RE: Batch closing of TPE related issues from Mike O'Neill on 2013-06-20 (public-tracking@w3.org from June 2013)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 20 Jun 2013 15:04:45 +0100
To: "'Chris Mejia'" <chris.mejia@iab.net>, "'Rigo Wenning'" <rigo@w3.org>, <public-tracking@w3.org>
Cc: "'Matthias Schunter $Intel Corporation$'" <mts-std@schunter.org>, "'Rob van Eijk'" <rob@blaeu.com>, "'Mike Zaneis'" <mike@iab.net>
Message-ID: <065c01ce6dbf$1f22d280$5d687780$@baycloud.com>

Hi Chris,

Cumbersome "cookie hardening" would not be needed with a default opted-out
philosophy. A far more elegant solution would be one based on requiring an
opt-in state stored in the browser. If browser storage is cleared the user's
preference for privacy is preserved and this approach would not conflict
with a user's intention when blocking third-party cookies.

I agree that the HTTP cookie mechanism can be used to respect everyone's
fundamental right to privacy and help regain trust in the web, and we should
concentrate on that not "how can I get to keep my precious cookies?"

Mike

-----Original Message-----
From: Chris Mejia [mailto:chris.mejia@iab.net] 
Sent: 20 June 2013 02:26
To: Mike O'Neill; 'Rigo Wenning'; public-tracking@w3.org
Cc: 'Matthias Schunter (Intel Corporation)'; 'Rob van Eijk'; Mike Zaneis
Subject: Re: Batch closing of TPE related issues

Hi Mike,

To clarify per your point below, in our current industry self-regulatory
program the user has the option to "harden" their opt-out cookies using a
browser plug-in that's made freely available to the user for this purpose
(and for no other purpose-- i.e. you can't use this plug-in to harden other
cookies-- only opt-out cookies).  So with the opt out cookies hardened, they
are not cleared with all the other cookies that are cleared when a user opts
to "clear cookies".  Your point below was an early criticism of the industry
self-regulatory program, one that we responded to with a good solution
that's used by thousands of people today.

I actually think our group's work around cookies is short sighted-- if
managed well, the cookie is an excellent technical tool to manage online
advertising, AND privacy.  I wish we'd concentrate our efforts on "if
managed well" instead of "let's kill them cookies, they are the agents of
evil doers".

Best,

Chris

Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group |
Interactive Advertising Bureau - IAB

On 6/18/13 8:08 AM, "Mike O'Neill" <michael.oneill@baycloud.com> wrote:

>I also agree that using cookies as an opt-out signal is sub optimal. A 
>user deleting their cookies as a privacy protection tactic will 
>paradoxically revoke all their carefully arranged opt-outs. Also if 
>they have set their Firefox browser to block third-party cookies but 
>accept those from visited sites (which was going to be the default in 
>Firefox 22) then just accepting an opt-out cookie will allow 
>third-party cookies from the same site, the opposite to the user's 
>intention.

Received on Thursday, 20 June 2013 14:05:28 UTC