- From: Dan Brickley <danbri@danbri.org>
- Date: Wed, 2 Mar 2011 10:34:31 +0000
- To: Semantic Web <semantic-web@w3.org>
- Cc: lorrie@cs.cmu.edu
...fwd'd from a nearby list, http://lists.w3.org/Archives/Public/public-privacy/2011JanMar/ http://www.ftc.gov/os/comments/privacyreportframework/00453-58003.pdf Excerpt, "With growing recognition that website privacy policies are failing consumers, numerous suggestions are emerging for technical mechanisms that would provide privacy notices in machine-readable form, allowing web browsers, mobile devices, and other tools to act on them automatically and distill them into simple icons for end users. Other proposals are focused on allowing users to signal to websites, through their web browsers, that they do not wish to be tracked. These proposals may at first seem like fresh ideas that allow us to move beyond impenetrable privacy policies as the primary mechanisms of notice and choice. Facilitating transparency and control through easily recognizable symbols and privacy controls that need be set only once are laudable goals. However, in many ways, the conversations around these new proposals are reminiscent of those that took place 15 years ago that led to the development of the Platform for Privacy Preferences (P3P) standard and several privacy seal programs" Must-read for anyone with an interest in P3P or similar mechanisms. Some analogies there with PICS adoption too I think... cheers, Dan ---------- Forwarded message ---------- From: Lorrie Faith Cranor <lorrie@cs.cmu.edu> Date: 2 March 2011 01:32 Subject: Re: Privacy Icon Study To: public-privacy@w3.org Cc: Mark Lizar <info@smartspecies.com>, jeanpierre.lerouzic@orange-ftgroup.com, Kevin Trilli <ktrilli@truste.com>, David Singer <singer@apple.com> I have concerns that DNT in its current form does not provide a way for sites to signal back that they will respect the user's no tracking signal. Based on my P3P experience, I am also very concerned about incentives for adoption. There is some useful information about the DNT proposal at https://www.eff.org/deeplinks/2011/02/what-does-track-do-not-track-mean I'm working on a paper reflecting on 15 years of efforts to develop privacy icons and machine-readable privacy policies... I turned an excerpt of it into my comments to the FTC, which you can find at http://www.ftc.gov/os/comments/privacyreportframework/00453-58003.pdf -- Lorrie Faith Cranor • lorrie@cmu.edu • http://lorrie.cranor.org/ Associate Professor, Computer Science and Engineering & Public Policy CyLab Usable Privacy and Security Laboratory • http://cups.cs.cmu.edu/ Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA 15213 On Mar 1, 2011, at 7:47 PM, David Singer wrote: On Mar 1, 2011, at 2:04 , Mark Lizar wrote: Thanks Jean, On 1 Mar 2011, at 08:38, <jeanpierre.lerouzic@orange-ftgroup.com> wrote: Hi all, Your remarks are certainly very important on a theoretical point of view, thanks for launching the discussion. If your browser says "do not track me", you can legally sue the company that tracked you on many juridictions. You don't need electronic signatures or trusted third parties for that. So you are suggesting that first, me (a web browsing user) is going to realise that I am being tracked (even though I am on a do not track list) then that I am going to call/email a lawyer to sue this tracking website? Is there a possibility this would be successful? (In any jurisdiction) Yes, this is not like "Do not call". If someone violates "Do not call", I know -- I get called. If someone violates "Do not track" I may not know for ages, if ever -- the tracking was internal to them and the places they made it available to. It is a worry, I think -- that doesn't make it useless, however. David Singer Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 2 March 2011 10:35:04 UTC