"MyTerms" draft standard wants to fix what Do Not Track couldn't

[Alfonso Maruccia]

Forward-looking: The now-deprecated Do Not Track browser non-standard was designed to provide a quick and easy way for netizens to opt out of ad tracking on the web. However, the feature had no chance of succeeding because compliance was entirely voluntary. Today, privacy advocates are proposing a new alternative based on a two-party, machine-readable "contract."

The IEEE P7012 draft introduces a new standard for Machine Readable Personal Privacy Terms, offering a novel way for users to express their privacy preferences to third-party entities such as websites or mobile apps. Nicknamed MyTerms by Doc Searls – who chairs the standard's working group – this approach is founded on the idea that online services should agree to users' terms, not the other way around.

The newly proposed approach is founded on the idea that online services should agree to users' terms, not the other way around...

MyTerms addresses contractual interactions between individuals and service providers on a network, outlining how both parties can agree on a mutually accepted, privacy-respecting contract. The standard treats individuals as "first parties," while service providers are considered the second party.

Users can declare their privacy requirements through a digital contract, selecting from a library of standard agreements maintained by an independent, non-commercial organization.

Searls cites the NoStalking agreement from the Customer Commons platform as an example of a MyTerms contract. This agreement communicates to websites that the user does not wish to be tracked while being served ads. The agreement "is good for you, because you don't get tracked, and good for the site because it leaves open the advertising option," Searls explained.

The MyTerms draft – nicknamed similarly to how the IEEE 802.11 standard became known as "Wi-Fi" – aims to give internet users true agency in their online interactions, Searls said.

It focuses solely on the machine-readable layer of these interactions, allowing websites, browser developers, CMS makers, and other stakeholders the freedom to implement their own solutions in pursuit of the same goal.

As clearly stated in the IEEE draft, the standard's purpose is to facilitate the negotiation of preferred contracts between users and internet companies. Direct negotiations over terms or the creation of additional agreements fall outside the scope of the technology. The draft does state, however, that when both parties agree to a specific contract, the agreement should be digitally signed by the parties or their authorized "agents."

A coalition of consumer advocacy groups attempted something similar in 2007 with the proposal of a Do Not Track list for online advertising. However, the HTTP-based technology was eventually abandoned by all major browsers after it proved practically useless. Whether MyTerms will fare better remains to be seen in the years to come.

Permalink to story:

"MyTerms" draft standard wants to fix what Do Not Track couldn't

 

[pnntmp]

Sounds good on paper but too complicated.
Do Not Track is perfectly machine -readable but didn't work.

There is a very simple solution to tracking - it should be opt-in. That is - forbidden, unless the user explicitly requests to be tracked.

 

[yRaz]

Sounds good on paper but too complicated.
Do Not Track is perfectly machine -readable but didn't work.

There is a very simple solution to tracking - it should be opt-in. That is - forbidden, unless the user explicitly requests to be tracked.

That is such a simply brilliant idea that I would be in fear for mylife it was my own.

 

[NotYourITguy]

This does absolutely nothing to address the fundamental problem that it requires cooperation from every single website and internet service you ever visit which simply isn't going to happen.

Mandatory compliance by law with extremely high penalties for non-compliance is truly the only practical option to achieve widespread adoption of any privacy standard.

 

[NumberNine]

Great now sit down with Google and explain how they need to agree and lose money.

 

[Xelions]

This does absolutely nothing to address the fundamental problem that it requires cooperation from every single website and internet service you ever visit which simply isn't going to happen.

Mandatory compliance by law with extremely high penalties for non-compliance is truly the only practical option to achieve widespread adoption of any privacy standard.

And we know governments who are owned by corporations would never allow that.

 

[JamesBlond]

LMAO....the trackers are saying they want you to have privacy...lmao

 

[Phylop]

I'm not sure I have a full understanding of how this works, but wouldn't the "MyTerms" contract potentially be used as unique identifier of that user which could be used to track them? Especially if the contract is digitally signed? Doesn't that kinda defeat the purpose? On paper the contract says not to track, but in reality it creates another method for identifying and tracking the user.

 

[matthisd]

potentially be used as unique identifier of that user which could be used to track them

I think it is way too early to know how it could/would be implemented. But you setting your "terms" in your browser could be done anonymously. Then it gets set as a plain old cookie that the website recognizes when you pass again. It will recognize you (which it can anyway) but no other website should recognize or be able to track that cookie. But that is a technical question, and whether or not it would be trackable in and of itself, would greatly depend on the tech in general, but also on your browser implementation. If you browser does not allow you "terms" cookie to be accessible to any website other than the one you "signed" with, tracking should not be possible. And this is just for this system, whether you are trackable based on other features of you browser, machine, etc, would not be affected by any of this anyway.