RE: RE: RE: ISSUE-10 First party definition, ISSUE-60, ACTION-? from Mike O'Neill on 2013-03-01 (public-tracking@w3.org from March 2013)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Fri, 1 Mar 2013 16:26:01 -0000
To: "David Singer" <singer@apple.com>
Cc: <public-tracking@w3.org>
Message-ID: <022301ce1699$78385c50$68a914f0$@baycloud.com>
David,

Why not just call it the user granted exception request the Tracking Consent
indication i.e. the API would be storeTrackingConsent({...}; - so the
"exception" term can revert to its usual JS definition. 

With the possibility of interaction between the DNT protocol and other
browser features it will be easier to describe these using the "consent"
term. For example Firefox and/or Safari could alleviate default 3p cookie
blocking (in a site specific way) if there is an indication of explicit user
consent for tracking. 

Mike


-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: 28 February 2013 10:36
To: Alexander Hanff
Cc: public-tracking@w3.org; 'John Simpson'
Subject: Re: RE: RE: ISSUE-10 First party definition, ISSUE-60, ACTION-?

Alexander, 

On Wednesday 27 February 2013 22:23:06 Alexander Hanff wrote:
> As I have stated multiple times now, it is not acceptable to simply 
> redefine 3rd party tracking widgets to first party for the purpose of 
> putting them out of scope of the DNT compliance policy.  TPWG has no 
> right whatsoever to presume to know what consumers intend to consent 
> to when they interact with a widget.

The TPWG does not presume. The TPWG does not carry rights. You're on a
complete wrong angle here, if you want to contribute. 

I hear your concern about widgets littered all over the place replacing
tracking 1x1 pixel graphics (web beacons). But those widgets are 1/ not
hidden 2/ there to interact with

As long as they are passive, the Specification clearly states that if the
widgets are served from the widget's owner's site, they are third party
content. (or if they phone home in any way). 

If the user clicks on them (the Spec clearly says onmouseover is not
sufficient), this is like clicking on a link. Saying that clicking on a link
or a widget on the web you'll expect that it won't bring you somewhere else
is not matching what this technology has been doing since its inception.
> 
> In the absence of that knowledge they must assume that the intended 
> purpose of the user is to do nothing more than use the widget, not 
> that using the widget is consent to being tracked (a peripheral 
> purpose of the widget not immediately apparent to the user).

Oh, what you're saying is that DNT should apply also to first parties. 
This is certainly true for the European (regulated) market. The US folks
don't dare going there. So the TPE and the TCS only have very limited
restrictions on first parties. This is certainly not what I would call a
circumvention. It is just the fact that the Group has chosen to exclude
first party tracking so far. Many advocates have trouble with that, but
settled so far by saying: "If we address cross site tracking and find a
solution, that's a good step forward". I hear "not good enough" and I'm
tempted to respond "never good enough, but let's make a first step". 
> 
> To my knowledge there has been no research by the TPWG to support this 
> decision, it is quite simply arbitrary and completely offensive.

This feeling of offense comes from the misunderstanding that the Group would
also address first party tracking. This is not the case. There will be some
remarks in the global considerations document. 
> 
> If I click on a like button I am clicking on a button to say I like an 
> article, I am not saying "Hey Facebook, use this web site in my 
> behavioural profile even though I have DNT set!" - what this group is 
> suggesting with the redefinition is a complete mockery of the concept 
> of DNT and furthermore shows utter contempt for the choices of the 
> users it will impact.

You're clicking on a link! I click on a button and by some magic, all sites
are federated in a way that they use telepathy to collect information how
many times a document is liked? Seriously, this works because there is a
service counting the clicks. And this is typically not the first party
(content) as often, the same content is on many sites. So please tone down a
bit so that we can understand your concerns. Utter complete complaints don't
do the trick.

BTW, one of the main reasons to do DNT for the industry is to preserve the
efficiency by such third party services that can service functionality on
demand in a Web 2.0 scenario. If everything comes from the same site, we are
back in HTML 1.0. Charging things from third parties started as early as
HTML 2.0 and Netscape allowing for images with arbitrary URI to be
displayed.

 --Rigo
Received on Friday, 1 March 2013 16:26:37 UTC