- From: Fred Andrews <fredandw@live.com>
- Date: Wed, 24 Oct 2012 21:14:23 +0000
- To: Tracking Protection Working Group <public-tracking@w3.org>
- Message-ID: <BLU002-W1437803C20BA60B387DE8C9AA780@phx.gbl>
DNT should be able to provide a protocol that allows the user to be informed and to at least make a decision about using the services. The server would be asking for consent to use the bundle of services - take it or leave it. Not sure that a w3c spec. can dictate their terms, however if they are using private UA state to discriminate against users then this might be a matter that can be blocked with a technical solution. However they could just amend their terms to require visibility over your UA operation to use the service and they may be able to detect this in a manner that is hard to spoof so in the end you may just need to move on if you do not accept this. I suspect the main reason that these servers can do this now is that they can do so covertly and that the platform has been so poorly designed. Would you use a cable tv network that demanded you run a camera on top of your tv so that the network provider could enforce a term that requires you to watch all the ads, and so that they could listen in on your conversations to detect ad opportunities? If the 1st party can not actually view the status of the request to the 3rd party then a UA could conceivably mount a defense against this. If the 1st party server can see the defense then it could block further use, and with current DOM/script design this is quite likely. This is an unfortunate result of the poor consideration of privacy in the HTML standards, and the PUA CG is trying to address this and expects to prevent the leaking of private UA state such as the use of such defenses. The DNT consent API may be creating the same problem by enabling nag-ware to just continue prompting the user for consent! cheers Fred > Date: Wed, 24 Oct 2012 17:07:50 +0000 > To: public-tracking@w3.org > From: sysbot+tracker@w3.org > Subject: tracking-ISSUE-184 (Walter van Holst): 3rd party dependencies in 1st party content [Tracking Definitions and Compliance] > > tracking-ISSUE-184 (Walter van Holst): 3rd party dependencies in 1st party content [Tracking Definitions and Compliance] > > http://www.w3.org/2011/tracking-protection/track/issues/184 > > Raised by: Walter van Holst > On product: Tracking Definitions and Compliance > > As anyone that plays around with ad blockers, selective javascript tools, cookie killers and assorted privacy-enhancing browser extensions can attest there is a steady increase of content provided by what under the current text would be a 1st party that cannot be viewed unless content from a 3rd party is also accepted by the UA, be it cookies or javascript. > > This raises an interesting situation if we have DNT. For example we have a 1st party that is trusted by the user and also claims to comply to DNT and a 3rd party that is neither. Since the 1st party content is technically dependent on 3rd party content, the user has the choice between either granting consent to the 3rd party in order to have the 1st party function properly or not getting the content at all. > > To what extent is such consent informed, genuine and meaningful? > > >
Received on Wednesday, 24 October 2012 21:14:51 UTC