- From: Lauren Gelman <gelman@blurryedge.com>
- Date: Mon, 6 Feb 2012 17:18:12 -0800
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: Tom Lowenthal <tom@mozilla.com>, Justin Brookman <justin@cdt.org>, public-tracking@w3.org
I don't understand how the text of this exemption [exception?] is limited to geo-location, but the subject matter should be part of the exception conversation. It looks like a use limitation-- If someone is DNT:1, you can either collect and use their IP address for the purposes of targeting them based on location, or you cannot. You can either show them an ad for a service/good/store proximate to them, or you cannot. You can either combine geo info with other info to do more targeted-targeting, or you cannot. I think use cases like you describe that try to draw a line based on some sort of creepiness quotient are going to be impossible to implement. IP is a type of unique identifier, just like a referrer ID is a type of unique identifier, as are other cookies and tags. They need to be treated as such. [I am also generally against the idea that DNT is only about limiting the perception of tracking and not about actually limiting tracking, but I don't think that you need to agree with me on this point] On Feb 3, 2012, at 3:52 PM, Jonathan Mayer wrote: > Substantively, I'm in general agreement. > > In the interest of analytical consistency and not conflating issues, I'd avoid siting this content in the high-level compliance section. I'd instead locate the discussion of personalization by IP geolocation, user-agent, and referrer in a contextual personalization exception. > > Jonathan > > On Feb 3, 2012, at 3:34 PM, Tom Lowenthal wrote: > >> ACTION-65 ISSUE-39 >> >> Proposed text. Compare with text currently in >> [S-4.1.2](http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#third-party-compliance) >> >> ~~~~ >> ### Compliance by a third party {#third-party-compliance} >> >> If the operator of a third-party domain receives a communication to >> which a [DNT-ON] header is attached: >> >> 1. that operator MUST NOT collect or use information related to that >> communication outside of the explicitly expressed exceptions as defined >> within this standard; >> 2. that operator MUST NOT use information about previous communications >> in which the operator was a third party, outside of the explicitly >> expressed exceptions as defined within this standard; >> 3. that operator [MUST NOT or SHOULD NOT] retain information about >> previous communications in which the operator was a third party, outside >> of the explicitly expressed exceptions as defined within this standard. >> >> #### Non-Normative Discussion >> >> It is acceptable to use data sent as part of this particular network >> interaction when composing a response to a [DNT-ON] request, but it is >> not acceptable to store that data any longer than needed to reply. For >> instance, it would be appropriate to use an IP address to guess which >> country a user is in, to avoid showing them an advertisement for >> products or services unavailable where they live. >> >> When using request-specific information to compose a reply, some levels >> of detail may feel invasive to users, and may violate their expectations >> about Do Not Track. These sorts of detailed assessments should be avoided. >> >> *Reasonable behavior*: A user visits you from an IP address which a >> general geo-IP database suggests is in the NYC area, where it is 6pm on >> a Friday. You choose to show an advertisement for theaters and >> restaurants in the area. >> >> *Invasive behavior*: A user visits you from an IP address which suggests >> that they are in a particular ZIP+4, which has a distinctive demographic >> profile. Their user-agent indicates that they are a Mac user, further >> narrowing their expected profile. You serve them an ad for business >> within a few blocks of them which specializes in items which their >> expected profile indicates they may enjoy. >> >> In this example, even though the decision about which ad to serve was >> based exclusively on request specific information, but was still >> tailored to a highly-specific user profile. In particular, the >> estimation of a user's location to within a single ZIP+4 may make a user >> feel that they are being followed closely, even if the decision was made >> on the fly, and the information was only held ephemerally. >> >> ~~~ >> > Lauren Gelman BlurryEdge Strategies 415-627-8512 gelman@blurryedge.com http://blurryedge.com
Received on Wednesday, 8 February 2012 20:57:07 UTC