Re: ISSUE-4 and clarity regarding browser defaults

David ( Singer )...

Thank you for your quick response.

I was rather hoping to hear back from Matthias himself since he
was the target of the questions but thank you for your own
responses and I'm sure if they differ greatly from Matthias'
we will hear from him.

Let me prefix the additional comments below with the statement that
I am ONLY concerned with achieving the goal of this thread which
is entitled...

ISSUE-4 and CLARITY regarding browser defaults

Keyword = CLARITY

I am your classic 'soldier in the trenches' and, indeed, am already
tasked with writing the kind of code that could make this (proposed) specification
REAL and not just some 'pie in the sky' gobbly gook.

I have written full-featured Browsers for no less than FIVE different
Mobile Operating Systems at this point ( Symbian, MSMobile, BlackBerry,
Android, iPhone ) and even SIX years ago, the very first Mobile version
had its own 'Privacy Options' page ( as do ALL of them now ).

ALL of them are available for download ( have been for many years now )
and are being actively supported 'in the field'.

My ONLY interest ( and the interest of many others watching this WG )
is to be sure I 'get it right'.

That being said... forward to (possibly) even MORE 'CLARITY'...

On Jun 19, 2012 at 16:46:03 -0700, David Singer wrote:

> On Jun 19, 2012, at 12:35, Kevin Kiley wrote:
>
> > > matthias wrote...
> > >
> > > Hi Rigo,
> > >
> > > Since I believe that we all agree that a default can be an expression of
> > > preference (e.g., if I install a privacy-enhanced browser that is
> > > permitted to ship with DNT;1 as default), feel free to indicate text
> > > updates to clarify the text to fully communicate this agreement.
> >
> > There is no other way to look at this.
>
> Indeed, we had a compromise here:
>
> * there may be some User Agents that are specifically made and marketed as
>   being privacy-enhancing, and they could indeed have a default (and maybe
>   they use Tor, reduce fingerprinting, and so on)

Indeed, there already are ( User-Agents being marketed as privacy-enhancing )

>From the following Mozilla/Firefox 'marketing' page...
http://www.mozilla.org/en-US/privacy/

[snip]

Your Privacy

At Mozilla, we believe in putting users in control of their personal information.
This site covers our privacy and data practices, as well as the tools and controls
available across our websites, products and services.

Our principles...

No Surprises
Only use and share information about our users for their benefit
and as spelled out in our notices.

Real Choices
Educate users at the point that we collect any data and give them
the option to opt out whenever possible.

Sensible Settings
Establish DEFAULT SETTINGS that balance safety and user experience
appropriately for each transaction.

User Control
Innovate, develop and advocate for privacy enhancements that put users
in control of their online experience.

Limited Data
Collect and retain the least amount of user information necessary
and share data anonymously whenever possible.

Trusted Third Parties
Make privacy a key factor in selecting and interacting with partners.

[/snip]

>From the following Internet Explorer 8 'marketing' page...
http://windows.microsoft.com/en-US/internet-explorer/products/ie-8/privacy-statement

[snip]

At Microsoft, we're working hard to protect your privacy while delivering
products that bring you the performance, power, and convenience you desire
in your personal computing.

This privacy statement for Internet Explorer focuses on features that
communicate with the Internet, explains how those features collect your data,
and describes the way that data is used.

Internet Explorer has certain features that may impact or help you to protect your privacy.

The sections below describe some of these features.

[/snip]

>From the following Internet Explorer 9 'marketing' page...
http://windows.microsoft.com/en-US/internet-explorer/products/ie-9/windows-internet-explorer-9-privacy-statement

[snip]

At Microsoft, we're working hard to protect your privacy while delivering
products that bring you the performance, power, and convenience you desire
in your personal computing.

This privacy statement for Internet Explorer 9 ("Internet Explorer")
focuses on features that communicate with the Internet, explains how
those features collect your data, and describes the way that data is used.

Tracking Protection

Tracking Protection helps you stay in control of your privacy as you browse the web.

Tracking Protection provides you an added level of control and choice
about the information that third-party websites can potentially use to
track your browsing activity.

With Tracking Protection Lists, you can choose which third-party sites can
receive your information and track you online.

[/snip]

>From the following Apple Safari 'marketing' page...
http://www.apple.com/safari/what-is.html#security

[snip]

Safari - The browser that looks out for you!

The worry-free web...

The web can be a scary place. But not when you use Safari.

To keep your browsing your business, Safari offers Private Browsing.
Simply turn it on, and Safari stops recording the sites you visit.
It also stops storing your searches, cookies, and the data in online
forms you fill out.

To prevent companies from tracking the cookies generated by the websites
you visit, Safari blocks third-party cookies by DEFAULT.

It also provides built-in pop-up blocking, so you don't have to be
bothered by unwanted ads.

A NEW Privacy pane in Safari preferences gives you more information
about and control over your online privacy. You can see what websites
are storing data that could be used to track you online.

You can clear website data, customize cookie settings, and decide whether
websites can request your location information.

Read more about privacy protection on the Safari Features page.

[/snip]

>From the following Opera 'marketing' page...
http://www.opera.com/privacy/

[snip]

The Opera browser offers excellent features for the protection of privacy
and security when using Opera in the Internet environment.

It is the policy of Opera Software to process personal data for purposes
that are objectively justified by Opera Software's service and to perform
the processing in accordance with fundamental respect for the
right to privacy, including the need to protect personal integrity and
private life and to ensure that personal data are of adequate quality.

Opera Software has taken much care in the development process so that
user privacy and security are not compromised.

No personal information is collected or shared.

The Opera user's Web usage is not tracked. ( DEFAULT ).

[/snip]

The list goes on ( and on )... but I think you get my point.

It cannot be construed that ANY of these software makers are not
ALREADY 'marketing' their product(s) as 'Privacy-Enhancing', and
have been doing so for quite some time now.

> * there may be some Sites that are specifically for the purpose of tracking
>   ('TrackMyReading.com') where signing up for the site implies out-of-band
>   permission to track.
>
> General-purpose UAs cannot claim to be the first;

They most certainly CAN... and DO. ( See list above ).

> and general-purpose sites cannot claim to be the second.

Why in the world would they?

'TrackMyReading.com' is not a real site.

I have given some good examples of 'General Purpose UAs' that
DO, in fact, already market themselves as 'Privacy Enhancing' products.

Can you give some examples of 'general-purpose' sites that
ARE (actively and publicly) claiming to be the 'second' so we
have some reality to work with?

> They both need to take extra steps
> (to allow the user to turn on DNT, or to ask the user for an exception).

That's what the (final) DNT spec will determine, yes, when all the debates are over.

Once again: CLARITY is the goal ( Sic: Extra steps? )

> This is a balance, and a compromise;
> if we discard one, we should discard the other.

I really don't see it that way, sorry.

> The text currently in the TPE I believe respects both.
> We should probably critique what is actually written...

Of course.

> > WHO will be making the decisions about which 'Browsers' qualify for
> > paragraph one (above) and which ones do not?
>
> Society as a whole.

You are kidding me, right?

> Everyone is free to criticize or admonish UAs or sites that claim this
> when it is not justified.

See the UA list above.

Has 'Society' already decided, somehow, that those general purpose UAs
should NOT be claiming that they can (already) 'Enhance Privacy', or that
they are somehow making FALSE statements?

Did I simply miss that news flash on CNN sometime in the last few years?

> > Also, regarding paragraph two (above), to what lengths must an antivirus or
> > privacy-protection tool go to in order to achieve the accepted "moment of choice"?
>
> Is privacy their primary purpose or design criteria?

[puzzled-look] Ummm... yah. [/puzzled-look]

> > What if a standard antivirus/protection tool simply has the following install options...
> >
> > [_] Enable ALL protections
> > [_] Customize
> >
> > If the 'Enable ALL' option simply INCLUDES setting DNT=1 as a 'default'.... does
> > this qualify ( as far as the TPWG is concerned ) as a valid 'User choice'... or would
> > the tool have to specifically mention DNT and get specific approval for that one
> > protection item in order to be considered 'complaint' with the (DNT) spec?
>
> We'll spend the rest of our lives on questions like this if we start trying
> to answer them!  The number of 'close to the line' questions is, for all
> practical purposes, infinite!

Total dodge of the question... and I totally disagree with you.

It was, in fact, a SIMPLE question.

I was actually expecting a simple 'yes' or 'no' answer to that one.

Either a piece of software WILL be allowed to 'bundle' the DNT
option together with other 'protection' options that require
user consent... or it won't.

Which is it going to be?

Let me remind you again that the TITLE of this message thread is...

ISSUE-4 and (clarity) regarding browser defaults

It is not...

ISSUE-4 and (more confusion) regarding browser defaults

> regards
>
> David Singer
> Multimedia and Software Standards, Apple Inc.

regards
Kevin