RE: [w3c/dnt] Add more meta data in the Tracking Status Resource (#22) from Mike O'Neill on 2017-05-12 (public-tracking@w3.org from May 2017)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Fri, 12 May 2017 07:48:35 +0100
To: "'David Singer'" <singer@mac.com>, <public-tracking@w3.org>
Message-ID: <052601d2caeb$c740be40$55c23ac0$@baycloud.com>

>>From: David Singer [mailto:singer@mac.com] 
>>Sent: 11 May 2017 23:27
>>To: public-tracking@w3.org (public-tracking@w3.org) <public-tracking@w3.org>
>>Subject: Re: [w3c/dnt] Add more meta data in the Tracking Status Resource (#22)

>>Agreed. I also think that the likelihood that a UA will want to offer a finer-grained UI is very small. Let’s look at cookies: Firefox allows you to delete individual cookies, but Safari only offers ‘all for a site’ and as far as I can tell, Chrome only offers ‘all cookies and other state from all sites for the past N hours’.

Chrome allows you to remove cookies, all, all in particular domain, and individual cookies in a particular domain. Click on the "View site information" icon, click cookies, then expand the dropdown and remove. It also lets you block future cookie placement in particular domains.

As does Firefox. You set "custom settings for history" in Privacy, click the "Show Cookies" button, remove the ones you want.

Safari on Mac also: Select Privacy, press "Manage Website Data", remove individual cookies and by domain.

Many extensions also give you fine control over blocking third-parties. PrivacyBadger, Ghostery, DisconnectMe, AdblockPlus, Baycloud's Bouncer etc. 

>>I also have trouble imagining how a site would ‘feel’ if it says “look, for you to get free access I need tracking for <these advertisers> and <these audit companies>”, and you say ‘ok’ but then send DNT:0 only to the audit companies.

People change their mind for all sorts of reasons, and it's not up to sites or us to second guess that. The rights to personal autonomy and privacy are fundamental.

>>So, I am having a hard time with finer-grained exception handling on both ends — unlikely to be used at the UA, and unlikely to make sense for sites. Why do we keep exploring it?

User control. 
The arrayOfDomainStrings parameter has been in the TPE since 2012. It is easy to implement, I did it in Bouncer. The only weakness surrounding it is the allowance the TPE gives implementers not to bother with it, which creates the current conundrum (the bug in the definition of storeSiteSpecificTrackingException)

Received on Friday, 12 May 2017 06:49:41 UTC