w3c dnt presentation for admonsters
DESCRIPTION
Presentation given by Aleecia McDonald, co-chair for the W3C Tracking Protection Working Group, at AdMonsters' DNT Meetup, May 3, 2012TRANSCRIPT
3 May, 2012
Tracking Protection Working GroupAleecia M. McDonald
1
Friday, May 4, 12
Introduction of the W3C
✤ Successful track record with standards for HTML, XML, CSS, etc.
✤ Hundreds of billions of dollars of commerce runs on W3C standards 2
✤ World Wide Web Consortium creates international standards for the Internet
✤ Sir Tim Berners-Lee
✤ Created the World Wide Web, 1989
✤ Created the W3C, 1994
Friday, May 4, 12
Introduction of co-chairs
✤ Aleecia M. McDonald
✤ Half-time Mozilla Senior Privacy Researcher
✤ Half-time Stanford Resident Fellow
✤ Prior: PhD privacy; software start ups
✤ Matthias Schunter
✤ IBM Research in Switzerland
✤ Focus on cloud computing, security, and privacy
✤ P3P standards experience
3
Friday, May 4, 12
Approach for Do Not Track
✤ User agent expresses a preference not to be tracked
✤ Shipping today; standards work answers “what does tracking mean?”
✤ Websites / applications choose to honor DNT, confirm with response
✤ Adoption is entirely voluntary; W3C cannot compel members to act4
HTTP header ofDNT:1
Friday, May 4, 12
Diverse TPWG Membership
✤ 70+ group participants, plus observers
✤ Browser companies: Apple, Google, Opera, Microsoft, Mozilla
✤ Wide membership range including Alcatel-Lucent; Adobe; AdTruth; Article 29 Working Party; AT&T; CDD; CDT; Chapell & Associates; Deutsche Telekom; EFF; ESOMAR; Facebook; IAB Europe; Nielsen; Nokia; Online Publishers Association; TRUSTe; Yahoo!; The Walt Disney Company
5
Friday, May 4, 12
1. Definitions & Compliance
✤ Chair: Aleecia M. McDonald (Mozilla)
✤ Editors: Justin Brookman & Erica Newland (CDT); Sean Harvey & Heather West (Google)
2. Tracking Preference Expression
✤ Chair: Matthias Schunter (IBM)
✤ Editors: Roy Fielding (Adobe), David Singer (Apple)
3. Tracking Selection Lists
✤ Chair: Matthias Schunter
✤ Editors: Karl Dubost (Opera); Andy Zeigler (Microsoft)
Writing Standards Documents
6
Friday, May 4, 12
Three Types of Parties
1. First party
✤ Not directly liable for others’ actions
✤ Very few restrictions
✤ Cannot share data with others, or else must act as a third party
✤ Can be multiple 1st; depends upon meaningful interaction
2. Service provider
✤ Agents of first parties, contractual relationship
✤ Cannot share data across multiple first parties or use for their own purposes
✤ Debating exceptions
3. Third parties with strong restrictions, plus exceptions
7
Friday, May 4, 12
Onze Comma Un
Uniform Signals, Different Results
Punt Elf
Elf Komma Eins
Eleven Point One
8
Friday, May 4, 12
Tri-part DNT Signal
✤ Three options DNT: 1 - enable DNT, user saying “do not track me” DNT: 0 - do not enable DNT Nothing - users have not made a selection
✤ US, Nothing:
✤ Users did not choose to enable DNT
✤ Similar to DNT: 0
✤ EU, Nothing:
✤ Users did not consent to tracking
✤ Similar to DNT: 1
9
Friday, May 4, 12
Site-specific Exemptions
✤ Many countries can have a global DNT: 1 value
✤ Companies want to ask to track anyway
✤ Some countries may not allow a global DNT: 1
✤ Consent may be site-by-site
10
✤ Use same technical mechanism in both cases
✤ Exception specific to advertiser on that particular first party, not global for the advertiser across the whole Internet and/or
✤ Exception global for a specific third party, Internet wide
Friday, May 4, 12
Current Big Unresolved Issues
1. Edges of a party
✤ User expectations and branding
✤ “Discoverable” based on corporate ownership
2. Permitted uses for third parties, perhaps with retention limits, e.g.
✤ Frequency capping
✤ Billing and financial logging
✤ 3rd party auditing
✤ Security and fraud prevention
11
Friday, May 4, 12
Opportunities
✤ For feedback:
✤ Speaking with WG on call
✤ Joining the WG
✤ Community Group
✤ Individual comments on Last Call draft
✤ For media:
✤ Internet week, May 17th
✤ Mozilla blog
✤ Jonathan’s list of DNT implementations
12
Friday, May 4, 12
Interested in Learning Thoughts...
✤ Response mechanism
✤ HTTP header
✤ Well-known URL
✤ How do you propagate opt-out status now?
✤ Consent for specific sites
✤ EU consent issues
✤ Hard to get user consent when brand unknown
✤ Does 3rd party acting as 3rd party help?
✤ Auditing, billing
✤ Silo data
✤ Biggest technical challenge to implement?
13
Friday, May 4, 12
3 February, 2012
Tracking Protection Working GroupAleecia M. McDonald
14
Friday, May 4, 12
Photo credits
✤ Tim: http://i.telegraph.co.uk/multimedia/archive/00682/bernerslee-404_682192c.jpg
✤ Elephant: http://www.flickr.com/photos/paperpariah/2446224424/sizes/o/in/photostream/
✤ Adam Foster | Codefor
✤ “! danger elephants at Knowsley Safari Park?”
✤ Cash register: http://www.flickr.com/photos/teflon/4995681266/
✤ Martin Deutsch15
Friday, May 4, 12