RE: Logged-In Exception (ISSUE-65) from Shane Wiley on 2012-03-14 (public-tracking@w3.org from March 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Tue, 13 Mar 2012 19:29:15 -0700
To: Jonathan Mayer <jmayer@stanford.edu>, Tracking Protection Working Group WG <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D10417DDA@SP2-EX07VS02.ds.corp.yahoo.com>

Jonathan,

If "logged-in" equates to "out of band" consent from a user, then I believe this is moot discussion and would equate more likely to #3 - depends on the terms of registration with that party.  I would suggest we treat "logged-in" on the merits of registration with each party and therefore the W3C makes no statement with regard to DNT and a logged-in state.

- Shane

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Tuesday, March 13, 2012 7:07 PM
To: Tracking Protection Working Group WG
Subject: Logged-In Exception (ISSUE-65)

I see three possible policy options here.

1) No logged-in exception: login state does not affect DNT obligations.

2) A logged-in exception: if the user is logged into a website, it is treated as a first party.

3) In between: if the user is logged into a website under certain conditions (e.g. a recent login, or a login in the same window), it is treated as a first party.

The ISSUE is PENDING REVIEW, with two text proposals for #1.  (One proposal would be explicit about it, the other would be implicit.)

#1 seems to me the right outcome.  A first party is under greater market pressure to get privacy and security right - a privacy plus relative to pure third parties.  On the other hand, a first party can link browsing activity to account information - a privacy minus.  Given the risks at issue, it seems to me users should still be provided control.

I would note that #1 does *not* prevent social widgets and single sign-on from functioning.  Rather, they will initially appear unpersonalized.  After user interaction they can function as normal in a specific scenario, and after user consent they can always function as normal.  Arvind Narayanan and I mocked up an example of Facebook's like button under DNT at: http://donottrack.us/cookbook

I am concerned that #2 and #3 would privilege specific advertising business models.  Those advertising companies that also operate a large first-party website would be greatly advantaged relative to pure third-party advertising companies.

Finally, I think #2 and #3 impose an unrealistic burden on users by compelling them to learn about the logged-in exception and then choose between the convenience (and in some cases security) of a saved login and carefully monitoring their login status to exercise choice.

For those participants who persist in viewing DNT as a limit on content personalization, I think all of the same arguments apply (save the first paragraph about collection).

In group discussions I *think* there has been a consensus or near-consensus for #1.  If anyone disagrees, I'd very much like to hear about it.  Otherwise, this issue seems ripe for closing in next week's call.

Best,
Jonathan

Received on Wednesday, 14 March 2012 02:30:29 UTC