RE: DNT ad tag integration from JC Cannon on 2012-02-26 (public-tracking@w3.org from February 2012)

From: JC Cannon <jccannon@microsoft.com>
Date: Sun, 26 Feb 2012 18:13:46 +0000
To: "rob@blaeu.com" <rob@blaeu.com>, Travis Pinnick <tpinnick@truste.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <DB4282D9ADFE2A4EA9D1C0FB54BC3BD76E4E0ED3@TK5EX14MBXC139.redmond.corp.microsoft.>

The TRUSTe example is great for discussion, but I hope this won't lead to dictating technical solutions with the DNT standard. We certainly have plenty to debate without spending too much time on these types of topics. Aleecia discussed providing an opportunity where companies can demonstrate possible solutions. We should look at how to formalize that opportunity the standard has been completed.

JC

-----Original Message-----
From: Rob van Eijk [mailto:rob@blaeu.com] 
Sent: Thursday, February 23, 2012 2:00 PM
To: Travis Pinnick; public-tracking@w3.org
Subject: Re: DNT ad tag integration

On 23-2-2012 19:50, Travis Pinnick wrote:
> Per Nick Doty's request, I would like to submit TRUSTe's new 
> integrated DNT ad tag solution for discussion / feedback.
>
> The concept is a 'smart' ad tag that is capable of acknowledging a 
> user's DNT header and, if DNT is set:
> 1) display an alternate state icon with DNT acknowledgment messaging
> 2) auto set opt-out cookies for ad nets in that particular ad chain
>
Hi Travis,

I like the idea of chaining the opt-out cookie, but would like to see the solution in a live situation. At the moment it only demonstrates the capability of distinguishing between a serving a targeted ad and a generic ad.

Do I understand you correct and is the idea that it works in the following use case? A user visits a site (eg the green node story.nl). 
At that site admeld.com is servicing the add and pings adnxs.com, doubleclick.net, 2mdn.net and turn.com, metafiliation.com etc. 
(http://www.blaeu.com/uploads/tracking/110827%20gossip%20.html)
Auto-chaining would result in getting opt-out cookies for all the parties involved in the chain.

I hope the opt-out cookies do get an expiration period of 5 years minimum. In the EU the opt-out expiration time is very poor and inconsistent. I also hope the opt-out cookie content stays generic ie. 
'OPT-OUT' and does not contain a unique identifier.

One privacy risk in I would like to put on the table is connected to the dnt_icon.gif. The host from which the dnt_icon.gif is capable of generating a log with high behavioral tracking entropy. As long as that log is turned off, or has short retention and silod, the risk may be migitated.

--
Rob

Received on Sunday, 26 February 2012 18:14:20 UTC