W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

RE: [Issue-5] [Action-77] Defining Tunnel-Vision 'Do Not (Cross-Site) Track'

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 8 Feb 2012 22:59:36 -0800
To: Lauren Gelman <gelman@blurryedge.com>, "Roy T. Fielding" <fielding@gbiv.com>
CC: David Singer <singer@apple.com>, John Simpson <john@consumerwatchdog.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D0C8ACC36@SP2-EX07VS02.ds.corp.yahoo.com>
Lauren,

3rd parties, such as ad networks, are required to retain referrer information to demonstrate "Ad Quality" placement to advertisers.  This supports multiple critical business operations:

- Placement Accuracy:  Advertisers are paying the ad network to only show their ads on respectable publishers and want confirmation this is occurring (this data is typically provide to advertisers in an aggregate report - aggregated on the domain dimension with impression/click counts - no individual user data)
- Fraud:  Some publishers attempt to hide ad displays and/or participate in multiple ad networks simultaneously to increase revenue but not impact the user experience.  The referrer helps ad networks highlight suspicious publishers for further investigation to determine if they are engaging in these activities.

I hope this helps.

- Shane

-----Original Message-----
From: Lauren Gelman [mailto:gelman@blurryedge.com] 
Sent: Monday, February 06, 2012 9:18 PM
To: Roy T. Fielding
Cc: David Singer; John Simpson; public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: [Issue-5] [Action-77] Defining Tunnel-Vision 'Do Not (Cross-Site) Track'


Can you give me an example of a 3rd party site that needs referer info for billing/audit/fraud?  

Referrer data is used to tell me where a user is coming from.  If I'm Macys and a DNT:1 user arrives on my site because they clicked on an ad on NYT.com then I am a first party.  I get to know referrer info and can credit NYT with the click.

What is the use case where I'm a third party and I need to know where a user is coming from.  If I'm a Macys ad just sitting on NYT, and a DNT:1 user visits the site, why would referrer info [where the person was prior to arriving at NYT] be passed to me?  If I am an ad server, why do I need that info to do an audit?  They can't sell an ad into that spot based on where the user came from for a DNT:1 user, right?

> We are already limiting data collection to the site operator
> and data processors contracted by that site, but "site" in
> that case includes third-party services.

I am not sure what this means.  I thought "the site" and "third party services" were distinct entities (however they end up being defined).


On Feb 2, 2012, at 7:16 PM, Roy T. Fielding wrote:

> On Feb 2, 2012, at 4:24 PM, Lauren Gelman wrote:
> 
>> Can you limit the sites who would be required to keep it for audit purposes to only first parties or their service providers?
> 
> I don't think we can anticipate what sites are required to
> keep data for auditing purposes, especially since many of
> the third-party sites are auditors.  Why does it matter,
> assuming they aren't allowed to share the data or use it
> operationally (to target or modify responses)?
> 
> I think it is more effective to place limits on retention
> in user-identifiable form, since auditors generally do not
> want to retain the raw data anyway unless it has been detected
> as likely fraudulent.  Another possibility is to only
> allow pair-wise retention of referral data, meaning that any
> user-identifiable data in the record is hashed with something
> unique to the referring site, or stored separately per site,
> such that it is difficult to correlate them.  And note that
> this would only be for sites that *need* to retain this
> information for billing/auditing/fraud control -- it is not
> a general exception.
> 
> We are already limiting data collection to the site operator
> and data processors contracted by that site, but "site" in
> that case includes third-party services.  I am assuming that
> companies like
> 
>  http://www.linkshare.com/
> 
> are at least capable of siloing data per contract (destination site).
> I do not know if they do so already.  I doubt that a first party
> would ever willingly share referral data with anyone else, aside
> from aggregate forms (like in marketing reports).
> 
> ....Roy
> 

Lauren Gelman
BlurryEdge Strategies
415-627-8512
gelman@blurryedge.com
http://blurryedge.com
Received on Thursday, 9 February 2012 07:00:41 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC