W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

RE: Today's call: summary on user agent compliance

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 13 Jun 2012 11:30:04 -0700
To: Geoff Gieron - AdTruth <ggieron@adtruth.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, "Roy T. Fielding" <fielding@gbiv.com>
CC: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D18786560@SP2-EX07VS02.ds.corp.yahoo.com>

I appreciate your perspective and believe that you should have the right to choose (or not) to honor the DNT signal from a non-compliant UA.  It will interesting to see if your clients agree with your position.  That said, it should be an equal option for a different Server from your own to choose otherwise.  Similarly some in industry will choose to use cookies that have open and accessible controls to filter and/or block, or they will choose to leverage your digital fingerprinting technology which avoids much of user control.  In the case of a non-compliant UA, as long as the result of the transaction is fairly and transparently conveyed to the user, then the user is able to make their own choices from there.

- Shane

-----Original Message-----
From: Geoff Gieron - AdTruth [mailto:ggieron@adtruth.com] 
Sent: Wednesday, June 13, 2012 2:16 PM
To: Shane Wiley; Bjoern Hoehrmann; Roy T. Fielding
Cc: public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: Today's call: summary on user agent compliance

Shane and Everyone -

I have been following this conversation closely and while I personally am
not a fan of MSFT's decision to implement DNT on by default - to make them
generally not compliant or ignored is going to create a much bigger issue

Much like Safari default's to 3rd party cookie's off right out of the box
- as a declared safety measure to consumers - this will simply be how
Microsoft will position itself to consumers.  To try to create exceptions
or detection of who set what will ultimately make this initiative a
failure.  If the signal comes through as DNT:1 it should be adhered to if
we intend on DNT being the right solution and standard for consumers.
There is far too much risk in promoting a privacy standard where a user
believes they are not going to be tracked, but the industry opts to
collectively ignore their preference due to the actions of the browser
maker that they are using.  Today is someone is looking for a browser that
doesn't allow 3rd party tracking they turn to Safari - so why would it be
far fetched to think that if the user wants to use IE because they know
that they will automatically not be tracked?  If they wish to use another
browser - they have Chrome, Opera and FF available on desktop and on
Mobile they have more than 30 additional options.

Whether or not we personally agree with the decision by MSFT is not
relevant to the overall goal of making DNT a standard, educating
users/consumers what it means and how to turn it on or off.

Ultimately MSFT will have to deal with the economics or loss of
marketshare when the potential of paywalls come up to help compensate
sites that are unable to derive benefit from higher CPM'd ads that are
targeted and need to ensure that users compensate them for use of their
content.  I know that personally if I were using a browser because it
touted default privacy controls, but yet noticed that the internet was no
longer free - as a consumer, I would look to 1) change this setting to
DNT:0 or 2) download and use another browser.  These are the basic
fundamentals of a free market - let the consumer decide, as the consumer
will ultimately be given their choice and will have to decide on whether
their setting result in paying for content that was once free or supplying
3rd parties tracking data to allow for free content.

As an enabling technology vendor focused on ensuring we pass to our
clients the right signal, we cannot second guess who made the decision of
the DNT setting and who made it (especially given how many mobile browsers
allow for a lot of UA manipulation) - we must simply accept this as the
active choice of the user whether they selected it themselves actively or
passively by choosing a browser with this default on.  Once we begin to
focus on exceptions, the spirit of a simple on/off for a consumers becomes
too muddied and their faith in our ability to protect their privacy will
be shattered and likely the faith of the FTC or other regulatory or
government entities believing that self-regulation can indeed work.

Geoff Gieron
Director of Global Operations and Compliance

O:   +1.480.776.5525
M:   +1.602.418.8094

Subscribe to the AdTruth Blog <http://blog.adtruth.com/>

On 6/12/12 8:59 PM, "Shane Wiley" <wileys@yahoo-inc.com> wrote:

>I appreciate that you, as a site owner, do not want that option to
>legitimately call out non-compliant UAs to users.  That is your choice as
>a site owner and you could choose to honor invalid DNT signals.  As W3C
>standards are voluntary and the goal is typically to develop a standard
>that is broadly adopted (otherwise why develop a standard in the first
>place?) then the working group should look to those among us that would
>actually be implementing the W3C version of a DNT standard at scale to
>get their perspective.  I believe many of us that represent 3rd parties
>ourselves or work directly with a large number of 3rd parties the
>standard is aimed at are telling the working group that we'd like a
>response code to notify a user that we'll not be honoring DNT signals
>from non-compliant UAs and provide them with options outside of their
>current UA to exercise choice.  The continued discussion of possible
>regulatory compliance is our issue to content with - not the W3C's issue.
>If the TPWG would like to achieve a broadly implemented standard then an
>invalid UA response code should be added to the TPE.  All debate of
>whether servers are "appropriately" sending this signal can be held in
>public view once the standard is implemented in the real world.  Forcing
>Servers to honor invalid DNT signals will ensure nearly no one ever
>implements this standard.  If that's the outcome the working group wants
>then we should stop work on the standard now and save everyone travel
>budgets on the face-to-face to Seattle (why build something no one will
>use).  I've yet to hear from a single organization that is the subject of
>the W3C's version of a DNT standard (a 3rd party - typically an ad
>network) to say they'd be willing to move forward with this standard if
>they were forced to honor non-compliant UAs (outside of assuming MSFT :-)
>If I'm wrong, could a legitimate 3rd party please chime in to tell me so?
> If not, could we please add an "invalid UA response code" to the TPE
>response list ("pending review") and we can move forward to other
>Thank you,
>-----Original Message-----
>From: Bjoern Hoehrmann [mailto:derhoermi@gmx.net]
>Sent: Tuesday, June 12, 2012 10:14 PM
>To: Roy T. Fielding
>Cc: public-tracking@w3.org (public-tracking@w3.org)
>Subject: Re: Today's call: summary on user agent compliance
>* Roy T. Fielding wrote:
>>I think you are missing the point.  The DNT signals do not matter if
>>the UA's implementation is broken.  A site can choose to do anything
>>it wants, including denying all service, provided that what it chooses
>>to do is consistent with other claims it has made to this user.
>I think I understand the point, but as a site owner I do not want the
>option to "second-guess" DNT signals, and as a user I do not want any
>site to "second-guess" DNT signals I might be sending, within the con-
>fines of "conforms to the DNT specifications", including that I do not
>want sites to tell me something meaningless like "If you send DNT:1 we
>won't track you, unless we think you might not really mean 'DNT:1'".
>My concern here is about "authority". If the DNT specifications say the
>W3C will publish, say, a list of User-Agent headers that can or must be
>used to filter out broken signals, I'll not complain. But if individual
>sites get to decide which DNT signals are broken, then I will complain.
>Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

The information contained in this e-mail is confidential and/or proprietary of AdTruth. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains, please e-mail the sender immediately and delete this message from your system.
Received on Wednesday, 13 June 2012 18:31:02 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:51 UTC