Re: action-307, issue-119, absolutely not tracking

Ed,

Your case 2 introduces a huge new set of complexities and seems out of scope for the spec.  DNT: 0 means the same thing in both cases.  If "DNT: 0" and "DNT: 0" are to have different meanings then they need to be DNT: 0x and DNT: 0y.  If we need to go further to communicate the specific promises in  play to that site then you have DNT: 0 ;CP: CUR UNI…, but I don't thin there is a lot of appetite for that and I am pretty sure that is out of scope.

-Brooks

--

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
brooks.dobbs@kbmg.com

[cid:773FB9EF-EC79-47CA-94ED-4475C404B214]

This email – including attachments – may contain confidential information. If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.

From: Ed Felten <ed@felten.com<mailto:ed@felten.com>>
Date: Thursday, November 8, 2012 12:38 PM
To: Brooks Dobbs <brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com>>
Cc: David Singer <singer@apple.com<mailto:singer@apple.com>>, David Wainberg <david@networkadvertising.org<mailto:david@networkadvertising.org>>, "public-tracking@w3.org<mailto:public-tracking@w3.org> WG" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: Re: action-307, issue-119, absolutely not tracking

I think this gets to a point that Nick raised on yesterday's call.   Assuming that we adopt the new approach to user-granted exceptions (UGEs) that Adrian and others have proposed, there will then be two reasons that DNT:0 could be sent to a site.

Case 1: The user has expressed to the User Agent (UA) that they want to send DNT:0 generally.  In this case the UA is vouching that this is the choice the user has made, and the site can engage in tracking (to the extent allowed by law).

Case 2: The user has granted a UGE, and the site has implanted that UGE into the UA via the new API.  In this case the site is vouching that the user granted it a UGE, and if the site made any promises to the user in the course of asking for that UGE then the user can rely on those promises.

The UA knows which of the two cases it is in, but the site might not be able to tell the difference.


On Thu, Nov 8, 2012 at 10:56 AM, Dobbs, Brooks <Brooks.Dobbs@kbmg.com<mailto:Brooks.Dobbs@kbmg.com>> wrote:
David,

Admittedly, I needed to start by looking up "bike-shedding", but, having
done so, I am not sure I agree.

I think it would help us all to fully appreciate that UGEs aren't
exceptions to how DNT:1 is processed by a specific site; if an exception
at all, they are exceptions to DNT:1 being sent to ALL sites.  Isn't this
fundamentally different?  A UGE site has no way of knowing if they are "an
exception" or if the user's base line choice was to send DNT: 0 to all
sites.  I could imagine this having implications for sites that appear as
both 1st and 3rd parties.

In any event, I think we ought to be as consistent and clear as possible.
Where something isn't an exception (or where the meaning of what it is an
exception to is unclear) we should fix the language.  Agree?


-Brooks


--

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683<tel:678%20580%202683> | (Mob) 678 492 1662<tel:678%20492%201662> | kbmg.com<http://kbmg.com>
brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com>



This email ­ including attachments ­ may contain confidential information.
If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message.



On 11/8/12 10:33 AM, "David Singer" <singer@apple.com<mailto:singer@apple.com>> wrote:

>
>On Nov 8, 2012, at 16:30 , "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com<mailto:Brooks.Dobbs@kbmg.com>> wrote:
>
>> Just as a point of clarification here I am noticing some language I
>> believe to be technically incorrect entering into the discussion.  To be
>> clear - "short term collection" is NOT an exception; it is a permitted
>>use.
>
>sorry.  you are quite right.
>
>>
>> This actually highlights another issue.  For consistency we may need to
>> change the language around user granted "exceptions" because they aren't
>> really exceptions.  An exception would be a special dispensation to
>> process a DNT: 1 signal differently than would otherwise be allowed.
>
>I have long felt that users give 'permission' (not 'exception') and that
>we need a different word for what the spec. allows in restricted
>circumstances (not 'permission' or 'exception').  But this is
>bike-shedding...
>
>
>David Singer
>Multimedia and Software Standards, Apple Inc.
>

Received on Thursday, 8 November 2012 17:02:51 UTC