RE: Further text associated with the change proposal on Unique Identifiers, issue-199

Mike,

I believe the point is that people will continue to block ads even with an effective DNT signal because they simply don't like ads.  So attempting to match-up an effective DNT Standard with a sudden downturn in those wanting to block ads doesn't feel appropriate to me (it may for a small percentage).

- Shane

From: Mike O'Neill [mailto:michael.oneill@baycloud.com]
Sent: Tuesday, October 08, 2013 10:06 AM
To: Shane M Wiley; 'David Wainberg'
Cc: public-tracking@w3.org; 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org; 'Joseph Lorenzo Hall'; 'Alan Chapell'
Subject: RE: Further text associated with the change proposal on Unique Identifiers, issue-199

Shane,

But people (not just us weird ones) are becoming more aware, and the longer we do not have an effective DNT signal the more likely they are to use extreme measures.

Mike

From: Shane M Wiley [mailto:wileys@yahoo-inc.com]
Sent: 08 October 2013 17:43
To: Mike O'Neill; 'David Wainberg'
Cc: public-tracking@w3.org<mailto:public-tracking@w3.org>; 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org<mailto:jeff@democraticmedia.org>; 'Joseph Lorenzo Hall'; 'Alan Chapell'
Subject: RE: Further text associated with the change proposal on Unique Identifiers, issue-199

Mike,

It would be good to get more data in this area.  My anecdotal research with random people around the globe (outside the privacy/tech circle) on the topic of ad blockers is that they typically just don't like ads and there is little focus on the privacy benefits of blocking ads.

- Shane

From: Mike O'Neill [mailto:michael.oneill@baycloud.com]
Sent: Tuesday, October 08, 2013 8:28 AM
To: 'David Wainberg'
Cc: Shane M Wiley; public-tracking@w3.org<mailto:public-tracking@w3.org>; 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org<mailto:jeff@democraticmedia.org>; 'Joseph Lorenzo Hall'; 'Alan Chapell'
Subject: RE: Further text associated with the change proposal on Unique Identifiers, issue-199

Hi David,

I am bundling ad blocker & cookie blocker browser extensions along with privacy settings on browsers that block third-party cookies. What they all have in common is giving the user control over network interactions motivated by a wish to render tracking techniques ineffective. They all more or less act to enforce a users' requirement for privacy. There are other reasons to use ad blockers such as not wishing to see any ads even contextual, but IMO this is less a motivation than the privacy one.

If DNT was a clearly defined signal, transparently honoured by advertisers and others, there would be less reason for people to resort to these technologies, and less reason for browsers to enable them by default.

Mike


From: David Wainberg [mailto:dwainberg@appnexus.com]
Sent: 08 October 2013 16:02
To: Mike O'Neill
Cc: 'Shane M Wiley'; public-tracking@w3.org<mailto:public-tracking@w3.org>; 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org<mailto:jeff@democraticmedia.org>; 'Joseph Lorenzo Hall'; 'Alan Chapell'
Subject: Re: Further text associated with the change proposal on Unique Identifiers, issue-199

Hi Mike,

I don't understand the assumption that ad blocking has anything to do with DNT and privacy. Can you explain?

-David
On 2013-10-08 5:33 AM, Mike O'Neill wrote:
Hi Shane,

On the 20% ad-blocking estimate there is this: http://www.adexchanger.com/online-advertising/battle-lines-drawn-were-not-all-about-blocking-ads-says-no-1-ad-blocker/
This mentions that "Twenty percent of Germans have an ad blocker installed and there's growing interest in Eastern Europe, Russia, Poland and France" and that 19% of ads there being blocked in Germany, Austria and Hungary. In April it was announced that the number of ADB downloads on Firefox had reached 200M https://adblockplus.org/blog/200-million-firefox-downloads. Here is a report from back in May 2012 that reports >9% ads being blocked http://clarityray.com/Content/ClarityRay_AdBlockReport.pdf

Ad blocking and cookie blocking technologies in browsers and extensions are increasingly popular, recently having been boosted by the Snowden revelations and alarm at the pervasive collection and trading in web activity data. The recent move by some to bypass browser based third-party cookie blocking with fingerprinting will only further fuel this arms race.

Some of these technologies are indiscriminate in the features they block and their widespread use will have a disastrous effect on the web and innovation in it. I should imagine that developers are already working on extensions that will block XHR, POSTs etc. from third-party iframes.

You are correct saying that my position is that DNT should clearly signal that tracking should not occur and that unique ids should not be stored, used or derived when DNT:1  - unless purpose limited for a permitted use. My opinion is that it is the interest of significant players to commit to transparently honouring DNT to head-off the use of blockers and help restore trust in the web economy.

Mike



From: Shane M Wiley [mailto:wileys@yahoo-inc.com]
Sent: 07 October 2013 19:12
To: Mike O'Neill; public-tracking@w3.org<mailto:public-tracking@w3.org>
Cc: 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org<mailto:jeff@democraticmedia.org>; 'Joseph Lorenzo Hall'; Alan Chapell
Subject: RE: Further text associated with the change proposal on Unique Identifiers, issue-199

Mike,

Would you agree that in your approach you prohibit the assignment of Unique Identifiers, either based on random assignment in a cookie or on a digital fingerprinting technique, when DNT:1?  In this case, you're equating Cookie IDs and Digital Fingerprints, correct?  I wanted to be clear with the group that this is your position (this is similar to the position I took earlier in conversations with John Simpson).

- Shane

From: Mike O'Neill [mailto:michael.oneill@baycloud.com]
Sent: Wednesday, October 02, 2013 5:44 AM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Cc: 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org<mailto:jeff@democraticmedia.org>; 'Joseph Lorenzo Hall'; Alan Chapell
Subject: Further text associated with the change proposal on Unique Identifiers, issue-199

Here is some additional text to underline that there should be no browser fingerprinting when DNT:1.

I have slightly improved the definitions, added unique back to the persistent identifier definition to make it clearer and more consistent to how the term is used elsewhere in the spec. There is now a new line item 3 below the Third Party Compliance paragraph (non-permitted uses) that requires no unique ids or fingerprinting when DNT:1.

A persistent unique identifier is an arbitrary value held in, or derived from other data in, the user agent whose purpose is to identify the user agent in subsequent transactions to a particular web domain. It may be encoded for example as the name or value attribute of an HTTP cookie, as an item in localStorage or recorded in some way in the cache.

The duration of a persistent unique identifier is the maximum period of time it will be retained in the user agent. This could be specified for example using the Expires or Max-Age attributes of an HTTP cookie so that it is automatically deleted by the user agent after the specified time period is exceeded.

Browser fingerprinting is a method of tracking individuals based on creating a persistent identifier from a set of other device specific information, either inherent in a content request or stored within the user-agent and accessed by executing rendered script. Such an identifier may not itself need to be stored in the user-agent as it can be calculated again in subsequent transactions, and so can have an arbitrarily long duration.

Third Party Compliance.

3 . the third party MUST NOT create or use persistent unique identifiers, either directly or derived using browser fingerprinting methods,  for the purpose of collecting further information from this user or device.