Re: Goals and Procedures from David Singer on 2017-02-08 (public-tracking@w3.org from February 2017)

From: David Singer <singer@apple.com>
Date: Wed, 08 Feb 2017 09:49:37 -0800
To: Mike O'Neill <michael.oneill@baycloud.com>
Cc: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, public-tracking@w3.org
Message-id: <41E1BD22-0FAF-4C8C-A680-619E9CD99272@apple.com>

> On Feb 8, 2017, at 2:22 , Mike O'Neill <michael.oneill@baycloud.com> wrote:
> 
>>> The problem arises when widget.com receives DNT:0. Because it cannot tell
>>> the difference between site-specific and web-wide consent it could place a UID
>>> cookie (or use one already there). This means if the user goes to another site
>>> which refers  to widget.com the user identifying UID is sent in the request to it,
>>> even though DNT will be 1 in this case.
>>> 
>> That is NOT a problem. widget.com can know in a myriad ways who the user is.
>> But if it gets a DNT:1 and promises to respect it, it can’t *record* data about
>> that transaction. It *can* act on data it was allowed to record.
> 
> Yes, but that relies completely on trusting the third-party, and users may not be prepared to do that.

The entire premise of DNT is trust. The user is asking the servers not to record data in a database that under ideal circumstances they never see.

> 
> The laws in Europe mean that user agreement is necessary. After May 2018 consent will be the only feasible option.

That’s changing the subject, but anyway, the user *has* given consent to be tracked in the transaction where DNT:0 was sent.

> 
> For users to agree, they have to trust the company. If they see a UID tracking them across the web when they only gave site-specific consent it may be harder to get them give it again. IMO it will be a lot harder to get them to agree to unqualified web-wide tracking.
> 
> The user identifier either has to be a first-party cookie communicated cross-domain, users have to trust sites to be blind to a third-party UID, or the browser supplies it using something like my proposal.
> 
> If it has to be done with first-party cookies consent has also to be communicable to and from the first-party, because the user could give or revoke site-specific consent in the browser or on the site - i.e. there has to be a transparent channel with the browser. Also, there needs to be a transparent channel between the first-party and its third-parties (too open-ended without it - recognised in the API principles at 7.2). We can address both of these by adding functionality to the API, e.g. to the confirm calls, as Shane and Aleecia suggested.
> 
> The fall-back has to be for the third-party with DNT:1 to be blind to any UID, as you say, but it should be possible to improve on that.

Once we assume a lack of trust, the entire DNT house of cards falls down.

> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 

David Singer
Manager, Software Standards, Apple Inc.

Received on Wednesday, 8 February 2017 17:50:18 UTC