Re: ACTION-174: Write up implication of origin/* exceptions in EU context ISSUE-112 from Rigo Wenning on 2012-06-07 (public-tracking@w3.org from June 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 07 Jun 2012 11:12:58 +0200
To: David Singer <singer@apple.com>
Cc: Ninja Marnau <nmarnau@datenschutzzentrum.de>, public-tracking@w3.org
Message-ID: <12754369.EYXyeWdmtb@hegel.sophia.w3.org>

David, 

thanks for this clean write-up of the issue

Resending as I think this is related to ISSUE-112 as it also relates 
to the question on whether we list all the third parties or only the 
known third parties. 

Obviously, given the below, I'm of the opinion that we should only 
require the listing of the known third parties. 

Rigo

On Wednesday 06 June 2012 15:42:03 David Singer wrote:
> On Jun 6, 2012, at 11:32 , Rigo Wenning wrote:
> > Ninja,
> > 
> > On Wednesday 06 June 2012 17:28:48 Ninja Marnau wrote:
> >> Rigo, I do not see where I state that ad hoc advertisement
> >> in
> >> general is  illegal. All of these thoughts refer to tracking
> >> and building profiles.
> > 
> > I was talking about advertisement _Auctions_, not ad hoc
> > advertisement. The nature of an auction is that you don't know
> > beforehand who will take the market. This means you can't know
> > all the third parties at the time of creation of your
> > service, not even on the first round of request/reception of
> > the page.
> 
> Ah, this is illuminating, thank you.
> 
> OK, the TPE has the open issue of what to say about HTTP
> re-directs.  Reading this email, the UA may be the wrong place to
> handle this, and that may be the wrong question.
> 
> Thinking out loud here, perhaps a third-party receiving a DNT:0
> 'may' pass on the 'permission' to a server it re-directs to, if
> it wishes?  That might be better than a general rule on
> re-directs (which I was having a hard time formulating, as
> re-directs are used for so many purposes).
> 
> So, for example, a request
> 
> GET http://ads.example.com/chocolate-ad
> DNT: 0
> 
> might get this HTTP response
> 302 Moved Temporarily
> Location:
> http://ads.foodies.com/deepdarkdangerous-chocs?dnt-status=0
> 
> and then, by the user-agent (presuming foodies.com is not on the
> user-exception list) GET
> http://ads.foodies.com/deepdarkdangerous-chocs?dnt-status=0 DNT:
> 1
> 
> might get the response
> 200 OK
> tk: 3;qrst
> 
> (I could wish that this response answered the basic question, "am
> I being tracked?", but it doesn't, so…)
> 
> and the well-known resource
> http://ads.foodies.com/.well-known/dnt/qrst
> 
> indicates (among other things)
> "response": "tp"
> 
> (indicating that tracking is occurring due to prior consent; 
> though we might want a better letter-code than 'p' here to
> indicate that the consent was passed on)
> 
> 
> 
> Would that serve the case?
> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.

Received on Thursday, 7 June 2012 09:13:25 UTC