- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 15 Mar 2012 10:33:24 +0100
- To: public-tracking@w3.org
- Cc: Jonathan Mayer <jmayer@stanford.edu>
Jonathan, thanks for starting to address this. I wonder if, according to you, the following scenario falls within the scope of ISSUE-65: A user logs into her favorite social networking site and clicks on "remember me". The site sets a cookie that sets the state to "logged-in" (until 2018, for the fun of it). Now the user closes the browser and goes on holidays, comes back 2 weeks later and browses to her favorite news site where there are a gazillion buttons from social networks on the bottom of every page. She switches on DNT because she is looking for some information about race and religion. Because she still has the "logged-in" cookie, she is considered logged in to one of the networks and will be tracked in an _identified_ way. But the probability that she is aware of this going on in the background are very low. This raises the question of what "logged-in" really means. I agree with Shane that an interactive logged-in session can be considered an out-of-band agreement. You logged in, registered while accepting conditions etc. Overriding DNT would create a legal mess. But without blinking prompt, I feel there is something fishy in saying that this "logged-in". But this may be just a browser interface issue. So is this part of ISSUE-65 according to you? Rigo On Tuesday 13 March 2012 19:07:19 Jonathan Mayer wrote: > I see three possible policy options here. > > 1) No logged-in exception: login state does not affect DNT obligations. > > 2) A logged-in exception: if the user is logged into a website, it is > treated as a first party. > > 3) In between: if the user is logged into a website under certain conditions > (e.g. a recent login, or a login in the same window), it is treated as a > first party. > > The ISSUE is PENDING REVIEW, with two text proposals for #1. (One proposal > would be explicit about it, the other would be implicit.) > > #1 seems to me the right outcome. A first party is under greater market > pressure to get privacy and security right - a privacy plus relative to > pure third parties. On the other hand, a first party can link browsing > activity to account information - a privacy minus. Given the risks at > issue, it seems to me users should still be provided control. > > I would note that #1 does *not* prevent social widgets and single sign-on > from functioning. Rather, they will initially appear unpersonalized. > After user interaction they can function as normal in a specific scenario, > and after user consent they can always function as normal. Arvind > Narayanan and I mocked up an example of Facebook's like button under DNT > at: http://donottrack.us/cookbook > > I am concerned that #2 and #3 would privilege specific advertising business > models. Those advertising companies that also operate a large first-party > website would be greatly advantaged relative to pure third-party > advertising companies. > > Finally, I think #2 and #3 impose an unrealistic burden on users by > compelling them to learn about the logged-in exception and then choose > between the convenience (and in some cases security) of a saved login and > carefully monitoring their login status to exercise choice. > > For those participants who persist in viewing DNT as a limit on content > personalization, I think all of the same arguments apply (save the first > paragraph about collection). > > In group discussions I *think* there has been a consensus or near-consensus > for #1. If anyone disagrees, I'd very much like to hear about it. > Otherwise, this issue seems ripe for closing in next week's call. > > Best, > Jonathan
Received on Thursday, 15 March 2012 09:33:55 UTC