W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: ISSUE-111 - Exceptions are broken

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 08 Mar 2012 09:47:18 +0100
To: public-tracking@w3.org
Cc: Kevin Smith <kevsmith@adobe.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>
Message-ID: <2265461.Mp0iJSSum1@hegel.sophia.w3.org>
Kevin, 

in order for the chain to work, is the full profile of the user exposed to all 
other parties? 

Imagine I have first party A, ad-service B, auction service C, marketeer D. 
Imagine we have other sites X,Y,Z. So A is my first party and has privileges. 
A uses B for adds. B queries me as a user to get an exception for targeted 
ads. I grant that to B. Now B records my visits to X,Y,Z. B knows much about 
me. In order to get the right ad to me, is B no obliged to send my entire 
profile to C and/or D. Or is it rather that B is saying: "I have a user with 
categories F, U and D on site X, who wants to send an ad?"

So the exception means that B can collect data. Does it mean that B can spawn 
to anybody else? In a US context, there are no rules, thus no limitations. So 
once you've given data to B, the bucket is broken and the water flows out. 
This is an inherent problem of data protection in an unregulated environment. 
So exception as in DNT=0 means that you give data to B and B does whatever. 
DNT can't help with that unless we make a DNT=3 that says: "I collect your 
data but I will handle it responsibly" meaning giving only aggregated data to 
third parties. 

In the EU, we are in a regulated environment. There, the exception is scoped 
by the interaction and its implicit purpose. So by the exception mechanism, B 
would acquire the right(consent) to establish a profile and keep data. But C 
and D would acquire information from B for the auction and the serving of an 
advertisement. Once the auction is done and the advertisement was served, the 
purpose is exhausted. Further disclosure or processing would need a new 
permission. But the permission was only given to B and not to C or D. This 
way, there is no hole in the bucket. (simplified, ask Rob for the nasty 
details)

In all cases, the exception mechanism works and brings benefit to consumers 
and industry alike. So IMHO you just stumbled over the hole in the bucket in 
unregulated systems.

Best, 

Rigo


On Wednesday 07 March 2012 10:02:06 Kevin Smith wrote:
> In planning a response to this thread, I think I may have run into a snag
> which breaks exceptions completely, both using an * and listing sites
> individually.  I hope I am overlooking something or that the group has
> already worked through this and I missed it.
> 
> THE PROBLEM
> 
> The fundamental concepts behind DNT are that the user can choose whether or
> not a site can track them and the site can choose what content to show to a
> user that it cannot fully monetize.  As far as I can tell, exceptions will
> not work at all because it does not allow for either of these to happen. 
> Consider the following path shown in the attached image where the
> publisher's ad server redirects to an SSP which redirects to an Ad Exchange
> which redirects to the Advertiser's Ad Server.  In this case there is a 1st
> party, and 4 3rd parties (and believe me, this is a fairly simple ad path -
> the possibilities are nearly limitless).
> 
> The problem is that an exception would apply to the 1st party site and the
> 3rd party that is included directly on that 1st party site (in this case
> Publisher's Ad Server).  If the exception does not extend to the remainder
> of the chain, then the exception is worse than worthless because the 1st
> party cannot actually monetize the visitor the way it thinks it can.  It
> will think it can serve a targeted ad, but it will actually serve a house
> ad or random ad.  It will make its decision on inaccurate information
> 
> EXAMPLE
> 
> * With DNT:0, the ad request moves through the chain shown and returns a
> targeted ad for which the publisher is paid $x. * With DNT:1, the ad cannot
> be a targeted ad so the publisher's ad server chooses to go to a completely
> different ad network and shows a completely random ad for which the
> publisher is paid $y. * $y is much smaller than $x (obviously the publisher
> makes more money when it shows a targeted ad than when it shows a random
> ad) * Now, let's assume that this user has granted an exception for the 1st
> party site and the 3rd party ad server.  The 1st party site receives a
> DNT:0 and the ad server receive a DNT:0 and the site is going to assume it
> can make $x and will show the content which corresponds to this decision. 
> However, once the request hits the 2nd stop in the chain (the ssp in this
> case), those services receive DNT:1, the process is short circuited, and a
> random ad, or even a house ad, ends up being shown. * The publisher thought
> it was making $x, but it made $y and gave its content away for much cheaper
> than it expected.
> 
> So to recap the problem, using any of the exception models we have discussed
> so far, there is no way to ask the user whether they are willing to grant
> an exception to the entire chain (especially since the chain may be
> completely dynamic and change on a per request basis).  Even with an *,
> meaning that the exception applies to all 3rd parties on the 1st party
> site, that exception would still not be applied because the 1st party never
> makes a request to most services on the chain (the ssp is requested from
> the ad server, not the 1st party).  So, unless the browser automatically
> carries on the exception header, I cannot think of any way to get the
> exception to cover the entire advertising chain which means it will not
> work.  So, exceptions are broken.  What am I missing?
> 
> -kevin
Received on Thursday, 8 March 2012 08:47:49 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC