W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: Redirect chains and DNT:0 / Exception:* (ACTION-146 re ISSUE-111)

From: イアンフェッティ <ifette@google.com>
Date: Wed, 21 Mar 2012 05:51:59 -0700
Message-ID: <CAF4kx8d-a5_HC0Gj4HbqonHdwFR_jxioAUucU6CU=0AmdnjT_A@mail.gmail.com>
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
I will also say I think this same argument holds for ACTION-147. I think at
the core of my concern is that I don't think it's actually useful in
practice to grant exceptions to some enumerated list. I think it should be
a binary (third parties on this site get an exception en-masse [ "*" ] or
they don't).

To be useful to the website, you want to know whether your site is going to
work. (And please don't get into the rathole argument of "but I use lynx"
or "I have JavaScript disabled" -- we're talking the common use cases
here.) If you are getting DNT:1 and you want to request an exception for
third parties, presumably you will do something different if you don't get
the exception. (Show different ads, request payment, block access, who
knows.)

It's not clear to me what we are all expecting "request an exception to
do". Some people seem to be interpreting it as "check a user's pre-defined
list for exceptions", others interpret it as "ask the user with some
prompt." I think this needs to be understood if a site is to figure out how
they are to request exceptions. The notion that you might try to enumerate
some subsets is perhaps plausible (if still unlikely) in the case that no
UI is generated, but if UI is generated, you've probably only got one shot.

As an example, let's say you want to request an exception for Facebook and
Google+ because you use their widgets, as well as your ad network. The user
objects to one of these. What are you supposed to do? Especially if you're
requesting an exception for N third parties, you've now got 2^n
enumerations to try? Ouch. Unless you know which the user objected to,
you're SOL (and knowing which the user objected to also has implications on
the UI).

The other option would be to request serially, but this would also be a
giant PITA.

In short, I don't think requesting exceptions for an enumerated list makes
sense. I think it ought to be "I request exceptions for third parties on my
page" Y/N.

-Ian

2012/3/21 Ian Fette (イアンフェッティ) <ifette@google.com>

> Upon reflection, this is probably just further discussion for ISSUE-111. I
> also can't seem to find the canonical text that ISSUE-111 is proposing.
> That said, my understanding of the proposal is essentially allowing for
> negotiation of (on this site, X can track me) where X is a single third
> party, list of third parties, or all third parties.
>
> My main concern is that, as a website author, you may include ads from a
> given ad network (be that doubleclick, yieldmanager, adecn, or whatever)
> but have no idea what other third parties those ad networks syndicate to.
> You want higher quality ads on your site (which presumably translates to
> more revenue for the site), so you request an exception for the third party
> ad network you use directly. But, you have no idea, in the presence of
> syndication, what the final ad provider will be, so you have no way of
> requesting an exception.
>
> It seems like the only meaningful thing is to request *, at which point I
> wonder why we're making this so complicated, rather than just two options
> -- "I request an exception for myself" vs "I request an exception for
> myself and third parties on my page."
>
> -Ian
>
Received on Wednesday, 21 March 2012 12:52:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC