Re: ACTION-174: Write up implication of origin/* exceptions in EU context from David Singer on 2012-06-06 (public-tracking@w3.org from June 2012)

From: David Singer <singer@apple.com>
Date: Wed, 06 Jun 2012 15:42:03 -0700
To: Rigo Wenning <rigo@w3.org>
Cc: Ninja Marnau <nmarnau@datenschutzzentrum.de>, public-tracking@w3.org
Message-id: <CB8D94BB-3ED2-4C98-B8FA-E3043A09E161@apple.com>

On Jun 6, 2012, at 11:32 , Rigo Wenning wrote:

> Ninja, 
> 
> On Wednesday 06 June 2012 17:28:48 Ninja Marnau wrote:
>> Rigo, I do not see where I state that ad hoc advertisement in
>> general is  illegal. All of these thoughts refer to tracking and
>> building profiles.
> 
> I was talking about advertisement _Auctions_, not ad hoc 
> advertisement. The nature of an auction is that you don't know 
> beforehand who will take the market. This means you can't know all 
> the third parties at the time of creation of your service, not even 
> on the first round of request/reception of the page.

Ah, this is illuminating, thank you.

OK, the TPE has the open issue of what to say about HTTP re-directs.  Reading this email, the UA may be the wrong place to handle this, and that may be the wrong question.

Thinking out loud here, perhaps a third-party receiving a DNT:0 'may' pass on the 'permission' to a server it re-directs to, if it wishes?  That might be better than a general rule on re-directs (which I was having a hard time formulating, as re-directs are used for so many purposes).

So, for example, a request

GET http://ads.example.com/chocolate-ad
DNT: 0

might get this HTTP response
302 Moved Temporarily
Location: http://ads.foodies.com/deepdarkdangerous-chocs?dnt-status=0

and then, by the user-agent (presuming foodies.com is not on the user-exception list)
GET http://ads.foodies.com/deepdarkdangerous-chocs?dnt-status=0
DNT: 1

might get the response
200 OK
tk: 3;qrst

(I could wish that this response answered the basic question, "am I being tracked?", but it doesn't, so…)

and the well-known resource 
http://ads.foodies.com/.well-known/dnt/qrst

indicates (among other things)
"response": "tp"

(indicating that tracking is occurring due to prior consent;  though we might want a better letter-code than 'p' here to indicate that the consent was passed on)



Would that serve the case?


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 6 June 2012 22:42:49 UTC