W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: explicit-explicit exception pairs

From: イアンフェッティ <ifette@google.com>
Date: Mon, 30 Apr 2012 18:24:37 -0700
Message-ID: <CAF4kx8daT1+7WXmL_4Ox_2RJzm4mY306SRFZEYKFF2VxSy1+Xg@mail.gmail.com>
To: Jonathan Mayer <jmayer@stanford.edu>
Cc: Tom Lowenthal <tom@mozilla.com>, Nicholas Doty <npdoty@w3.org>, public-tracking@w3.org
Yes. My assumption was that if DNT only had site-wide exceptions, it would
be trivial for you to know if everything on your site was covered by a
site-wide exception. If instead users can pick and choose, then you know
either "i have no exception and should ask if i want one" / "i have a
site-wide exception" / "i have no clue, some part of me has an exception
but whether that's sufficient for me or not I don't know so now I have to
poll, and for privacy maybe I don't even get to poll for specific things so
who knows". The latter necessitates polling as you can't reasonably list
all the third parties that have exceptions in the request headers.

-Ian

On Mon, Apr 30, 2012 at 6:09 PM, Jonathan Mayer <jmayer@stanford.edu> wrote:

>  Ian,
>
> Could you unpack your reasoning in "[the] existence [of explicit-explicit
> exceptions] meaning it requires polling for some set of users to figure out
> the state of the world, as opposed to a request header"?  I think there may
> be erroneous assumptions lurking in there.
>
> Thanks,
> Jonathan
>
> On Monday, April 30, 2012 at 5:54 PM, Ian Fette (イアンフェッティ) wrote:
>
> This seems like the worst of all possible worlds. Sites still have to
> handle all the complexity of explicit/explicit exceptions (their existence
> meaning it requires polling for some set of users to figure out the state
> of the world, as opposed to a request header). They have to handle multiple
> different "regimes" -- at this point, why don't we just let each browser
> define their own DNT mechanism?
>
> On Mon, Apr 30, 2012 at 5:04 PM, Tom Lowenthal <tom@mozilla.com> wrote:
>
> I don't see a problem here. It's up to web browser to discover and store
> their users' preferences. The API just describes the way to communicate
> that info to JS.
>
> ---
>
> Say Chrome decides to implement only exceptions which have a star in
> them, because they think that that most works best for most users. If
> they get a request, they sanitize it into first/* or */third, and
> compare it with their data structure or talk to users.
>
> PrivacyBrowser only implements first/third, no stars, because that's
> what they think works best for *their* users. If they get requests with
> stars, they say no, because their uses have no truck with that sort of
> thing.
>
> SimpleBrowser only does wildcards, and ignores first/third. In
> SimpleBrowser, if a site has an exception, it gets DNT:0 whether it's
> first or third party, all its third parties get DNT:0 too, and it
> replies to JS requests appropriately.
>
> UxNightmareBrowser doesn't store preferences, it just asks users for
> each tuple one at a time, in the form of modal dialog boxes. They're
> totally compliant with the DNT API, but for some reason don't get a lot
> of market share...
>
> ---
>
> My point is that all of these are technically compliant, but provide
> different interface drawbacks. Some of them reduce the granularity of
> the representation that they store of user preferences. Some of them
> impose additional mental costs on users.
>
> These are issues of user experience, and browsers need to compete on
> them. This working group simply can't design, mandate, or perhaps even
> imagine the best balance of all the different interface constraints. We
> should create a specification which gives UX designers the building
> blocks that they need to make great future browsers that implement DNT.
> That doesn't mean that we know exactly what they'll look like.
>
>
> On 04/30/2012 04:19 PM, Lauren Gelman wrote:
> >
> > I think there is a significant and real concern that the exceptions --
> by offering an all or nothing approach -- are going to eat the rule.  I
> also agree the case has been made that they are necessary.  Adding some
> granularity may encourage sites to compete on privacy.  So instead of
> asking for a blanket site-wide exception, a publisher may ask for an
> exception for a limited group of privacy-friendly advertising options.  Or
> small publishers may use a DNT solution plug-in that provides a balanced
> approach.  Not all websites have the complexity of the ones that are
> typically used as examples for this group.
> >
> > Of course there is no demand now because publishers have no idea what
> the new landscape will look like.  Obviously, the # of people who go DNT:1
> is unknown.  But if you don't build this option into the API, there is no
> chance it will happen.  So I think that if there is agreement that it is
> manageable and there is no requirement that anyone do anything, than why
> not include it??
> >
> > On Apr 30, 2012, at 3:45 PM, Matthias Schunter wrote:
> >
> >> Hi Jonathan,
> >>
> >>
> >> I agree that the complexity seems manageable.
> >>
> >> As a group, I believe that it is nevertheless important to understand
> 'why do we need this feature'  and then 'What is the best (=minimum
> complexity / least cost / most usable / ...) way to achieve this goal.
> >>
> >> I believe that we need to revisit the first question 'why is the
> feature needed' and what use cases cannot be implemented without it (e.g.,
> by after-the-request logging):  I currently do not see a strong push from
> web-sites to request such exceptions. Since this feature is designed to be
> used by web-sites, this should tempt us to drop it unless it provides clear
> benefits to other stakeholders even if only used by few sites.
> >>
> >> Are there other requirements/use cases that I've overlooked or am I
> mistaken in another way?
> >>
> >> Feedback is welcome!
> >>
> >>
> >> Matthias
> >>
> >>
> >>
> >>
> >>
> >> On 30/04/2012 23:59, Jonathan Mayer wrote:
> >>>
> >>> The complexity seems quite marginal to me.  Here's what an analytics
> service that prefers explicit-explicit exceptions might do with a boolean
> flag approach.  (A + denotes an additional required line.)
> >>>
> >>>> var trackingExceptionHandler = function(status) {
> >>>>  // Handle acceptance and rejection gracefully…
> >>>> }
> >>>>
> >>>> +if(navigator.supportsExplicitExceptions)
> >>>> + navigator.requestSiteSpecificTrackingException(["
> exampleanalytics.com"], trackingExceptionHandler);
> >>>>
> >>>> +else if (navigator.supportsWebWideExceptions)
> >>>>  navigator.requestWebWideTrackingException(["exampleanalytics.com"],
> trackingExceptionHandler);
> >>>>
> >>>> else {
> >>>>  // Use super-sweet out-of-band exception mechanism
> >>>> }
> >>>
> >>> Pretty painless.
> >>> On Monday, April 30, 2012 at 2:22 PM, Ian Fette (イアンフェッティ) wrote:
> >>>
> >>>> As a website operator, your proposal adds even more complexity to the
> mix. This is not a good idea.
> >>>>
> >>>> On Mon, Apr 30, 2012 at 1:55 PM, Jonathan Mayer <jmayer@stanford.edu>
> wrote:
> >>>>> As best I can tell, here's the current state of the debate: Some
> working group participants believe there are important use cases for
> explicit-explicit exceptions, others do not.  Some browser vendors are
> willing to implement support for explicit-explicit exception pairs, at
> least one is not.
> >>>>>
> >>>>> Given that background, how's this as a compromise: We make support
> for the various exception types optional for browsers, and we include some
> ability for a website to learn which exception types are supported by a
> browser.  A website isn't left guessing how a browser will interpret its
> exception requests, and a browser vendor is free to pass on the exception
> types that it doesn't believe it can provide a good user interface for.
> >>>>>
> >>>>> One approach would be to include simple flags that indicate support
> (e.g. booleans like navigator.supportsWebWideExceptions).  Another approach
> would be to modify the TrackingResponseCallback to handle a not-supported
> state.  If a website learns the browser doesn't support its preferred
> exception type, it can fall back to a different exception type or an
> out-of-band exception.
> >>>>>
> >>>>> On Monday, April 30, 2012 at 9:37 AM, Ian Fette (イアンフェッティ) wrote:
> >>>>>> I'm a bit perplexed as to the fact that you think a UI such as the
> one you describe would actually be compliant. I thought the whole point of
> this exercise was to allow the user to express a preference and translate
> that as directly as possible to something that can be passed on to websites
> they visit.
> >>>>>>
> >>>>>> If you start picking and choosing from the API as if it were a
> buffet, where does that leave you? You seem to imply it's fine for a UA to
> ignore the explicit nature of a "first/third" exception and turn it into a
> "first/*". Would it be                                     equally fine
> then to just ignore the distinction between "first/*" and "*/third" and
> just offer "site" exception regardless of first/third issues? Or just to
> ignore exceptions all together and say "Eeh, it's a UI issue, if the site
> grants an exception to anything we'll just turn off DNT globally."
> >>>>>>
> >>>>>> I think what is being proposed is unworkable and people are trying
> to use the notion that it's "just a UI issue" to keep it in the spec. This
> is not a good idea.
> >>>>>>
> >>>>>> As for the new corner cases, I think many of us are expecting that
> there will be new regulatory considerations (either under existing or
> future regulatory regimes) that will involve DNT. Whenever there are new
> considerations, there are new corner cases. For instance, cookie blocking
> doesn't actually send any explicit signal to the server, nor does the
> server have any clue as to what the heck is actually going on. Now we're
> giving servers a clue, hence there's much more complex considerations.
> >>>>>>
> >>>>>> -Ian
> >>>>>>
> >>>>>> On Mon, Apr 30, 2012 at 12:24 AM, Nicholas Doty <npdoty@w3.org>
> wrote:
> >>>>>>> On Apr 25, 2012, at 8:21 AM, Ian Fette (イアンフェッティ) wrote:
> >>>>>>>
> >>>>>>>> Also, I don't think we should just punt something by saying "It's
> a UI issue." The spec has implications on UI that should not be ignored.
> explicit/explicit means we have to come up with UI to support this, where
> so far we have failed, it means sites now have to worry about corner cases
> they didn't before, etc.
> >>>>>>>
> >>>>>>> I agree with Rigo that this is a UI issue in the sense that user
> agent developers are completely free to decide whether or not to create
> what kind of UI they want. (We were able to discuss this confusion in DC,
> but only briefly, so I'll try to recap.) If Google Chrome decides that its
> users never want or need to see a list of domains, even when a site
> requests exceptions for a specific list, Chrome need not present any such
> UI; the browser can just display whatever UI the Chrome team creates for a
> site-wide exception and the team doesn't have to come up with any other UI.
> The browser also may choose not to store the list version of the
> permissions but just store a site-wide permission, or not to store the
> permission at all, the spec explicitly leaves all of these choices up to
> the user agent implementation. (Section 6.5 lists several other UI
> decisions that are also completely up to the user agent developer.) I
> expect user agent UIs to vary -- some browsers will use a
>  simple b
> uilt-in UI to avoid burdening their users; a developer of plugins for
> particularly privacy-conscious users might build a more complex
> configuration panel. Vive la différence.
> >>>>>>>
> >>>>>>> What are the corner cases that sites have to worry about that they
> didn't before? In the current self-regulatory opt-out cookie system the
> publishing site never gets an indication of whether one of its advertisers
> received an opt-out signal (unless it communicates on the server side) and
> the site may have a mix of advertisers that received opt-out cookies or
> not. Sites that only wish to ask for site-wide exceptions can always call
> requestSiteSpecificTrackingException with the "*" parameter; that some
> unrelated sites specify a list of origins in the parameter need not affect
> them. Of course, even sites that always use "*" may still receive visitors
> where some of their parties receive DNT:0 and others receive DNT:1, but
> that situation will exist whether the JavaScript API takes a list parameter
> or not.
> >>>>>>>
> >>>>>>> Hope this helps,
> >>>>>>> Nick
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >
> > Lauren Gelman
> > BlurryEdge Strategies
> > 415-627-8512
> > gelman@blurryedge.com
> > http://blurryedge.com
> >
> >
>
>
>
>
Received on Tuesday, 1 May 2012 01:25:09 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:28 UTC