- From: Tamir Israel <tisrael@cippic.ca>
- Date: Mon, 16 Jul 2012 12:22:21 -0400
- To: ifette@google.com
- CC: Shane Wiley <wileys@yahoo-inc.com>, Jonathan Mayer <jmayer@stanford.edu>, Mike Zaneis <mike@iab.net>, JC Cannon <jccannon@microsoft.com>, "Roy T. Fielding" <fielding@gbiv.com>, Peter Eckersley <peter.eckersley@gmail.com>, W3C DNT Working Group Mailing List <public-tracking@w3.org>, Alan Chapell <achapell@chapellassociates.com>
- Message-ID: <50043FBD.9060602@cippic.ca>
There's no need to actually design an authoritative solution to F-capping. However, the only rationale (currently) to include what will be a very broad hole in the DNT mechanism is the purported need to do F-capping in a specific manner. It's an open question whether that rationale is proportional to its purpose at all, but putting that aside for the moment, I don't think it's outside the scope of this process to discuss whether and to what extent the rationale itself actually holds water. Or at the least ensure we all gain a better understanding of the costs involved with excluding F-capping from permitted purposes so a reasonable assessment of proportionality can be made. If, for example, we are talking about long term ongoing costs, that is one thing. If it's a one-time transition cost, that is quite another thing. Jonathan Mayer wrote: >> Jonathan, >> >> Could you say a bit more about the potential costs of implementing a >> different approach to frequency capping? >> >> BOK: Right now we hit our userdata store once per impression and get >> all the historical user data. Imagine we have to evaluate the top 10 >> campaigns after we sort by price - that's 30 queries (campaign cap + >> creative cap + advertiser cap) x 10. That would imply 30x the servers >> in the userdata cluster - right now we have ~30 servers, so you're >> talking about adding almost 1000 servers with no functionality gain. >> Overall, that takes us from ~2500 servers to ~3500 servers. It's >> material. > There's no doubt that the hashing approach Ed detailed imposes greater > database load. The client-side approach I favor, on the other hand, > would reduce database size and load by distributing storage and > lookups to web browsers. (I would add that I don't think the hashing > approach provides that much privacy. It only addresses the > (uncertain) risks associated with a user's impression history. It > doesn't mitigate the risks associated with the presence of an ID > cookie. Furthermore, it doesn't do much once a user ID or set of user > IDs is known since hash computations have become so fast and cheap.) > > As for the requirements imposed by the hashing approach: they'll vary > by implementation. If a database has to handle n times more queries > per unit time, that certainly doesn't mean it needs n times more > servers or will cost n times as much. Choices about processing and > storage hardware, the database solution, and the database schema will > have a tremendous impact. Some (relatively) recent stress testing by > Netflix suggests Apache Cassandra NoSQL could be a promising direction > (http://techblog.netflix.com/2011/11/benchmarking-cassandra-scalability-on.html). We all knew at the outset that some DNT requirements might mean different industry practices and perhaps some costs incurred. These should be reasonable, of course. Best, Tamir On 7/16/2012 11:52 AM, Ian Fette (イアンフェッティ) wrote: > I also question whether a standards WG is the best place to be doing > original research. I joined this working group under the impression > that we were going to try to define some set of practices, be it > online behavioral advertising or something broader, that we agreed > there was reason to provide users with a mechanism to opt out of these > practices, and standardize that mechanism for opting out of such > mechanisms. > > It feels like we are now diverging substantially from that original > goal and trying to get into some sort of "design by committee of new > technologies". Design by committee can work when we're trying to do > something reasonably focused, with clear objective ways to compare two > proposals (e.g. should it be a well known URI or everything bundled up > in the DNT: header itself), but I don't think it's well suited to a > "let's go off and spend a year coming up with (potentially) new > mechanisms for frequency capping, deploy and evaluate." If people want > to redesign frequency capping, I think that's a great exercise, but > this working group is not the proper context for such an exercise. > This working group should focus on defining a set of practices we wish > to let users opt out of, and standardizing a uniform mechanism to > allow users to express that choice / control. That should be achievable. > > my $0.02 > -ian > > On Sun, Jul 15, 2012 at 10:04 PM, Shane Wiley <wileys@yahoo-inc.com > <mailto:wileys@yahoo-inc.com>> wrote: > > Jonathan, > > I continue to respectively disagree and believe you’ve heard from > enough of the working group that many feel this is delaying the > real progress of Do Not Track (versus the very few who feel there > is any value here). Attempting to develop PET solutions via email > in a few days isn’t a productive path forward but the ultimate > goal and sentiment are – hopefully you’ll reconsider the offer to > more appropriately address these in a separately forum. > > - Shane > > *From:*Jonathan Mayer [mailto:jmayer@stanford.edu > <mailto:jmayer@stanford.edu>] > *Sent:* Friday, July 13, 2012 1:47 PM > *To:* Shane Wiley > *Cc:* Tamir Israel; Mike Zaneis; JC Cannon; Roy T. Fielding; Peter > Eckersley; W3C DNT Working Group Mailing List > *Subject:* Re: Frequency Capping > > Shane, > > We've been over this many times before; I'm not going to rehash > the myriad counterarguments. If you don't want to participate in > constructive discussion of privacy-preserving advertising, so be > it. But you're doing yourself, Yahoo!, and Do Not Track no favors > by repeatedly calling for something that you know is entirely > unacceptable to many members of the group. > > Jonathan > > On Friday, July 13, 2012 at 1:06 PM, Shane Wiley wrote: > > Tamir, > > Many of us in industry are more than willing to look a privacy > enhancing technologies and process approaches to diminish the > perceived risks associated with Permitted Use practices. The > issue is speed to resolution significantly delaying completion > of the DNT standard. I’ve often advocated a dual-pronged > approach to this issue: move the current DNT specification to > resolution with Permitted Uses and develop a secondary track > to focus purely on Permitted Uses, Unlinkability, and privacy > enhancing technologies to reduce dependency on unique IDs at > scale. > > I would recommend we immediately branch this effort to another > email list and begin work in parallel (it’s already started > here). We can bring in more technical experts, begin testing > hypothesis and limited research in this area, build test > platforms, and move forward with production testing to confirm > concepts hold up under mass scale. Attempting to wait out > this entire process in-line with the current DNT standard > conversation will push out completion many months (if not > years as I don’t believe this to be a one-time conversation > and rather an on-going evolution of privacy preserving > technical approaches). > > - Shane > > *From:*Tamir Israel [mailto:tisrael@cippic.ca] > *Sent:* Friday, July 13, 2012 11:07 AM > *To:* Mike Zaneis > *Cc:* JC Cannon; Shane Wiley; Roy T. Fielding; Peter > Eckersley; W3C DNT Working Group Mailing List > *Subject:* Re: Frequency Capping > > Mike, > > If there is a solution to F-capping that does not require > unique identification of users than this will dramatically cut > down the amount of 'tracking' that can occur under DNT-1 > state. As opposed to some other possible permitted uses, an > F-capping exception will permit unique identification of every > single individual regardless of DNT state. > > Look, there's really only 1 question here: is industry willing > to at least /explore/ alternative technical solutions that > allow f-capping w/out unique identification of users? > > If the answer is no, that is very disappointing. If the answer > is yes, than I refer you back to: > http://lists.w3.org/Archives/Public/public-tracking/2012Jul/0075.html > > Best, > Tamir > > On 7/13/2012 1:32 PM, Mike Zaneis wrote: > > Tamir, > > At the very first meeting last September this group addressed > the fact that under any standard coming out of the W3C that > there would still be some "tracking" even with DNT turned on. > Newer participants will either have to get comfortable with > that fact or the group will have to go back to the beginning. > > Mike Zaneis > > SVP & General Counsel, IAB > > (202) 253-1466 <tel:%28202%29%20253-1466> > > > On Jul 13, 2012, at 12:33 PM, "Tamir Israel" > <tisrael@cippic.ca <mailto:tisrael@cippic.ca>> wrote: > > On 7/13/2012 12:20 PM, JC Cannon wrote: > > It is not practical to expect many consumers to go through > and manage a list of third-party sites. Even the small > number of educated users won’t understand all the third > parties on a site. Consumers have to feel that when they > visit a third-party site that their privacy will be > protected and if not, that they have some recourse to > address any harm. > > > That too : ) > > Moreover, I feel we should be addressing whether or not > frequency capping is a permitted use and not spending time > trying to design it in this working group. > > > JC -- I personally don't think it should be a permitted > use, primarily because it allows for the possibility of > 'tracking' in scenarios where a user has expressed their > desire not to be tracked. Some others have expressed > strongly their impression that some form of F-capping is > necessary even in a DNT-1 state. The hope is that there is > a technical solution to resolve this impasse. > > Best, > Tamir > > JC > > *From:*Tamir Israel [mailto:tisrael@cippic.ca] > *Sent:* Friday, July 13, 2012 9:01 AM > *To:* Shane Wiley > *Cc:* Roy T. Fielding; Peter Eckersley; W3C DNT Working > Group Mailing List > *Subject:* Re: Frequency Capping > > Shane, > > Your brick and mortar example to me highlights very > precisely the problem here. The fact that Walmart chooses > to carry Raisin Bran in addition to Lucky Charms (no > accounting for taste : P) does not initiate any type of > interaction between me and Raisin Bran. Just between me > and Walmart and, if I'm hungry as I walk past the cereal > section, me and Lucky Charms. > > My expression of 'do not track me' should be able to > encompass this type of model. > > So, I should be able to say: I don't want to be tracked by > anyone, but I'll grant an exception to yahoo and adobe > (because I trust them), but not to > 'financial-credit-profile-builder' (because I /don't/ > trust them). Making a list of third parties easily > discoverable won't quite get us there because it targets > the first party, whereas the potential bad behaviour and > incentives need to be applied to the /third /parties. > Therefore: a.) there is no way for me to communicate to > the first party that my problem isn't with 98% of the > third parties they're using to monetize, but only with x > and y; and b.) there will not be any competitive pressures > on particular servers to behave well (maintain anonymous > cookie ID, for example). > > Best, > Tamir > > On 7/12/2012 4:19 PM, Shane Wiley wrote: > > Tamir, > > > > You've interacted with those 3rd parties as a part of your interaction with the 1st party -- as that 1st party has partnered with those 3rd parties to provide its services to you (monetization, analytics, content, widgets, etc.). If a 1st party is transparent about those 3rd parties it works with (and/or highly discoverable through already existing web browser tools), is it fair to say you still have a choice at that point to decide to continue to interact with that 1st party? If you disagree with a 3rd party's ability to maintain an anonymous cookie ID in relationship to the services its providing to the 1st party, you do not need to interact with that 1st party. The choice is yours. > > > > If there were true "harms" involved, then you may look at this through a slight different lens, but that has yet to be established. > > > > To use a brick-n-mortar example, you do not have a right to require Wal-Mart carry a specific brand of cereal you may really like (your desire vs. their business obligation). If you're unhappy with Wal-Mart due to this choice, you can decide to not shop at Wal-Mart. > > > > - Shane > > > > -----Original Message----- > > From: Tamir Israel [mailto:tisrael@cippic.ca] > > Sent: Thursday, July 12, 2012 12:56 PM > > To: Roy T. Fielding > > Cc: Peter Eckersley; W3C DNT Working Group Mailing List > > Subject: Re: Frequency Capping > > > > On 7/12/2012 3:12 PM, Roy T. Fielding wrote: > > Yes, and it has been rejected many times because the ID cookies are > > used by other features that won't be turned off by DNT. > > > > Not so. I have never interacted and have no relationship with third > > party server X. Why does it need to be able to identify me in any way? > > > >
Received on Monday, 16 July 2012 16:23:14 UTC