Fwd: ACTION-120 Web Wide Exemptions and JavaScript

• From: Deliyannis, Alexandros <Alexandros.Deliyannis@nielsen.com>
• Date: Sat, 7 Apr 2012 03:48:35 +0000
• To: "public-tracking@w3. org Group WG" <public-tracking@w3.org>
• Message-ID: <2DB61344-AB42-4533-9763-39F348479222@nielsen.com>

> 
> A Proposal for Web Wide Exemptions (WWE)
> ------------------------------------------------------
> I believe that there are several fundamental problems with JavaScript based WWE or at least my understanding of how they may work. The first one is that the chain of redirects to subsequent 3rd parties can - and most of the time does - get very deep and complex. One has only to analyze the traffic that occurs when a browser goes to a major web site to see evidence of this. The Second problem is that it may impact the user experience, to be clear I am just expressing the opinion that this may become a problem in the future. The third problem is that it's not in the 1st party's interest to ask for a 3rd Parties' WWE. As an example, if a 1st party hosts an advertisement through an ad-network - i.e. there is no direct contact between 1st party and advertiser -and the advertiser chooses to use a pixel tag for performance measurement the 1st party has absolutely no incentive to ask for a WWE to the Party responsible for the pixel tag. 
> 
> 
> Concerns around granting WWE
> ---------------------------------------
> * Given the complexity of 3rd parties on websites today the user should at least be informed of what exactly he/she is granting an exemption for. Another way to say this is keeping the user informed.
> * Who is responsible for the Data in a complex and deep redirection chain?
> * What data is captured?
> * How is the data handled?
> * Impact to User Experience on the website
> 
> 
> Definitions & Notation:
> -----------------------------
> B        <Browser>
> 
> P        <Party>
> 
> ->        <Initial network request & direction >
> 
> ,        <Subsequent network request to different Party>
> 
> {}        <Grouping of subsequent network requests>
> 
> B->P        <Browser makes a network request to a Party (P)>
> 
> B -> P->{P',P"}    <Define: The P sub-tree as  P->{P',P"} . Browser makes a call to P that in turn causes the browser to make a call to P' and P".  Note:  calls to P' and P" would not have happened if not for the request to P>
> 
> B ->P->{ P'->{P1, P2->{ Pi, Pii }}, P"}    <A more complex P sub-tree where in addition to the above interactions P' calls P1 & P2 and then P2 calls Pi & Pii >
> 
> Interaction Graph    <A graph of the above format that describes all network interactions between Browsers, 1st and 3rd parties.>
> 
> 
> Proposal:
> -----------
> I would like to propose to define a well-known WWE URL resource (the WWE is to distinguish it from the one that Roy has proposed but in this document I will use well-known URL to refer to this structure and not Roy's) with the following fields
> 
> * Responsible Party 
> * Information Stored: {PII | identifiable | pseudonymous | anonymous | unidentifiable | un-linkable}
> * Data sharing with other Parties: {raw | aggregated | un-linkable}
> * Time to Un-linkable: { X hours | Y days | Z months | never }
> * URL(s): { *| www.adexchange1.com , www.adexchange2.com... }
> 
> Given a potential interaction Graph of  B ->P->{ P'->{P1, P2->{ Pi, Pii }}, P"}  where Party P can be thought of as the 1st Party and all other Parties can be thought of as 3rd parties. Party P' will indicate the desire of having a web-wide exemption by placing a resource at a well-known URL that includes the above mentioned information. 
> The idea is that regardless of the complexity of the P' sub-tree there is a clear statement of declared data responsibility and usage at the P' well-known URL for WWE's that the browser OR user can use to make an informed decision on granting the exception.
> I believe that the content of the well-known URL answers most of the concerns in a human AND machine readable way except the last one - User Experience on the website - which includes the mechanism by which an exemption is asked for. We can safely assume that if a 3rd party has resources in this well-known URL then they are actively seeking a web-wide exemption so there is no need for back and forth between 3rd party and browser asking for one. This brings us to the question of how will the initiations of asking for an exception will happen. We propose that this will be left to the Browsers IF AND ONLY IF the following constraints are adhered to. 1) A Browser MUST ask for a WWE if one is available from a 3rd Party -frequency to be determined. 2) The Browser MUST NOT impact the user experience of the 1st Party website when asking for a WWE.

> There are obviously some details that need to be flushed out for this idea to become a standards proposal but before I spent time doing it I would like to gauge if this approach would be supported by the group?
> 
> Alexandros Deliyannis 
> Lead Software Engineer
> The Nielsen Company 
> 

Received on Saturday, 7 April 2012 03:49:04 UTC