- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 3 May 2016 20:21:22 +0100
- To: "'Joseph Lorenzo Hall'" <joe@cdt.org>
- Cc: "'Christine Runnegar'" <runnegar@isoc.org>, "'public-privacy \(W3C mailing list\)'" <public-privacy@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Joe, I just posted it on the TPWG list so let us see. https://lists.w3.org/Archives/Public/public-tracking/2016May/0000.html - -----Original Message----- From: Joseph Lorenzo Hall [mailto:joe@cdt.org] Sent: 03 May 2016 19:03 To: Mike O'Neill <michael.oneill@baycloud.com> Cc: Christine Runnegar <runnegar@isoc.org>; public-privacy (W3C mailing list) <public-privacy@w3.org> Subject: Re: ad-blocker detection scripts On Mon, May 2, 2016 at 6:38 AM, Mike O'Neill <michael.oneill@baycloud.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The ePrivacy directive became law in 2002 and originally required the “right to refuse” access to storage held within the “private sphere” of your device or browser. One reason it was drafted like that was an attempt to cover future privacy challenging technologies and practices. It obviously already covers malware delivery and tracking cookies, and has since been taken (by the DPAs) to also apply to fingerprinting. Some people in the European Commission (though significantly not the Justice department) seem now to say it applies to AdBlocker detection > > The rule on storage was amended in 2009 to require opt-in consent (“freely given, explicit and informed” as defined in the 1995 Data Protection Directive). > > History has shown that opt-out consent does not work (e.g. AdChoices), while giving people real choice (e.g. AdBlockers) really can. Even though companies defy the law in Europe (and everywhere ignore clear indications of user preference i.e. DNT), they cannot stop the explosion of AdBlocker use. They are now in a technological arms race they have no chance of winning. > > The trouble with AdBlockers is that they can be indiscriminate, damaging the web experience. Some of them block urls referenced in blacklists, and the lists are often arbitrarily assembled with many false positives and negatives. If components of a web application are independently blocked then the application can break. To fix this, web applications should be able to detect their presence, but not so they make the user “take-it-or-leave-it” on whitelisting (which will definitely be illegal in Europe under the GDPR in 2 years’ time), but in order to better understand and respect their preferences. > > What is needed is a standard machine readable way for server to declare what choices they offer users over ads, in a similar way to how they should declare tracking practices. If a server does not make a declaration, or ignores a user’s preferences, the adblockers (or browsers) can block them. Thanks, Mike. Always thoughtful! Do we see an appetite for this at TPWG or somewhere else? I think even just laying out the case for a standard here in terms of disarming the arms race could be useful. > We already have the building blocks for this in DNT e.g. the Tracking Status Resource, we should discuss how we can extend them. > > Mike > > > > From: Joseph Lorenzo Hall [mailto:joe@cdt.org] > Sent: 29 April 2016 14:26 > To: Christine Runnegar <runnegar@isoc.org> > Cc: public-privacy (W3C mailing list) <public-privacy@w3.org> > Subject: Re: ad-blocker detection scripts > > So, is this essentially arguing that the EU will require affirmative, opt-in consent for running any dynamic content? That doesn't seem wise. > It strike me that not all ad-blocker detection need to be done via scripting. E.g., the traditional web-beacon model of crafting the page with a personalized image URL and detecting if that asset was loaded could be a method to detect blocking of certain domains without accessing any persistent state in the UA. > Although maybe I'm misunderstanding this? best, Joe > > On Fri, Apr 29, 2016 at 9:08 AM, Christine Runnegar <runnegar@isoc.org> wrote: > Hello all. > > In the context of our draft Group Note on Fingerprinting Guidance for Web Specification Authors [1] and general Web privacy mandate, it might be worthwhile to discuss the specific issue of sites running scripts to detect the presence of ad-blockers/tracking blockers. This issue was recently highlighted in a tweet from Alexander Hanff and picked up by various media sources, including this article in the Register: > > http://www.theregister.co.uk/2016/04/23/anti_ad_blockers_face_legal_challenges/ > > Christine > > [1] https://www.w3.org/TR/fingerprinting-guidance/ > > > > - -- > Joseph Lorenzo Hall > Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] > 1401 K ST NW STE 200, Washington DC 20005-3497 > e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key > Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using gpg4o v3.5.54.6734 - http://www.gpg4o.com/ > Charset: utf-8 > > iQIcBAEBAgAGBQJXJy4OAAoJEOX5SQClVeMPPgsP/jV4OwEHYSXdodcLqC6F2e/I > EDqG3TpqciFtuT5fExRiXkj565GnHnLD5eRULxP7KVa7Z7sNqV/GRr/I+jJ+tGnZ > EpaqCsSOnIl9q16ZE0pACub7eA9v5pDM/dc7p6whZD7/XEDI1a6pCyWz8Dijbuvo > 3Iz0DB94Hi0oyAz8sG0k/fbNofw9kKL9Ct0EJ4X5XKJoOyKRIoV5N9NerAaG6DxW > Fv0Lr5+h6eZ+A5GBroA5u/DFryKQfyM9GuSAFDkmFsDkzK7ooWDlltwbOOI+hVZj > Y40C/P2vRqQnnYENPmBDXwM0E7kKC6jPNjSXDCTaL6UcQbYAUH/+yLlINmqwh1Wo > 1MaO+Y4xbuaXyAvvi8WMN9Vwm9gJNw2Vu8A16spViJiOpk7Trp3vDJ+c92qw4LVd > /YD6S91WfFlsLAKMCEXaaJk+mJqQsOQ274gHEBV8I0lNZjfPfe+u2lX9HPHUvRYO > LmglstbrZrTF3fXf2/y8khWLoV8UNPWKUh+Zz6kbj3ijMlk5UxmxQMmwMwve/6yu > 8lbZqZLOZS7z3722OR3CgUYl9uHBz2G/xDs8lMRZYOjpU86ugc68XcJbpYiQoSTp > qSh3fNMRmUqt71uWwdS+ANFC1p4e8vVFw9UwNNTlsNJbhKLV0ysnZluBGq01r3H8 > uvDJUbx7Kl9K2bwLMYjk > =0ySC > -----END PGP SIGNATURE----- - -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using gpg4o v3.5.54.6734 - http://www.gpg4o.com/ Charset: utf-8 iQIcBAEBAgAGBQJXKPoxAAoJEOX5SQClVeMPGTEP/1andpv3EUXYv46Q++LqHL1C Lt0TlVYXjLu+aUXCbkZNPLl9VEq8XBBCIM6PQNOWfbCwtrZeMMrEcLo92O9Fd2/c 3ZaYD4wmsE2onwDiKvOtJM4bA88qGTQ6mA+u4V7hGhCF2wLYxfH7Vzt2m9+hW90Z vuQjTJ1mCij02wlbG55sL0EaVy9PeRaNY2tA+M1ehim5gZ8ZgldWz9BMpOaSxr8G 9zGzsAaoBAUt0AfY1icf0yS4430R3Pt0Pr+OGjZSg4x9B/HktEY7KwSO8EfgryVg j5bCAX8su4Ht4msrX44KzmP0I9vexrk6UIIzL/eO3XnI4C3EqX/o01g1Ld6CWOVT 89MQNfBDOeEUNrmQ/mhgEh6WV2W4dDbN/O7Lnw/FbxQt/K/hbFJ8x8KmtOsfbtkP iNBU7G76XqsJdmXqHs42SzpNC6k4bcq9HP36JI2dV1nUh9nEsp6IjXb73b79X2qm VVLtmyKAsZWiT/dsA/ClB2XsnyMIJ333vNxOLTF2oUN8eKhLHJakKJ3umDzMjgp4 a/zyElG5wxfwf7eP/AlGefWd2kwhIP9Fyf4QEYbcu9+Z+vO8qhAmd7vY7mzKriHj yeP8aJHJuXd02Jz/spN9AmtboPfHeo3GEJo6DYrQctENVwVMM6PSZHdwHLd3mxPx pPxBSxYPKbeoeWuXNnEJ =aLVW -----END PGP SIGNATURE-----
Received on Tuesday, 3 May 2016 19:21:52 UTC