RE: ACTION-203 : Text for transitive model from Shane Wiley on 2013-06-04 (public-tracking@w3.org from June 2013)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Tue, 4 Jun 2013 18:14:31 +0000
To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <DCCF036E573F0142BD90964789F720E3140B3AF8@GQ1-MB01-02.y.corp.yahoo.com>
Matthias,

Any entity that obtains UGE will likely claim a form of OOB consent as well and store this information on their side (Cookie) for this situation (versus relying on the UA alone).  With that in mind, we probably don't have an issue here.

- Shane

From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
Sent: Tuesday, June 04, 2013 10:07 AM
To: public-tracking@w3.org
Subject: Re: ACTION-203 : Text for transitive model


Hi Shane,





Thanks for the input. Here are my 2cents...



IMHO, the user agent is the one and only reference for UGE. The whole point is that the user is empowered to manage his exceptions by means of his user agent.



If you obtain a DNT;0 for a transaction (either directly or transferred) this will reflect the user preference at this point in time. If a third-party service (without Javascript real-estate) wants to understand what UGE are stored, it needs to work with a party that has Javascript real-estate to use the API to learn more.



Caching/storing/... of UGE beyond a transaction is likely to lead to inconsistencies. The user may change his mind (deleting some or all UGE) and then the DNT;0 will no longer hold in the next interaction.



If you want your backend to be the reference (the one and only) then I believe that ouf of band exceptions are the only choice.



Feedback/Comments? Did I miss anything?





Regards,

Matthias











> -----Original Message-----

> From: Shane Wiley [mailto:wileys@yahoo-inc.com]

> Sent: Tuesday, June 04, 2013 6:50 PM

> To: Rigo Wenning; public-tracking@w3.org<mailto:public-tracking@w3.org>

> Subject: RE: ACTION-203 : Text for transitive model

>

> Rigo,

>

> Thank you for the additional clarity - always happy to hear we don't

> disagree in the larger context, even though we may disagree on this

> point issue of "remembered UGE" in scenarios where there is no way to

> check with the UA to confirm the UGE continues to exist.

>

> - Shane

>

> -----Original Message-----

> From: Rigo Wenning [mailto:rigo@w3.org]

> Sent: Tuesday, June 04, 2013 6:52 AM

> To: public-tracking@w3.org<mailto:public-tracking@w3.org>

> Cc: Shane Wiley

> Subject: Re: ACTION-203 : Text for transitive model

>

> Shane,

>

> On Monday 03 June 2013 15:55:21 Shane Wiley wrote:

> > We'll have to agree to disagree on this one particular caveat then

> > (UGE trumps DNT:1 for Exchange model) as I believe an exception is a

> > more specific signal (more granular - specific to a particular

> > company) than the broader DNT signal (one time switch affecting

> > everyone).

>

> I don't know why it is so attractive to claim disagreement. In my

> message I already recognized that you probably want to run this edge.

> But it is an edge.

>

> I have further doubts:

> The UGE is stored in the browser, not in the backend. At the very

> moment of the interaction, you can't know whether your web wide UGE is

> still there. A user can have revoked your web wide exception by having

> erased your UGE in the browser store. If you have a site wide UGE, you

> have received a DNT:0 and the issue is moot. If you're just part of

> the auction, you don't have real estate on the target site to test the

> UGE because you're in the backend and you can't determine your UGE.

>

> You're mainly telling me: "We store a UGE into the Browser AND our

> backend and whatever the user does, we claim UGE because we have an

> UGE in our backend."

>

> The absence of possible interaction is precisely the problem the

> transitory (or

> derived) permissions solve for the ad industry. I have the feeling

> that by over

> - optimizing you risk to break the model.

>

> > Since we cannot determine the "freshness" in this case, we should

> > default to the more granular signal, not the broader one.

>

> You can determine the freshness if you have contact with the UA. You

> can't assume the user hasn't changed anything only because you haven't seen it.

> This is not the model we have in section 6

>

> > If a company goes out of its way to obtain a UGE and then cannot

> > leverage this in Exchange situations, it will create disincentives

> > to implement DNT more generally.

>

> Wait, you haven't obtained an UGE here. You simply can't know as

> you're part of the auction and not a part of the interaction. If you

> have your javascript already on the first party content site, you can

> check and leverage your UGE. In this case you have full permission,

> not a derived transitory permission. We are only talking about the

> latter here. And it doesn't affect the former.

>

> > We can mark this up

> > as an open issue on the two proposals for the group to decide upon.

>

> I disagree that we disagree. I rather think we got lost in

> translation... But if you insist and the outcome is viable you can

> disagree with me and have me voted down... It is a detail, a pennon on a truck with "transitory permissions"

> written on both sides. Can we ship that truck first and then discuss

> the pennon?

>

>  --Rigo

>

>

>

>

>





On 04/06/2013 18:49, Shane Wiley wrote:

Rigo,



Thank you for the additional clarity - always happy to hear we don't disagree in the larger context, even though we may disagree on this point issue of "remembered UGE" in scenarios where there is no way to check with the UA to confirm the UGE continues to exist.



- Shane



-----Original Message-----

From: Rigo Wenning [mailto:rigo@w3.org]

Sent: Tuesday, June 04, 2013 6:52 AM

To: public-tracking@w3.org<mailto:public-tracking@w3.org>

Cc: Shane Wiley

Subject: Re: ACTION-203 : Text for transitive model



Shane,



On Monday 03 June 2013 15:55:21 Shane Wiley wrote:

We'll have to agree to disagree on this one particular caveat then

(UGE trumps DNT:1 for Exchange model) as I believe an exception is a

more specific signal (more granular - specific to a particular

company) than the broader DNT signal (one time switch affecting

everyone).



I don't know why it is so attractive to claim disagreement. In my message I already recognized that you probably want to run this edge.

But it is an edge.



I have further doubts:

The UGE is stored in the browser, not in the backend. At the very moment of the interaction, you can't know whether your web wide UGE is still there. A user can have revoked your web wide exception by having erased your UGE in the browser store. If you have a site wide UGE, you have received a DNT:0 and the issue is moot. If you're just part of the auction, you don't have real estate on the target site to test the UGE because you're in the backend and you can't determine your UGE.



You're mainly telling me: "We store a UGE into the Browser AND our backend and whatever the user does, we claim UGE because we have an UGE in our backend."



The absence of possible interaction is precisely the problem the transitory (or derived) permissions solve for the ad industry. I have the feeling that by over - optimizing you risk to break the model.



Since we cannot determine the "freshness" in this case, we should

default to the more granular signal, not the broader one.



You can determine the freshness if you have contact with the UA. You can't assume the user hasn't changed anything only because you haven't seen it. This is not the model we have in section 6



If a company goes out of its way to obtain a UGE and then cannot

leverage this in Exchange situations, it will create disincentives to

implement DNT more generally.



Wait, you haven't obtained an UGE here. You simply can't know as you're part of the auction and not a part of the interaction. If you have your javascript already on the first party content site, you can check and leverage your UGE. In this case you have full permission, not a derived transitory permission. We are only talking about the latter here. And it doesn't affect the former.



We can mark this up

as an open issue on the two proposals for the group to decide upon.



I disagree that we disagree. I rather think we got lost in translation... But if you insist and the outcome is viable you can disagree with me and have me voted down... It is a detail, a pennon on a truck with "transitory permissions" written on both sides. Can we ship that truck first and then discuss the pennon?



 --Rigo
Received on Tuesday, 4 June 2013 18:16:45 UTC