W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: User intended interactions [1st & 3rd Parties]

From: Karl Dubost <karld@opera.com>
Date: Mon, 14 Nov 2011 17:09:17 -0500
Message-Id: <6307D49C-8005-4CC3-8068-3AFB2FE458E5@opera.com>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Tom Lowenthal <tom@mozilla.com>, "public-tracking@w3.org" <public-tracking@w3.org>
To: Vincent Toubiana <v.toubiana@free.fr>

Le 12 nov. 2011 à 09:21, Vincent Toubiana a écrit :
> I think the point here  - and the big difference with example 11 -  is that the user knows that he'll go through "bit.ly" redirection 

Is it always true?
There are cases the user just doesn't know.

1. clicking on a pattern <a><img/></a>
   the image doesn't necessary gives an insightful hint on the link we are about to click
2. just not understanding that bit.ly is  a redirection service.
3. Multiple redirections.
   Let's say I retweeted something from someone
   "tracking protection WG home page http://t.co/t9CdCBEb #test"

curl -sI http://t.co/t9CdCBEb

HTTP/1.1 301 Moved Permanently
Date: Mon, 14 Nov 2011 22:05:49 GMT
Server: hi
Location: http://bit.ly/vz5OpK
Cache-Control: private,max-age=300
Expires: Mon, 14 Nov 2011 22:10:49 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

Ah a Location header let's explore

curl -sI http://bit.ly/vz5OpK

HTTP/1.1 301 Moved
Server: nginx
Date: Mon, 14 Nov 2011 22:06:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: _bit=4ec190d3-00041-06ef4-271cf10a;domain=.bit.ly;expires=Sat May 12 22:06:11 2012;path=/; HttpOnly
Cache-control: private; max-age=90
Location: http://c8l.ca/1gf
MIME-Version: 1.0
Content-Length: 109

Ah yet another one

curl -sI http://c8l.ca/1gf

HTTP/1.0 301 Moved Permanently
Date: Mon, 14 Nov 2011 22:07:05 GMT
Server: Apache/2.2.8 (EL)
X-Powered-By: PHP/5.2.6
Set-Cookie: bb2_screener_=1321308425+; path=/
Location: http://www.w3.org/2011/tracking-protection/
Content-Length: 160
Connection: close
Content-Type: text/html; charset=UTF-8

Finally the link. What is my user consent in all these redirections. They just happen because the HTTP protocol is designed like this. The social networks and mobile usage have increased a lot these interaction patterns lately. The mechanism was not really built for this at the origin.

All these intermediaries have some capabilities of tracking. 

Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software
Received on Monday, 14 November 2011 22:09:58 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC