- From: Tamir Israel <tisrael@cippic.ca>
- Date: Thu, 12 Jul 2012 12:36:38 -0400
- To: Chris Mejia <chris.mejia@iab.net>
- CC: Peter Eckersley <peter.eckersley@gmail.com>, Jonathan Mayer <jmayer@stanford.edu>, "Grimmelmann, James" <James.Grimmelmann@nyls.edu>, W3C DNT Working Group Mailing List <public-tracking@w3.org>, Mike Zaneis <mike@iab.net>, Brendan Riordan-Butterworth <Brendan@iab.net>
- Message-ID: <4FFEFD16.4060904@cippic.ca>
On 7/12/2012 12:12 PM, Chris Mejia wrote: > I think what Peter is referring to is that some users might view the > very fact that they are being tracked in order to facilitate the > advertising activities of many random third parties they have never > interacted with to be a 'privacy harm'. As I noted previously, we can > start debating the relative costs/benefits of an F-cap approach that > is more privacy protective, if only someone from industry were willing > to provide a sense of how privacy-friendly F-capping can be done. > > CM: Please see Brian O'Kelley's description of f-capping > pasted below. In my experience, this description closely > describes the most common practice for f-capping. > > > So far, I have not seen this, nor have I seen any direct substantive > responses to why the alternative F-capping proposals suggested by some > are not workable. A good faith attempt to resolve a problem would > entail these very engineers that you are referring to engaging, in > good faith, in attempts to solve what is, at first instance, a > technical problem. > > CM: In fact this thread started as a result of Prof. Ed > Felton's FTC blog post > (http://techatftc.wordpress.com/2012/07/03/privacy-by-design-frequency-capping/). > David Wainberg called our attention to Brian O'Kelley's > comments posted to Prof. Felton's blog. Brian O'Kelley is the > founder and CEO of AppNexus (he was also a founder at > RightMedia) and is one of the foremost advertising technology > engineers in the industry. Brian's comments directly refuted > the methods outlined by Prof. Felton, based in large part on > severe performance issues (unacceptable ad serving performance > that would negatively increase page load times) and scale > issues. Jonathan Meyers then challenged Brian's critique of > Prof Felton's Blog, but here on the W3C forum (2nd post in > this thread I believe). Since I realize that Brian's comments > were never brought directly into this forum, I'm repasting > them here now: > OK, thanks Chris, I understand better where you're coming from now. I'd say, to start, that I don't think Brian O'Kelley's method is the standard. I took it as something AppNexus does that is somewhat more unique (someone can please correct me if I am wrong). But regardless, the problem with your question (provide some evidence that servers are using the unique ID from F-capping in order to connect track user browsing) is that, of course, there is absolutely no way to do this since it happens invisibly on the server. The majority of users might trust many online advertisers not to do this kind of thing, but there are now /so many/ advertisers out there accessing unique IDs at each and every site a user visits, that the best way to monitor 'no tracking' is to prevent collection of unique identifiers by untrusted third parties (as opposed to trying to prevent server-side correlation once collection has occurred). This is not an unusual definition of 'privacy harm'. In fact, the basis of most privacy protective regimes since the OECD guidelines and CoE Convention 108 has been to minimize collection to what is necessary. Now -- if you're saying there is a good reason to collect here because the costs of doing otherwise are exponential and the benefits minimal, that is a discussion we can engage in meaningfully. But we seem to be unable to get to that step. > > > >> Finally, please pardon my ignorance (as I don't know you); what >> organization and constituency do you represent? You haven't provided >> a signature line indicating your affiliation and you are writing to >> this forum from a gmail address, so I was not able to ascertain your >> affiliation, if any, from this information. In the interest of full >> disclosure, I represent the membership of the Interactive Advertising >> Association (IAB – www.iab.net) where I work in the Advertising >> Technology Group with industry engineers and operations professionals >> on technical specifications, technical protocols and technical guidance. > With respect, Chris, I don't think this is productive. If it really is > helpful to start throwing around credentials, I will say that CIPPIC > (the public interest NGO I represent) is supportive on this point of > the Standford (Jonathan)/EFF (Peter)/ Mozilla (Tom) compromise > proposal which was presented to the group here a few weeks back and > which did not include any explicit exception for tracking users for > the purpose of F-caps. > > CM: Tamir, when making my request to understand Peter's > affiliation, I did ask that he "/please pardon my ignorance/"; > this was sincere. I don't know Peter and I honestly did not > understand his affiliation— as you might appreciate, operating > in this political circle is not my usual job (I'm a > technologist, not a politician, so again, please pardon my > ignorance with respect to your world). I was asking as a > point of clarification, so I could further appreciate his POV. > Understanding where someone comes from allows me to better > understand the context of their position. I also take some > offense with the notion that I was "/throwing around > credentials/"; I was simply stating my own affiliation, out of > respect, as I had requested the same of Peter. Please don't > turn this into a political you guys vs. us guys thing— I don't > find that productive at all. I'd rather focus our debate on > the merits of all particular arguments being presented. (BTW- > your affiliation was clear from your email address) > OK. My bad. We can all blame gmail now : ) > > > Best, > Tamir >
Received on Thursday, 12 July 2012 16:37:25 UTC