W3C home > Mailing lists > Public > public-tracking@w3.org > December 2011

RE: Issue-39: Tracking of Geographic Data

From: Amy Colando (LCA) <acolando@microsoft.com>
Date: Thu, 15 Dec 2011 21:26:00 +0000
To: Dave Singer <singer@apple.com>, Jeffrey Chester <jeff@democraticmedia.org>
CC: Shane Wiley <wileys@yahoo-inc.com>, Karl Dubost <karld@opera.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <81152EDFE766CB4692EA39AECD2AA5B6D4DA5D@TK5EX14MBXC221.redmond.corp.microsoft.com>
Thanks Jeff, these links are helpful.

To help me better understand your point of view on geo data, are you saying that geographic information - even when derived from the current session only - should be "stopped" by DNT signal? I agree with David's point that applying this concept to IP addresses would be technically challenging to say the least.  In addition to marketing efficiency (ensuring that Peachtree Auto Sales ads are shown mostly to Atlanta residents) and relevant content (as much as I dislike it, I do want to see Seattle weather, rather than California weather forecasts), there are additional significant uses of current session location.  Some examples include helping to ensure that gambling ads are shown only in countries where gambling is legal; determining local taxes; and honoring content licensing obligations that are dependent on current user location.  I'm curious as to how you think about geo data in the context of previous discussions about third parties treating DNT user-agent just based on data in current HTTP request (aka, the Vegas paradigm), subject to exceptions list?

Also, given your inclusion of the mobile advertising link(s), I'm wondering whether you would you agree that the use of precise geolocation information should be subject to more specific user consent, rather that generally controlled by DNT browser signal?



From: Dave Singer [mailto:singer@apple.com]
Sent: Thursday, December 15, 2011 8:37 AM
To: Jeffrey Chester
Cc: Shane Wiley; Karl Dubost; public-tracking@w3.org
Subject: Re: Issue-39: Tracking of Geographic Data


all this raises the rather interesting question -- did I 'choose' to expose my IP address to third parties on sites I visit?  It's pretty hard not to, of course.

Sure, I can separately control whether to send/receive cookies from 3rd parties.  When DNT is on, we can ask first parties not to share data with 3rd parties.  But if I am to honor the 1st party wish that I at least load the advert/tracking/social/analytic content on their site, unless I use TOR or the like, I can't do that without exposing my IP address, usually.


On Dec 15, 2011, at 5:50 , Jeffrey Chester wrote:

I am sorry I missed yesterday's call (we helped organize yesterday's Privacy Caucus meeting in House of Representatives, which conflicted).

There is a range of geo-location data that should be stopped via DNT signal.   Geo-location is a key and growing element in the tracking system--and basis of course of much of mobile web tracking.  Just a few examples of the role of geo-location in tracking---

For example, as Yahoo explains:  "Yahoo!'s Location Detection: Precision in Spades

Unlike other providers that rely solely on IP information, Yahoo! geographic targeting leverages multiple data sources -- including IP address, visitor registration data, and location data self-provided by consumers across a range of Yahoo! services -- to determine the most accurate location of potential customers. A proprietary Yahoo! algorithm validates both IP address and location to ensure highly accurate location-based targeting."  http://advertising.yahoo.com/article/geographic-targeting.html

What Quova does: "Using IP intelligence to determine geolocation has been possible for more than a decade, but the ability to acquire impressions and target display advertising across the Web is very new, made possible with the development and rapid growth of RTB (Real-Time Bidding). Quova has built proprietary technology to effectively purchase advertising impressions based on an IP address instead of cookie..."  http://www.quova.com/ip-audience-targeting/

Digital Element: "Offering advertisers the ability to geotarget their ads to the city-level (IP city) worldwide and to serve ads to visitors based on more than a dozen other parameters such as visitor connection speed and type, Internet Service Provider (ISP), user domain name, company name, home or business user and more, NetAcuity helps to reduce wasted impressions and deliver measureable results."  http://www.digitalelement.com/our_technology/targeted_online_advertising.html

New Hyperlocal Ad Feature Provides Distance Information<http://googlemobileads.blogspot.com/2010/09/new-hyperlocal-ad-feature-provides.html>; Location Extensions with Multiple Addresses Available on Mobile Devices<http://googlemobileads.blogspot.com/2010/09/location-extensions-with-multiple.html>

 http://googlemobileads.blogspot.com/2010/09/new-hyperlocal-ad-feature-provides.html;  http://googlemobileads.blogspot.com/2010/09/location-extensions-with-multiple.html

Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009

On Dec 14, 2011, at 9:05 PM, Shane Wiley wrote:


I'm not sure how often this would occur in real practice but I'm fine with the idea that "cross-site historical reference (use) to geo-location is halted for a 3rd party when the DNT:ON signal is present (and no site-specific-exception exists)".

Most geo-location use in the advertising world is real-time and is NOT referenced from past sessions with a user/agent.  For example, an ad server may be told to only serve a specific ad campaign to US users (most often because their brand is not sold outside of the US so it would be wasteful to market to users outside of the US).  To fuel this feature, the ad server will typically license an IP Address Location map to facilitate the filtering process.  When the ad server is called, it passes the IP Address to the Location Map and asks for the country of origin (typically accurate at this level but some countries have blurry lines).  If the IP Address origin is in the US, then the ad server can serve the ad targeted to US users.  The next time a user/agent is encountered, this process is repeated.  I've never heard of a situation where a 3rd party ad server will look at historical location to make an ad serving decision.

>From a "retention" perspective, the IP Address and resulting geo-location country must be retained in this case as the ad server must be able to prove they did not serve this ad outside of the targeting parameters.  This is important from a financial audit perspective and from a fraud prevention perspective.  One of the fraud issues within the online ad industry are possibly malicious ad networks purposely serving their ads outside of the US to falsely increase impression counts for higher payments).

Can anyone think of a 3rd party geo-location scenario where cross-site geo-location information is used over time?  Outside of Google Maps recording your location in a "history" for easier selection in the future (and this can be cleared at any time), I don't believe this information is leveraged for targeting or altering the user experience.  I would also argue the Google Maps experience would receive 1st party treatment if the user meaningfully interacted with the Widget (entering an address feels "meaningful" to me).


- Shane

-----Original Message-----
From: David Singer [mailto:singer@apple.com]<mailto:[mailto:singer@apple.com]>
Sent: Wednesday, December 14, 2011 2:22 PM
To: Shane Wiley
Cc: Karl Dubost; Jeffrey Chester; public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Re: Issue-39: Tracking of Geographic Data

I wonder whether it's useful here also to distinguish between data that is present in the (HTTP) transaction, and remembered data about the user, and other world knowledge?

As a strawman, how is it if we say that DNT:1 means that you put a firewall between this transaction and your stored data about this user (actually, users in general, since with the firewall there you don't know which user it is)?

There is no firewall between what the user tells you in this transaction, and world knowledge.

So, it's OK to work out "this guy is in San Francisco!" based on the IP address.  It is not OK to record "this guys was in San Francisco on Wednesday" in the database.  And it's not OK to notice "he was in London only two days ago".  The first adds to the database, the second reads from it.  They are 'tracking my movements'.

(Since I can and will tell the 1st party more than 3rd parties, there is also a firewall between the 1st and 3rd parties in terms of data passing, but that's out of scope).

This correlates with the discussion this morning:  if I have agreed with an ad network that they will caption all my video ads, and they set a cookie to remember "I am a caption-needing user", then if that cookie is supplied in a transaction with DNT:1 set, it's OK (maybe even expected) to still caption video ads.  (The user can turn off cookies for 3rd-party sites independently, logically).

David Singer
Multimedia and Software Standards, Apple Inc.

Dave Singer
Multimedia and Software Standards, Apple

Received on Thursday, 15 December 2011 21:26:40 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC