
> kind of tracking an organisation does (if you use a permitted use, you
> will need to send a "tracking" signal).
>      {I just thought that we may benefit from a "no further tracking" 
> qualifier to, e.g., say "[I am tracking] ("T" signal), for [frequency
> capping] (permitted use), and [no forther tracking] (the new signal).}
> 
> IMHO If we get the definition of "not tracking" right, then we do not
> need to mandate a TCS.
> 
> Regards
> matthias
> 
> Am 21.10.2016 06:17, schrieb David Singer:
>>> On Oct 21, 2016, at 2:35 , John Simpson <john@consumerwatchdog.org> wrote:
>>> 
>>> Hello,
>>> 
>>> Admittedly, I’ve more or less dropped out of the W3C process, but I still get the emails.  I must say it seems very strange to me to have a standard that specifies how to send a DNT message (TPE), but to have nothing about how you’re supposed to comply when you get one (TCS).
>> agreed
>> 
>> and I am unclear what we tell users that DNT does for them if it’s “anything that anyone can write in a compliance document”.  I wonder whether we need to say that you can only use TPE if you comply with at least one compliance specification that is at least as protective as the TCS, i.e. TCS is a baseline?
>> 
>> the formal statement of that would be that TCS is required or assumed to be part of the compliance array,
>> 
>>> Regards,
>>> John
>>> 
>>>> On Oct 20, 2016, at 3:23 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:
>>>> 
>>>> Hi Folks,
>>>> 
>>>> 
>>>> enclosed is the charter V05 that has been revised based on the feedback
>>>> in our call.
>>>> 
>>>> Changes:
>>>> - I added an outline describing the current content of the TPE.
>>>> - I redefined goals and added two stretch goals. The intuition is that
>>>> we want to publish TPE in August for adoption _in any case_ (no stalling
>>>> by the chairs in 2017 ;-).
>>>> The more we can align with the EU and demonstrate benefits, the
>>>> better. But we want to publish what we have nevertheless to e.g, allow
>>>> user agents to finalize their implementation.
>>>> - I state that we put the TCS into "maintenance mode". This means that
>>>> we continue collecting feedback but that we do not plan to push TCS to
>>>> recommendation unless there are stronger signs of adoption.
>>>> 
>>>> Any further feedback is welcome. If there are no substantiated
>>>> objections, I would submit the revision to W3C for processing next
>>>> Wednesday (Oct 26)
>>>> 
>>>> 
>>>> Regards.
>>>> matthias
>>>> <Tracking Protection Working Group Charter-v05-2016-10-20.docx><Tracking Protection Working Group Charter-v05-2016-10-20-ChangeHighlighted.pdf>
>>> 
>> David Singer
>> Manager, Software Standards, Apple Inc.
>> 
>> 
> 
> 
> 
> 




   

Received on Friday, 21 October 2016 20:40:38 UTC