Re: cross-site tracking and what it means

Inline, trying to catch up on a lively thread.

On Jan 18, 2012, at 22:15 , Kevin Smith wrote:

> That's not exactly what I was suggesting.  I look forward to next week when we can explore these options in person with a whiteboard.  Hopefully we can make a lot of progress.

Yes, a white board and/or a beer may well help.

> What I am proposing is that if a user has DNT turned on when visiting a given website both 1st and 3rd parties are allowed to record a visitor's usage on that site as long as it is only connected, stored, used (etc etc) with that website.  So, the 3rd party would know that you visited a 1st party, but would not know that you had ever visited another 1st party site.  It is not simply another tag on the data, they must actually store the data under separate visitor ids so that they cannot tell you are the same visitor -- ie they CANNOT stitch your profile together.

This is where you lose me.  I am not up to speed on all the cookie-matching and other techniques that are used to determine that visitor 101 to site A is the same person as visitor 215 to site B, but I have a hard time believing that we can construct rules sufficiently well that this correlation CANNOT happen in the advertiser.

This is essentially hat Rigo is saying as well, I think.

On Jan 18, 2012, at 23:30 , Rigo Wenning wrote:

> Now what about visitorID 101 and visitorID 102 being associated with the same 
> IP address? If you collect/keep that data, I agree with David, that there is 
> an easy correlation possible within the walls of the analytics/advertisement 
> provider. In this case, the question is how can you be seen to not do the 
> correlation? IMHO, the devil is in the detail of legal and technical means of 
> siloing. And the options range from "nothing changes, we just renamed the 
> issue" to "really really good privacy and hard to implement requirements".

It would boil down to "yes, we collect lots of data about you, but we cannot or will not make it 'cross-site'" -- but if each individual record could be linked to the real me, it really is a 'will not', not a 'can not'.

On Jan 19, 2012, at 7:26 , David Wainberg wrote:

>> If we were to say that *every* site, under DNT must not remember anything about my interaction with any other site than itself (and that rules out 3rd parties keeping records that identify the 1st party, as well), that *might* get closer.  Now the advertising site can do frequency capping (it remembers what ads it previously showed me) but not behavioral tracking (it does not remember I visited CNN, BBC and Amazon, and does not remember what I read or bought on those sites).  But this needs a lot of working through, and I am not hopeful it actually comes out simpler than the 1st/3rd distinction.
> This raises very interesting questions about the definition of tracking. Note that it focuses on the collection and retention of certain types of data, rather than on the uses.

That's what tracking is, to me: collecting and retaining data about me.  I don't really care if your ostensible purpose is initially benign or nefarious.  And I am sorry to say that I think that's what we need to control: data collection about people.  Not its use, its collection.

Understand, that I am trying to give 'life' top the alternative to 1st/3rd distinction, which is using 'cross site' restrictions instead;  but this is not my preference.  On the other hand, the more I think about it, the more I think that the cross-site definition I floated might be worth discussing as it illuminates some distinctions, and has different 'side effects' and needs for exceptions.  We STILL have the problem of defining site/party etc., but we could drop the 1st/3rd issue.  I'll work on it.  At the least, we'd have two directions worth discussing.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Friday, 20 January 2012 01:38:41 UTC