Open jwrosewell opened 1 year ago
@jwrosewell
I don't believe that the issue you raise here properly distinguishes the role of the W3C at large from the role of individual members, and I also believe that you have some contradictory sentiments in your argument.
You include as proposed language:
Our role is to educate and provide technical standards which operate according to these choices.
But also suggest:
Technical standards for web services must be neutral.
Education, as a principle, is not a neutral endeavor. To paraphrase Henry Giroux; all education is a struggle over what kind of future you want. I would point out that I believe you understand this. You have been clear in the past, across a number of issues and forums, on what your positions are, and have strived to debate them openly and to educate members of the W3C on why they should agree with you. That is not a neutral endeavor.
Now the second point, which I will note was discussed during the Vision TF last Thursday, is the question of the W3C and web standards as a whole requiring neutrality. You write that the W3C is 'a neutral technical standards body that strives to create neutral technical standards.' IIRC, you also brought up the idea that all technologies have the potential to be used for good and bad purposes, and so it is not our place to decide what good and bad looks like or how to mitigate.
The consensus on the vision document as it exists clearly disagrees with you. The W3C has checks in place for any number of 'non-neutral' positions to be taken, including a number of horizontal review groups set up specifically to iterate on ways to improve tech standards for the better. To argue that the W3C should not structurally prevent bad things from happening in the name of neutrality is a strange thing, and I would like to know who you believe would benefit from the W3C not addressing potential harms.
To argue that the W3C should not structurally prevent bad things from happening in the name of neutrality is a strange thing, and I would like to know who you believe would benefit from the W3C not addressing potential harms.
Right. W3C was not founded as a neutral technical SDO but as one that created Recommendations about how to move towards the web’s “full potential”. Recommendations have always been “opinionated”. Initially they were explicitly guided by TimBL’s vision and values, eg a web used by people with different languages, abilities, devices, and so on. If I recall correctly, the early W3C denied it produced "standards" ... "Recommendations" implied both the technical consensus one associates with SDOs, and support for a vision / set of principles of a better web that W3C defined as its mission.
Privacy was always a value even if W3C wasn’t as effective in promoting or standardizing privacy specs as it was with Accessibility specs.
“Neutrality “ meant the Process didn’t favor any party, not that the Recommendations should be VALUE-neutral.
+1000 to @mgendler and @michaelchampion's comments.
We were never neutral. Technology is not neutral. We have a responsibility as an organization that produces web standards to protect the end user. Putting the onus on the user in the form of "choices" or pointing to authorities creates the web we have now, one that is wildly inequitable and capable of disastrous harms. We can make the process neutral through careful policy-making, but the outcomes and the positions never will be.
I highly recommend the work of Kim Crayton on the topic of technology neutrality, it would be a helpful read.
As an international organization I believe it would also be wrong for us to defer to authorities to protect users when there are things we can do in the design of specifications, obviously there are things we cannot do and those authorities do exist, but in many cases we do have some control and should exercise it to the benefit of the user. We need to consider not every country has those protections, not every population has protections in every country, and even in countries with "authorities" protection is not guaranteed. To be completely honest, pretending technology is neutral, or that we are neutral as a technology standards org, is a position that can only be afforded to those with extreme privilege.
@michaelchampion
W3C was not founded as a neutral technical SDO
@wareid
We were never neutral
In which case we can not continue in the current direction and must address the failings of the past. A technical standards body for a resource used by 6 billion people, which supports multi trillion USD markets, and where individual participants have multi trillion market capitalizations MUST be neutral. It is not 1999 anymore. The requirement is so important that the refreshed W3C Vision needs to be built around it.
It is not the role of any technical standards body to prevent the harms @wareid lists no matter our personal opinions on them. As a comparable the 5G radio telecoms standards operate internationally and were developed in countries with very different systems of government.
@mgendler
Education, as a principle, is not a neutral endeavor.
I understand from the previous meetings that specific text changes are to be encouraged after debate. The role of education is one that we should debate at a future meeting. In this instance I was contemplating the digital equivalent of the warning on the side of a packet of paracetamol advising against operating heavy machinery.
Far wider participation in the construction of the Vision is needed as the next step. At the moment a small group of long time W3C Members and participants are working on a foundational document with almost no new input and ideas. Where I've advanced ideas and challenged long held beliefs this small group rally to defend the old ways. If the Web is for everyone then a more consultative process and wider group of inputs are needed. The next step for this issue would be to gain input from applicable law makers concerning the requirements of standards bodies concerning neutrality. Once the group has this information then a position on neutrality will be properly informed.
A technical standards body for a resource used by 6 billion people, which supports multi trillion USD markets, and where individual participants have multi trillion market capitalizations MUST be neutral.
Yes, it must be vendor neutral, and not favor one party over another, but no, it cannot possibly be value neutral. Refusing to choose between internationalization and accessibility one one side, or exclusion on the other is not a useful kind of neutrality, it's discrimination. Refusing to chose between promoting security and enabling harm is not a useful kind of neutrality, it's dangerous. Refusing to chose between bullies and victims is not a useful kind of neutrality, its cowardice. Having no preference between helping the public and harming it is not useful kind of neutrality, it's evil.
"Nothing we do is technically illegal, and beyond that, anything goes, we don't judge" isn't good enough for a 501(c)3, and isn't what most people who join W3C aspire to.
and isn't what most people who join W3C aspire to.
I join W3C because I have to if I'm to understand and influence the technology standards on which my businesses depends. I have no choice as the W3C (and IETF) are THE standards bodies for these technologies.
I'm particularly concerned about neutrality in practice because the statement "it must be vendor neutral, and not favor one party over another" is untrue. W3C documents and debate actively discriminate.
I do not join W3C to fix societal problems or address harms. I join other organisations to do that.
isn't good enough for a 501(c)3
A 501(c)3 has three requirements. These are:
If you believe the requirements of W3C Inc under law should be wider than this then a different vehicle should be used.
The third point is particularly relevant to this issue.
I tried to think of a single W3C or IETF standard that is neutral but I don't think that there is one. From a logical standpoint, I don't really understand how that would be possible.
@jwrosewell what does neutral mean to you? IMO, what you are proposing is not neutral. Ignoring the harms that the web has caused is a choice. It is not neutral but an active decision to continue perpetuating harms.
Seconding @TzviyaSiegman's question because I think we are talking past each other a bit here.
The Red Cross example raised in the meeting is a great illustration of what I think we mean. Red Cross is "neutral" in that it's mission prioritizes the needs of people in distress over political interests. In a war zone, they treat everyone in need of medical aid regardless of affiliation or role because of that mission. They are a neutral party whilst making a very political decision.
I believe we as an organization put the needs of the end user, the web user, above all other interests. Yes, the web is used for commerce and powers a many trillion dollar market, regardless of that we will prioritize the user, especially in the areas we have committed to in terms of accessibility, internationalization, security, and privacy. We have taken political positions in the past (i.e. the great DRM debate), and would continue to with this vision in mind.
To be additionally clear because two different definitions of "political" seem to be in play too, I'm not suggesting we'd ever lobby a government or recommend a political candidate. We're talking about the small "p" politics of living in a global society, taking positions on topics that have broad impact.
Now, have we made mistakes in the past, absolutely. Should we own up to them, and commit to doing our best to correct them where we can? Also yes, and this I do not think is negative. We are being honest and authentic, and I'd much rather see that instead of some idealized vision of a world that never existed. If this vision was being written in 1991 when we didn't know any of this might happen, a positive spin would be fine. We know what has happened, we can be positive about the future and honest about the past.
I also really can't emphasize enough that us even pretending tech and standards are not political, or that the decisions we make or the documents we produce are perfectly neutral, is true only for a select few, and will very likely lead to incredible criticism from the community.
We have taken political positions in the past (i.e. the great DRM debate), and would continue to with this vision in mind.
That's a good point. BUT I am not seeing anything in the current draft that would have informed the EME/DRM debate, maybe that's a bug?
The EME debate hinged on a few widely but not universally shared principles.[1] There was the venerable "content wants to be free" meme that was not discussed much by the time the HTML Media Extensions WG was chartered, but there was a sense that non-"free" media was out of scope for W3C. Do we want to take a stand on that in the Vision?
The other was the push for some explicit accommodation for security and other researchers needing to crack the DRM encryption to do their job [2]. Do we want to say something about that as a matter of principle?
[1] Let me be transparent: the positions I took during those discussions were Microsoft's; I'm retired, and my personal position is more nuanced and has evolved. I would not strongly dissent against a Vision statement that excludes non-free content from W3C's scope or insists on mechanisms to allow legitimate security researchers to investigate implementations. But last I heard, EME itself is not all that relevant to the media industry any more so it's mainly useful as a case study in how the Vision might actually assist decision making.
[2] https://www.eff.org/deeplinks/2017/07/amid-unprecedented-controversy-w3c-greenlights-drm-web
@michaelchampion I noticed that too, sounds like a bug! I will open an issue because I don't want to distract from the discussion here.
There is no requirement for non-state actors like the W3C to be 'neutral'. For example, the much-studied Forest Stewardship Council does certification that is definitely not 'neutral' to those manufacturers that fail to meet its requirements.
The antitrust guidelines don't mention neutrality. Reading between the lines, I think James is continuing to conflate the W3C's role with that of a state actor (government). Positioning SDOs like the W3C within the Internet's regulatory regime is a fascinating topic, but taking such an extreme position doesn't have any precedent or justification from what I've seen.
@jwrosewell Apologies for my late response, I am revisiting this issue, and want to address one of the comments you made in response to my original statement.
In this instance I was contemplating the digital equivalent of the warning on the side of a packet of paracetamol advising against operating heavy machinery.
If we're going to talk about pharmaceuticals, there are also well recognized standards for testing any medication to ensure that they do not harm the users. That, once again, is not a neutral endeavor. A warning label may sometimes be useful, but any medical authority will also have cases in which you may not use certain medications without a gatekeepers permission. To limit ourselves to one tool in protecting users is to limit the protection of users, full stop.
At the moment a small group of long time W3C Members and participants are working on a foundational document with almost no new input and ideas.
I would disagree with this categorization. I have been involved with the W3C for about 3/4 years (I forget the exact date I attended my first meeting.) I have joined the Vision TF calls as a member of the community without any special privileges and after a call for feedback after the initial early development. I wouldn't consider myself a long time member, and I certainly wouldn't characterize my views as 'protecting the old ways.' There are plenty of areas where I think the W3C can and should improve/change. I think everyone here welcomes new ideas and inputs, but that does not mean that all new ideas and inputs are equally valid. As an aside, I hope you don't seriously consider it disqualifying to have experience within the organization in order to find issues and improve.
The next step for this issue would be to gain input from applicable law makers concerning the requirements of standards bodies concerning neutrality.
As @wareid pointed out, we are an international organization. Infrastructure of the web is not governed in the ways you have expressed both in this issue and many others. There are areas of work that are well within our remit, and that is what the vision addresses.
@mnot Do you agree that the guidelines added to #98 apply and are not optional for W3C? If so then how do you confirm the W3C are in alignment with these guidelines?
@mgendler Re: tenure. I stand corrected. I will refer to unproven and biased arguments in the future. Thank you.
I raised two issues in one. The first was the negativity of the document. There seems little disagreement on this, but a difference of opinion on whether the Vision should be positive. The second is the need for neutrality which has generated more comments. Perhaps this would be better handled by splitting the issue.
In relation to neutrality we all agree that the W3C today is not neutral. We don't agree on the extent of this being a problem. I maintain it's a significant problem when this bias is incompatible with guidelines from regulators and antitrust. As a minimum we need to state our biases in the Vision so that they can be tested against the guidelines and clearly articulated for current and future members. For example;
@jwrosewell that's a non sequitur, but I've answered in the other issue.
only web browser vendors will have the option to implement the voluntary standards/recommendations which the W3C create
Anybody has the option to implement W3C recommendations. Or to not implement them. Or to implement something different. W3C not only makes its documents available free of charge, but also has a Patent Policy that enables anyone to implement what they describe with peace of mind.
Some W3C specifications describe features that are expected to be implemented into software that is or can be described as a web browser. Some other specifications are more broadly applicable (e.g. https://www.w3.org/TR/png/), and yet some other aren't features of a browser at all (e.g. https://www.w3.org/TR/activitypub/). Obviously, a specification that describes an additional feature for X will only make sense to implement for participant who already implements a product handling X (or intends to make one).
Browsers don't decide what other browsers make, and neither do non browsers. Everyone gets a chance to argue for what the best approach is, but in the end, everybody independently decides how they want to develop their products. Preferably, as large as possible a group of people will agree as to what ought to be developed and we can put that in a specification. And if the membership at large, after due Process has been followed, agrees that this is good, we can call the resulting specification a Recommendation.
standards/recommendations will not be voluntary for other stakeholders
Everybody is free to develop products that conform to W3C specifications, just as much as they are free to develop products that don't, or to develop nothing at all. W3C would prefer that people develop conforming products as it sees benefits in doing so, but people can develop whatever they want.
Everybody is free to use products and services made by others, according to the terms of those services. Or to chose not to use them. If the products made available by others do not suit your needs as an individual or as a business, you have my sympathies. W3C offers you a platform to try and convince people that it would be better to develop things in particular ways, but just as you are free do develop what you want, confirming or not, so are they.
"I want to use a product that nobody is willing to supply" may be an unfortunate situation, but it does not make W3C standards non-voluntary.
Voluntary means you can develop your products in any way you see fit. Not that you can compel others to develop what you want or need.
web browser vendors are entitled to use the W3C to justify interference in the business choices of business to consumer (B2C - first parties) server providers and their choice of business to business (B2B - third parties) service providers
Web browsers are no more entitled to use W3C to interfere with the business of others than others are entitled to use W3C to interfere with the business of web browsers.
People whose business depends on the products or services provided by others will be influenced by the evolution of such products or services. A technologies evolve, various businesses will find the changes more or less favorable to their strategy and competitive positions. But that has nothing to do with W3C deliberately picking winners and losers.
the status quo can not be challenged when new evidence or opinion becomes available
The status quo can absolutely be challenged. This does not mean that all challenges to the status quo must be obeyed. Anybody can bring new information, and groups are required to respond. But not required to agree. Whether status quo or not, individuals are still not entitled to demand that others make things according to their needs or wishes.
"I want to use a product that nobody is willing to supply" may be an unfortunate situation, but it does not make W3C standards non-voluntary.
If the web had not had caching, or the ability to share data between participants, then the situation would be different. But it did have these features, and they helped it grow to become an essential standard of interoperability for humanity.
When web browser vendors refused to supply, supported by W3C & IETF, a competition problem was created. At best W3C and participants have been abused by web browser vendors seeking to justify their anti competitive actions.
All I'm trying to do in this issue is correct this, starting with the vision. I'm surprised it's generating so much resistence.
I'm surprised it's generating so much resistence.
Well, perhaps you're getting resistance because you talk in abstractions about "competition" and "antitrust" rather that concrete problems and proposed solutions. As far as I can tell from MoW's "news" archive, your basic problem is that IETF and W3C's increasing focus on privacy, and the trend for browsers and to block trackers by default, hurts your industry.
I assume you don't want to be explicit because W3C folks tend to value their privacy, worry about unrestricted data collection and its exploitation by unsavory commercial and political actors, and lament its effects on society. So your lack of transparency about your actual agenda, but transparent attempts to tap into general resentment of the currently dominant BigTech players, triggers the "BS detectors" in this community. Your issues "smell" like denial of service attacks... not principled attempts to find consensus across the browser, advertising, and user communities on how to balance privacy and commercial concerns.
At best W3C and participants have been abused by web browser vendors seeking to justify their anti competitive actions.
I think the issue is more complex than you are suggesting.
First, it isn't a simple case of being "abused by web browser vendors". I think the problem is users' data being used in ways that makes users unhappy. In some cases I would suggest that what browsers are doing does feel abusive, in other cases it feels protective.
Attempting to strip this down to some notion whereby we stay out of any discussion about who gets to abuse users seems to amount to an aim of giving everyone equal capabilities to do so. I'm not in the least surprised that this generates a lot of resistance - indeed, I would be upset at the intellectual vacuum that no resistance would imply.
Perhaps it would help to return the discussion to your actual proposals - and I would support your suggestion to split this issue.
@jwrosewell said...
standards/recommendations will not be voluntary for other stakeholders
And @frivoal replied
Everybody is free to develop products that conform to W3C specifications, just as much as they are free to develop products that don't, or to develop nothing at all. W3C would prefer that people develop conforming products as it sees benefits in doing so, but people can develop whatever they want.
Everybody is free to use products and services made by others, according to the terms of those services. Or to chose not to use them. If the products made available by others do not suit your needs as an individual or as a business, you have my sympathies. W3C offers you a platform to try and convince people that it would be better to develop things in particular ways, but just as you are free do develop what you want, confirming or not, so are they.
"I want to use a product that nobody is willing to supply" may be an unfortunate situation, but it does not make W3C standards non-voluntary.
Voluntary means you can develop your products in any way you see fit. Not that you can compel others to develop what you want or need.
@darobin in #17 gave one explanation how the reality is more complex than this. One of the key reasons for "anti-Trust" law and its various guidelines and so forth is that given a sufficiently dominant market position (whether as a monopoly or as a grouping that collectively have enough influence over the market), it is possible to effectively compel all kinds of behaviour. In reality we have seen various W3C members condemned for this sort of behaviour in different ways and at different times often enough that it's clearly a real thing.
I think that both claims here - that others are compelled, and that they cannot be compelled, are both more absolute than is justifiable, but I think the issue here is a real one that we need to keep in front of us. If only they didn't repeatedly come with hundreds of pages of stuff that generally doesn't bear on any given discussion instead of useful references, I would be grateful for @jwrosewell's multiple efforts to remind us of this.
@michaelchampion There's a lot to respond to in relation to your comments on Movement for an Open Web and my motivation. In summary it's not okay to create quasi-laws to deal with a unsubstantiated privacy problem by breaking real laws. It's not okay to fail to follow due process. I suggest you check out the following links if you wish to properly understand the position. We can then find a more suitable forum for further discussion if you wish and link to that location from this issue.
A summary video prepared for TPAC 2021 - https://movementforanopenweb.com/animation-an-open-web-for-everyone/ Risk based approach to data - https://lists.w3.org/Archives/Public/public-patcg/2022Jun/0074.html
@chaals
In reality we have seen various W3C members condemned for this sort of behaviour in different ways and at different times often enough that it's clearly a real thing.
This is a very important sentence. Thank you for raising it.
The issues raised in #17 and elsewhere refer to a perceived market failure. The W3C antitrust guidelines prevent W3C playing "any role in the competitive decisions of W3C participants nor in any way restrict competition". So the problem might be real for some participants, but my position is firmly that it is not the role of W3C to address it in the way that it has done and the majority continue to attempt to via Privacy Working Group, Private Advertising Technologies Working Group, Privacy Principles, Security and Privacy Questionnaire, or the many group charters, among others. The false narrative is everywhere! It is certainly not okay to ban someone from the TAG who challenges these positions with evidence or create a CEPC that provides licence to further ban and restrict such debate. The Vision is an opportunity to debate and then set the limits for W3C. It is for that reason I raise the issue of neutrality here.
The W3C could have approached the problem of data sharing (the core problem for privacy and the perceived market failure) in a very different way. It could have developed standards to enable content to be licensed and watermarked. It could have developed standards to enabled personal data and usage traceable and verifiable thus aiding law enforcement rather than assuming it's role. It could have developed standards to make privacy policies machine readable. Instead it simply adopted a position of endorsing internet gatekeepers withdrawal of interoperable standards and foreclosing competition and thus altering the structure of digital markets. I wish to see that reversed in the Vision.
@jwrosewell
In summary it's not okay to create quasi-laws to deal with a unsubstantiated privacy problem by breaking real laws. It's not okay to fail to follow due process.
@frivoal has been quite clear as to why W3C recommendations do not qualify as 'quasi-laws.'
'Unsubstantiated privacy problem' is an interesting way to frame a situation where the majority of members do see an issue with how user privacy is protected on the web. Just because you disagree with the scope of the problem does not automatically make it 'unsubstantiated.'
As I see it - although I am not a lawyer - legal considerations matter and regulators will apply the law to companies/organizations when they see issues. Our consensus process means that the membership can move forward with work depending on their interpretation of whether a law applies or not. @mnot addresses this point quite well in #98 so I won't repeat everything he says here.
We are following due process, just because you disagree with the outcome doesn't mean due process has been ignored.
I will point out that the last two points in particular seem to come up again and again across multiple issues you have raised, both in the Vision TF and elsewhere in the org, with input from a variety of members. The consensus is reiterated again and again, and I don't see why we must keep returning to these points.
@chaals
In reality we have seen various W3C members condemned for this sort of behaviour in different ways and at different times often enough that it's clearly a real thing.
I don't disagree with this point, but I think there's a difference between us needing to consider individual issues and us inshrining a position in the vision. For example: "Always follow the law" is something that I would have issue with enshrining in the vision if only because different jurisdictions have different laws (not to mention that not all laws are worth following; a philosophical discussion for another day)
I think that both claims here - that others are compelled, and that they cannot be compelled, are both more absolute than is justifiable
My reading of @frivoal's comments, was not that they cannot be compelled in general, but rather that they cannot be compelled by the W3C. Which, in the scope of the vision document, makes the most sense to address. I think it's very fair to suggest that market forces compel businesses to make certain decisions, but I struggle to see how that is something worth discussing in the Vision.
This topic feels like it is coming off the rails a bit, so let's take a chance to refocus. The core issue raised here is regarding the "tone" of the introduction and it's perceived negativity, and a question of our neutrality. Vision documents are usually positive in nature, and I don't entirely disagree that ours should be too.
We're writing a vision with the benefit of nearly 30 years of history to look back on, both in the form of the history of W3C and the web at large. With that in mind, I believe the vision should focus on two traits we have in abundance: hope and authenticity.
It would be ridiculous of us to write a document in 2023 stating our vision and mission that doesn't acknowledge the role we have had in shaping the web, and what the web as become. Being authentic in that will give us more credibility than trying to pretend everything on the web is great. (I think of examples like greenwashing or rainbow washing in this regard).
Inherent to the standards development process, as sentimental as it may sound, is a great deal of hope. Hope for better processes, for better products, better experiences, and better access. We do standards because we hope to improve the world around us, even in small ways. Our hope is tempered by recognition of the past, but in knowing the past we also know we can create a better future. That is a positive message, and I think we can balance both in a way that serves us well.
I also want to strongly second @mgendler's comment:
but I think there's a difference between us needing to consider individual issues and us inshrining a position in the vision. For example: "Always follow the law" is something that I would have issue with enshrining in the vision if only because different jurisdictions have different laws (not to mention that not all laws are worth following; a philosophical discussion for another day)
I would also not enshrine something like "Always follow the law" in a document of this kind (or anything we produce to be honest). I do think it's important to acknowledge that there are laws on the books today that are absolutely not worth following, and there are laws that are essential. However, we can't pick and choose the "best" laws, we can do our best to find positions that respect laws where appropriate and respect the humanity and personhood of the end user above all.
Just to give an extreme example, there are currently a number of laws either in effect or in legislature in the US around what type of book content is appropriate for schools and young people. If we were to always "follow the law", it could be proposed to the EPUB working group that we should add a metadata field to the package that lists the places the book is banned so that when the book is distributed, it is removed from catalogues filtering for that field. We would never do that, partly because we've always taken the position that we design the container not the content, but also because that would be censorship and we have no interest in partaking in that. Can we control that a company using the EPUB specification adds a custom field for only their system that does exactly this thing? No, but that decision is on them, not us.
@jwrosewell thanks for the reminder about [1] . I acknowledge that , "your basic problem is that IETF and W3C's increasing focus on privacy" is not a fair summary of your position. But I suspect "your basic problem is about IETF and W3C's APPROACH to privacy" would be.
But that gets to the point I was raising: Your (apparent) tactic of pushing back on W3C's fundamental approach to privacy by objecting to everything that touches on it, in language that resembles trolling more than principled debate, hurts your credibility. Others can judge whether "denial of service attack" is too harsh a description, but I'm convinced you would be more successful in promoting the vision in [1] by constructive substantive proposals rather than obstructive legalistic rhetoric.
[1] https://lists.w3.org/Archives/Public/public-patcg/2022Jun/0074.html
@wareid I generally agree with your comment and definitely agree
It would be ridiculous of us to write a document in 2023 stating our vision and mission that doesn't acknowledge the role we have had in shaping the web, and what the web as become. Being authentic in that will give us more credibility than trying to pretend everything on the web is great.
I'd quibble just a bit with
Vision documents are usually positive in nature, and I don't entirely disagree that ours should be too.
The US Declaration of Independence whose anniversary some of us celebrated yesterday https://www.archives.gov/founding-docs/declaration-transcript is one of the world's more more successful Vision Documents ;-) It begins with a statement of fundamental principles ("we hold these truths to be self-evident ..."), then a long "negative" list of grievances against the British Crown , concluding with a positive, hopeful call to action.
That's a good structure for a powerful, actionable document, and W3C could emulate it with:
I'm sorry @michaelchampion but I beg to differ. Setting aside the question of whether the USDoI is a successful vision document (one might quibble with how well the project that followed respects its claims of equality, unalienable rights, the ability to abolish government turned destructive, etc.), the list of grievances they made is notoriously exaggerated and is geared towards convincing the other British citizens of the American colonies, many of them loyal to king and country, that they ought to agree to a rather radical course of action. I don't believe that we find ourselves in a comparable situation.
We need not list grievances in order to know what good looks like. Articulating people-centric good can be done (see this or that for instance) and I agree with @wareid that a focus on hope is essential — a duty of hope, even. We're a public-interest, charitable organisation — hope is part of what we do. The grievances in the introduction are also selective (nothing about digital colonialism for example) and historically inaccurate — for instance, the web's privacy problems weren't "unintended consequences," they began with a deliberate flouting of the community's consensus by Microsoft+Netscape (the monopolists of the day).
Exact wordsmithing is hard but in general it's not necessarily hard to come up with a positive framing for what we want. One of the reasons why the capabilities approach has become central in transnational governance (despite significant cultural differences) is because it focuses on actual freedoms rather than vapourware promises. Once you start thinking about real-world impact of real capabilities for real people instead of abstract promises, where to go gets a lot clearer (especially compared with ideas about where not to go — it's a big world). To take privacy as an example, it is essential to safety, agency and engaging in practical reason, imagination and thought, affiliation, the playful exploration of self… There's no question that it belongs in a people-centric web — and these are all positive things. What does that look like? We've seen decades of the vapourware version pitched as "choice" and how thoroughly hostile to human agency this approach is has been very extensively documented. Positive people-centric privacy is contextual and intentional. Technology cannot predict in which contexts it will be used and so has to be safe by default. We don't yet know how to prevent all data from leaking, but we can get a lot closer. And then people can intentionally open things up, for instance with intentional interactions (forms), by joining a study (Mozilla Rally is an excellent example of how to collect behavioural data at scale, legally, safely, respectfully), or by making context-specific collective decisions.
None of this requires describing today's dumpster fire. These are positions that anyone working to promote human agency and informed about the state of the art would agree to.
Uhhh … “ A frank acknowledgment of how the current web fails to achieve some of those principles” is not quite the same as a list of grievances intended to be good propaganda 🤷♂️ My point is that “positive” statements without identifying actual problems they would correct don’t get anyone’s attention or motivate action. “Motherhood and apple pie!” to use the Americanism…
I’m not sure what “digital colonialism” is nor what privacy principles Microsoft and Netscape subverted. By all means propose edits that illustrate the gap between founding principles and current realities, and a positive vision of what a better web that uses those principles would look like.
Both you and James have a tendency to blame bad actors rather than unclear principles for the web’s current state. Maybe, but I suspect in 10 years it will sound as quaint to blame the Google-Apple duopoly for the web’s problems as it does to blame Netscape today.
The point here is to identify clear guiding principles for the next iteration of web development, and fix bad consequences before they take root. Being frank about some of those insufficiently clear principles and frank about the bad consequences we see today is the first step.
Both you and James have a tendency to blame bad actors rather than unclear principles for the web’s current state. Maybe, but I suspect in 10 years it will sound as quaint to blame the Google-Apple duopoly for the web’s problems as it does to blame Netscape today.
Mike, I'm sorry but claiming that we somehow didn't know 25 years ago that third-party cookies were bad or that we lacked clear principles guiding us away from them is completely revisionist. We knew. RFC2109, published in 1997, is rather unambiguous on the matter:
A user agent should make every attempt to prevent the sharing of session information between hosts that are in different domains. Embedded or inlined objects may cause particularly severe privacy problems if they can be used to share cookies between disparate hosts. For example, a malicious server could embed cookie information for host a.com in a URI for a CGI on host b.com. User agent implementors are strongly encouraged to prevent this sort of exchange whenever possible.
It's not about "blaming," it's about establishing the facts of what went wrong so that we can remedy the situation and avoid reproducing it. The web didn't become a privacy dumpster fire because people had "unclear principles." We had the principles, we didn't understand how bad it would be but the relevant standards community was acutely aware of the problem — browser vendors forged ahead anyway.
It's quaint to believe that the failure was one of missing principles, or that somehow clarifying principles today will avoid a repetition.
If you want to be frank about what went wrong, we're going to have to point out that we knew this was a problem and some specific actors decided to go ahead anyway. The principles didn't do it. But while it's important for us to understand what went wrong, I don't think that that's a useful thing to document in a vision.
I certainly agree we should establish the facts behind the web’s failures and learn from them. No, these need not be documented in the vision, but the lessons need to be applied.
I don’t know enough about the history of 3rd party cookies to be a revisionist. I suspect that the browsers used them to hack around some other problem, which predictably created, well, unintended consequences. I have no idea what the lessons here are. Would incubating a better solution for the problem they were hacking around in something like WICG have helped? Are those specific actors still around to question about what they were thinking…. Shudder, were they possibly following some guiding principles that turned out to be dysfunctional, and we should not pay lip service to them any more? (With no actual knowledge, the “move fast and break things principle” would be my first guess… hmm, should the Vision call that out as an anti-principle?)
But again the larger point is we need to be frank about these failures, not avoid them because they are “negative” and spoil the hopeful vibe of the Vision.
Regarding neutral.
See the notice that I assume @mnot as a Director and Secretary of the World Wide Web Consortium, Inc. knew about before responding to this issue stating "The antitrust guidelines don't mention neutrality".
The notice specifically filed for the purpose of "limiting the recovery of antitrust plaintiffs to actual damages" states "W3C, through its member-driven approach, will work to ... provide a neutral forum...". Emphasis added.
Whilst the 2017 Antitrust guidelines don't mention neutrality specifically the notice to the US Justice Department Antitrust Division from 12th May 2023 certainly does.
The wider impact of the notice on the Vision can be covered in issue #100.
The second and subsequent paragraphs of the introduction are negative and place obligations on W3C that are not within the mandate of a neutral technical standards body that strives to create neutral technical standards.
Three changes are needed.
Positive language
Adopt positive language. For example; rather than listing “harms” talk about attributes of safety. For example; “People must be able to decide for themselves how they safely interact with the web. Our role is to educate and provide technical standards which operate according to these choices.”
This would create a vision that could encompass technical standards in such fields as a) child safety; b) verifiable content; or c) auditable data processing. It would not, as the current language does, direct towards the limiting of interoperability and restriction of choice.
Defer to authorities
Reference the authorities that are tasked with keeping people safe. List the features of the web that we’ll develop to assist them. For example; “We create technology standards that provide people the information to verify web services follow their instructions and applicable laws.”
It is not the role of W3C to usurp the role of authorities but to assist them. If others have concerns about the trustworthiness of others or believe that some authorities are ideologically “wrong” then these are not issues for the W3C but other groups.
Neutrality
Explicitly confirm neutrality. For example; “The web browser is the user’s agent tasked with enabling interoperability and access to web services respecting instructions provided freely by the user. Technical standards for web services must be neutral and be informed by these user instructions.”
This would ensure services were created in a way that did not give the user agent vendor an advantage over other constituents. User agent vendors provide a “gate”, they do not get to be the “gatekeeper”.
It would steer us towards standards that enable the instructions people provide to their user agent to be portable, expressed in terms people can understand, and defined by anyone.
For example; a group that values privacy over all other considerations might define a set of instructions for user agents that restricts interoperability and data sharing. People would be free to use this organisation’s instructions as the starting point for their own instructions to their user agent. Publishers whose content is requested by a user agent operating under such instructions would be provided a mechanism to reject the request due to incompatibility between the user’s instructions and the publisher’s interoperability requirements. The message presented to the user would include the option to make an exception or access the content on alternative terms. In no instance did the user agent vendor need to make this choice on behalf of people or the publisher.
Conversely another organisation might define a set of instructions which allows unrestricted data sharing among web service providers where that data sharing informs personalized offers and discounts.
Note on neutrality - The W3C Antitrust Guidelines and wider applicable laws require us to be neutral even before the antirust position is bolstered as per BoD and AB issues. If others believe that we should not be neutral or that the technical standards we create should not be neutral, then that would need to be resolved before progressing this issue via clarification in revised W3C Antitrust Guidelines.