- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 19 Nov 2012 14:27:57 -0000
- To: "'Roy T. Fielding'" <fielding@gbiv.com>
- Cc: <public-tracking@w3.org>
Roy, I agree that a simple definition of DNT:1 that stops web history acquisition would make the first-party/third-party distinction irrelevant. Something like: "Do not allocate or use data in order to identify me (or my browser) when I visit other websites." This should apply to UUID storage as well as UA fingerprinting. The point about third-party restrictions is that it should stop web history gathering, but still allow legal data use by websites. It should not mean a free pass to some, i.e. by allowing web history gathering by "first-parties using declared data in a third-party context", "service providers" or "joint first-parties". Mike -----Original Message----- From: Roy T. Fielding [mailto:fielding@gbiv.com] Sent: 19 November 2012 12:46 To: Rigo Wenning Cc: Shane Wiley; public-tracking@w3.org; Lauren Gelman Subject: Re: ACTION-326 and ACTION-327 BLOCKED on ISSUE-5 On Nov 19, 2012, at 12:04 AM, Rigo Wenning wrote: > Shane, > > On Sunday 18 November 2012 21:01:54 Shane Wiley wrote: >> I believe many of us will have issue with your proposed definition >> and would recommend something closer to the one Roy has offered. > > which is precisely the point why the definition is to be avoided. It > just re-opens the discussion at day one. How can I reopen a discussion that was never conducted, let alone closed? I have been here since day 1. So has the issue that still is raised and not open. >> Your proposal uses fairly loaded terms that have different meanings >> across regions (which could be good or bad depending on how you look >> at it), such as "personal data" so perhaps more neutral language is a >> better path. > > Do you mean "personal data"? What is all that privacy about? Again, a > perfect reason to keep our fingers away from that definition. I > consider the use of the term "personal data" a pure emotional problem. > It is the term we use since the mid sixties of the last century > (invented by Westin in US!) We could call it "dossier" if you find > that neat. >> >> I'm glad to see we're at least having this conversation though. Your >> proposal is expanded to any "personal data" >> collection whereas the alternate definition from Roy is focused on >> cross-site (non-affiliated) data collection/use which is much closer >> to where the current draft stands. > > But says the same. No, not even remotely the same. > My definition says: Scope is all collection of personal data in HTTP. Which would be incorrect, since DNT does not cover the collection of of all personal data in HTTP. > This is then to be seen in the context of the Specification that > says: Do anything if DNT:0 or first party. Do only the allowed, if > DNT:1 and third party. It is precisely the stated goal of my > definition that it doesn't change anything and makes clear that the > definition-discussion is a phantom/pseudo-discussion. In other words, your definition is deliberately wrong because you don't want to discuss it? > Or can you imagine cross-site tracking by a first party that would not > fall under the first party exception? Roy's definition just doubles > the first/third party distinction. No, it just describes the scope of what I believe a user would consider tracking, and the entirety of the privacy issue that I am attempting to solve. The reason why the WG has failed to make more than a month's worth of actual progress on the compliance specification, in over a year of arguing, is because the various participants are trying to solve completely different problems and can't understand why the five (at last count) sides are unable to come to consensus. If we agree to a written description of the problem that we are attempting to solve, then we have a small chance of agreeing that proposed solutions will solve it. If we can't agree to the problem, then maybe we should be working on five separate problems with five separate solutions. I couldn't care less about 1st/3rd party distinctions. The only reason it has any meaning to DNT is because many people believe DNT:1 won't be a viable setting for ordinary users if it disables personalization on first-party sites. Likewise, we expect first party sites to have their own user-settable preferences that are far more detailed than DNT. I do care about context and reasonable user expectations with regard to data sharing, and know for a fact that neither one can be cleanly delineated by Web technology. Hence, my solution is to allow the human operators of sites to expand the context only if it is reasonably expected by the user. In other words, if there is no technical means to bound the context, then we shouldn't even be trying -- just define what is not allowed to be shared outside the context and let regulators inform and enforce the boundaries of the context based on user expectations. > In this case, where is the issue with my definition? It is misleading to the user and unacceptable to the folks who are being asked to honor the DNT signal. > I still wait to see you come out of the woods with the additional > scope reduction by a definition that we do not need. This is like > writing and executing the code two times independently because you > have a feeling the parser could have missed something the first time. > > We can have this discussion. But I want to make clear that a/ it > doesn't change anything b/ I already now believe it is a waste of > resources c/ it is understandable from the emotional point, thus we > may have to discuss it to keep everybody on the same page (which is a > normal activity in standardization). Do you want DNT to be implemented or not? I would like to implement a solution to giving the user control over technologies that they consider tracking --- anything that follows or correlates their Web activity over time, or retains or shares profiles about that activity without their prior consent. I am trying to do that in the least disruptive way possible, which means I am not interested in any requirements that prevent real-time security checks, block personalization based on session state or non-retained user agent characteristics, or prevent necessary retention of access logs. I will not, under any circumstances, agree to a whitelist style of interaction with end-users wherein this WG controls the list -- we simply do not have the expertise or omniscience to justify such requirements. I will agree to declarative definitions of scope, and to turn off everything fitting within that scope (whether we have thought of it yet or not) based on a validly expressed preference. I will not be responsible for every bit of personal data a user might send to my server via HTTP, since that just invites lawsuits via data injection. I will only take responsibility for data that I (or a customer) deliberately cause to be sent and that is known to be personally identifiable, and for turning off behavior that would be perceived as tracking the user based on that data. I am looking for definitions that fit within those lines. The exact words are less important than the scope they define. I've floated half a dozen already and haven't heard a solid objection to any of them. Iterating over them helps me understand the real problems that need to be solved in TPE. ....Roy
Received on Monday, 19 November 2012 14:28:42 UTC