Re: [w3ctag/design-reviews] Early design review for the Topics API (Issue #726) from Peter Linss on 2023-06-29 (public-webapps-github@w3.org from June 2023)

From: Peter Linss <notifications@github.com>
Date: Thu, 29 Jun 2023 00:00:25 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/726/1612522047@github.com>
The following comment has come out of TAG discussions this week:
  
First of all, thanks to @martinthomson for those pointers to two relevant papers. 
  
We've continued to discuss this API across several calls this week. @cynthia also demonstrated the current implementation.
  
We remain concerned about the points recently raised about interop. Especially given the lack of multi-stakeholder buy-in for this API, how can we really protect against a future where advertising based sites tell users they must switch to a browser that implements Topics? @michaelkleber you've said "Any UA that wants to pass feature detection but not give out information could implement the API to return an empty set of topics every time" however that still implies other UAs would be required to implement the API (at least minimally) when they might not otherwise do so, in order to mitigate privacy harms for their users - so there is a risk here.
  
We remain concerned about the ability of users to give meaningful consent for their interests to be calculated and tracked from their browsing activity. The spec says:
  
>  suggestion that user agents provide UX to give users choice in which Topics are returned
  
and refers to a "user preference setting" in several places.

We have inferred from this that users are able to disable particular topics in the settings, or the API as a whole, but we don't think that either of these potential configuration options are good enough to protect against potential privacy harms, particularly for marginalised groups. A person's status as vulnerable, at-risk, or marginalised can change over time, and this isn't something most people are necessarily aware of or paying attention to in their day-to-day web use, and nor is it reasonable to expect people to regularly review their browser settings with this in mind. Thus, "opt out of individual topics" is not sufficient to offer meaningful consent to being tracked in this way. Further, from what we have seen of the API as implemented so far, there are no user preference settings relating to specific individual topics. We raised this in our initial review, and don't feel it has yet been considered with the depth warranted.
  
This issue intersects with others, for example, as [pointed out in the Webkit review](https://github.com/WebKit/standards-positions/issues/111#issuecomment-1359609317) that the topics list represents a western cultural context, and that the mechanism for sites being classified according to these categories is unclear. We [understand from the spec](https://patcg-individual-drafts.github.io/topics/#determine-topics-calculation-input-data-header) that site classification is automated, based on the domain, but the mechanism for doing this remains opaque, and it is not clear there is any recourse for sites which are misclassified.
  
We saw in the current implementation that sites in a user's browsing history which do not call the Topics API were being classified under particular topics. We had been led to believe that sites _opt-in_ to being classified by calling the API ("Sites opt in via using the API. If the API is not used, the site will not be included." in the initial review request), but perhaps we misunderstood, or this has changed. The [spec refers to "site opt outs"](https://patcg-individual-drafts.github.io/topics/#privacy-considerations-header), although we weren't able to find how they do this in the spec (please could you point us to the right place if we missed it?). 
  
Questions:

* Do you have a response to the points raised in [Webkit's review](https://github.com/WebKit/standards-positions/issues/111#issuecomment-1359609317)?
* Do you have any analysis or response to the papers that Martin pointed to?
* Please could you elaborate if it is in fact the case that all sites browsed by a user are included by default as input data for generating a user's topics list?
  * If this is the case, what recourse is there for sites which are misclassified?
* Can you clarify the situation with regard to definition of user preference / opt out?
* Have you considered dropping the part where topics are calculated from browsing history, and instead entirely configured by the user in their browser settings? This would be much closer to people being able to meaningfully opt in to targeted advertising, and would make several of the other concerns raised moot.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/726#issuecomment-1612522047
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/726/1612522047@github.com>
Received on Thursday, 29 June 2023 07:00:31 UTC