- From: Sean Harvey <sharvey@google.com>
- Date: Thu, 8 Mar 2012 17:15:30 -0500
- To: Nicholas Doty <npdoty@w3.org>
- Cc: Kevin Smith <kevsmith@adobe.com>, "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
- Message-ID: <CAFy-vueOob5sqBVDUqP4DK+gAuR8=ZkYRDx9BO5sjysPri-8kg@mail.gmail.com>
my other concern is that if the browser is "handling it" it would result in truly crazy behavior that is non-implementable for servers. Specifically, we might be forced to set cookies and then opt-out cookies repeatedly and in succession depending on whether a 0 or 1 value is present in DNT. I'm curious what alternate implementation you are suggesting. On Thu, Mar 8, 2012 at 5:11 PM, Sean Harvey <sharvey@google.com> wrote: > e.g. silo-ing is the issue here. unless silo-ing is not a requirement. > > > On Thu, Mar 8, 2012 at 5:09 PM, Sean Harvey <sharvey@google.com> wrote: > >> Thanks Nick. Please do tell me if you think I'm not thinking clearly >> about this. But regardless of whether it is being handled by the browser, >> you would still need separate cookies per "site" if the exception is >> site-specific. >> >> Example use case: I am third party ad server AdDoty (yes there are brand >> names this and more stupid in our industry) and I have a site specific >> exemption from both Yahoo and AOL. How do I differentiate this data on the >> server side, regardless of whether or not the browser is "handling it"? >> >> >> >> >> >> On Thu, Mar 8, 2012 at 5:06 PM, Nicholas Doty <npdoty@w3.org> wrote: >> >>> On Mar 8, 2012, at 11:45 AM, Sean Harvey wrote: >>> >>> > at a high level this would be new functionality in the ecosystem. >>> there is no such thing as a site-specific exemption or site-specific cookie >>> for an ad servers, etc. coming from a third party domain. >>> > >>> > i also agree that this is probably not practically implementable by >>> anyone -- one potential implementation would involve domain-specific >>> cookies in a sub-domain of the third party, but this would mean potentially >>> thousands of cookies on the client browser where previously only one >>> existed. Which does not sound like an ideal outcome. >>> >>> Sorry, I'm not sure I understand here. As proposed, the >>> user-agent-managed site-specific exception would be handled by the browser >>> (choosing when to send DNT:0) rather than asking the ad server or other >>> third-parties to create separate cookies to manage that state for each >>> first-party site. Right now when an ad network receives a request from a >>> browser that has an opt-out cookie for that network, it has to use a >>> different behavior (not showing a targeted ad) no matter what the >>> first-party site is, right? Can these site-specific exception headers >>> prompt per-request behavior in the same way that an opt-out cookie does? >>> >>> Or is the concern that site-specific exceptions would require siloing of >>> data and that requires different cookies for each first-party site? >>> >>> My take on Vincent and Kevin's question: Do first-party publishers get >>> any indication from the user or the third-party that the user has an >>> opt-out cookie installed and is potentially generating less revenue for the >>> publisher? >>> >>> Thanks, >>> Nick >> >> >> >> >> -- >> Sean Harvey >> Business Product Manager >> Google, Inc. >> 212-381-5330 >> sharvey@google.com >> > > > > -- > Sean Harvey > Business Product Manager > Google, Inc. > 212-381-5330 > sharvey@google.com > -- Sean Harvey Business Product Manager Google, Inc. 212-381-5330 sharvey@google.com
Received on Thursday, 8 March 2012 22:15:59 UTC