W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996


From: Paul Leach <paulle@microsoft.com>
Date: Tue, 9 Jul 1996 15:38:04 -0700
Message-Id: <c=US%a=_%p=msft%l=RED-77-MSG-960709223804Z-17460@tide21.microsoft.com>
To: 'IETF HTTP Working Group' <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1062
Jeff Mogul and I valunteered to write up a draft on simple demographics
-- not the be-all and end-all, but something that would be enough to get
an appreciable number of content providers to stop sending cache-busting

It is alleged that some advertisers want to pay content providers, not
by the "hit", but by the "nibble" -- the number of people who actually
click on the ad to get more info.

Now, HTTP already has a mechanism for doing this: the "Referer" header.
However, it is normally disabled for privacy reasons -- according the
the spec
	"Because the source of the link may be private information
	or may reveal an otherwise private information source, it is
	strongly recommended that the user be able to select whether
	or not the Referer field is sent."

In the case of ads, the source of the link _really wants_ to let the
referred-to page know where the reference came from.

Suppose we augmented to semantics of the Referer header so that, if it
is used as a _response_ header (it is currently just a request header),
it means that the server requests that a referer header is sent on any
link followed from this page. If the user wishes to browse without
leaving any trail of where they came from, they could override this, of
course -- but I'm thinking that we would recommend AGAINST this, for the
following reason:

If one doesn't do some such thing as sending Referer, then I imagine
that what content providers would do is have the URI that is the target
of the link be unique to the content provider, so that the advertiser
can tell which content provider is the source of each hit. So, all that
turning off Referer does is cause cache-busting behavior.

What I'm looking for are comments on the privacy concerns with such an
Paul J. Leach            Email: paulle@microsoft.com
Microsoft                Phone: 1-206-882-8080
1 Microsoft Way          Fax:   1-206-936-7329
Redmond, WA 98052
Received on Tuesday, 9 July 1996 15:51:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:17 UTC