W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Today's call: summary on user agent compliance

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Wed, 13 Jun 2012 13:47:25 -0600
To: Geoff Gieron - AdTruth <ggieron@adtruth.com>, Shane Wiley <wileys@yahoo-inc.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, "Roy T. Fielding" <fielding@gbiv.com>
CC: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <CBFE4A0B.321B%peter.cranstone@gmail.com>

Well said. It's more of a marketing problem than it is a technology
problem. People just like to be asked for permission first and then not
have their privacy abused. It's the combination of technology, policy
(law) and user choice that enables good privacy.

Peter J. Cranstone

On 6/13/12 1:00 PM, "Geoff Gieron - AdTruth" <ggieron@adtruth.com> wrote:

>I do not disagree with the spirit of your initiative - especially spending
>that last 14 years of my career in a 3rd party ad network and retargeter
>capacity.  Anything that disrupts the ability to show relevant ads vs.
>acacia berry or teeth whitening ads to users is ultimately what we all
>want and I applaud your passion over this. We have to remember though we
>want a solution simple enough that our parents can use (my parents just
>learned what cookies are - so believe me to explain device recognition
>required a great deal of tolerance and alcohol on my part to get them to
>remotely grasp lol).
>I do run with DNT on 24/7 while on Chrome (using Jonathan's DNT extension)
>and I observe daily site notifying me of certain lost functionality due to
>being unable to set cookies or alerting me that I am set to DNT and each
>notification directs the user how to change their settings.  This is why I
>am encouraged that regardless of default setting - the industry is more
>than capable of getting the consumer to be aware of what features they are
>missing under this setting and how to change the setting in their browser
>- while this is not yet perfect (since my browser is not set to DNT - my
>extension is) - we can get there.
>I also know that 3rd party networks and targeting companies will also
>start blocking IE through the DSP's and exchanges (something we did for
>IE6 due compatibility issues with ad units/loading time) - so I would
>believe the ultimate impact will be to MSFT and how publishers interact
>with users of their browser or even recommend their consumers to use a
>different browser to enjoy their published content.
>As for device recognition - we have no intention of circumventing any
>decision by a user and are investing a great deal of time and research to
>send ALL signals to our clients - whether they are opt-out cookies or DNT
>or Opt-in - along with whatever else comes next.  We also are working to
>ensure we are transparent in what we do and how we do it to self
>regulatory bodies and are actively conversing with 3rd party compliance
>providers to ensure that our clients do the right thing.
>However - we are trying to offer 3rd party companies a way to survive in a
>rapidly evolving mobile world where User Agents are able to be manipulated
>(sans yours, Safari and Opera) and cookies (especially 3rd party) have
>little efficacy and do not work for mobile apps.  So please be assured we
>are not looking for a way around the system - but trying to offer a way
>forward for those that are not consumer facing companies with login
>options that can reduce reliance on archaic methods of tracking like
>We believe strongly in DNT and both internally and externally promote this
>standard and everything this working group is striving to accomplish.
>Geoff Gieron
>Director of Global Operations and Compliance
>O:   +1.480.776.5525
>M:   +1.602.418.8094
>Subscribe to the AdTruth Blog <http://blog.adtruth.com/>
>On 6/13/12 11:30 AM, "Shane Wiley" <wileys@yahoo-inc.com> wrote:
>>I appreciate your perspective and believe that you should have the right
>>to choose (or not) to honor the DNT signal from a non-compliant UA.  It
>>will interesting to see if your clients agree with your position.  That
>>said, it should be an equal option for a different Server from your own
>>to choose otherwise.  Similarly some in industry will choose to use
>>cookies that have open and accessible controls to filter and/or block, or
>>they will choose to leverage your digital fingerprinting technology which
>>avoids much of user control.  In the case of a non-compliant UA, as long
>>as the result of the transaction is fairly and transparently conveyed to
>>the user, then the user is able to make their own choices from there.
>>- Shane
>>-----Original Message-----
>>From: Geoff Gieron - AdTruth [mailto:ggieron@adtruth.com]
>>Sent: Wednesday, June 13, 2012 2:16 PM
>>To: Shane Wiley; Bjoern Hoehrmann; Roy T. Fielding
>>Cc: public-tracking@w3.org (public-tracking@w3.org)
>>Subject: Re: Today's call: summary on user agent compliance
>>Shane and Everyone -
>>I have been following this conversation closely and while I personally am
>>not a fan of MSFT's decision to implement DNT on by default - to make
>>generally not compliant or ignored is going to create a much bigger issue
>>Much like Safari default's to 3rd party cookie's off right out of the box
>>- as a declared safety measure to consumers - this will simply be how
>>Microsoft will position itself to consumers.  To try to create exceptions
>>or detection of who set what will ultimately make this initiative a
>>failure.  If the signal comes through as DNT:1 it should be adhered to if
>>we intend on DNT being the right solution and standard for consumers.
>>There is far too much risk in promoting a privacy standard where a user
>>believes they are not going to be tracked, but the industry opts to
>>collectively ignore their preference due to the actions of the browser
>>maker that they are using.  Today is someone is looking for a browser
>>doesn't allow 3rd party tracking they turn to Safari - so why would it be
>>far fetched to think that if the user wants to use IE because they know
>>that they will automatically not be tracked?  If they wish to use another
>>browser - they have Chrome, Opera and FF available on desktop and on
>>Mobile they have more than 30 additional options.
>>Whether or not we personally agree with the decision by MSFT is not
>>relevant to the overall goal of making DNT a standard, educating
>>users/consumers what it means and how to turn it on or off.
>>Ultimately MSFT will have to deal with the economics or loss of
>>marketshare when the potential of paywalls come up to help compensate
>>sites that are unable to derive benefit from higher CPM'd ads that are
>>targeted and need to ensure that users compensate them for use of their
>>content.  I know that personally if I were using a browser because it
>>touted default privacy controls, but yet noticed that the internet was no
>>longer free - as a consumer, I would look to 1) change this setting to
>>DNT:0 or 2) download and use another browser.  These are the basic
>>fundamentals of a free market - let the consumer decide, as the consumer
>>will ultimately be given their choice and will have to decide on whether
>>their setting result in paying for content that was once free or
>>3rd parties tracking data to allow for free content.
>>As an enabling technology vendor focused on ensuring we pass to our
>>clients the right signal, we cannot second guess who made the decision of
>>the DNT setting and who made it (especially given how many mobile
>>allow for a lot of UA manipulation) - we must simply accept this as the
>>active choice of the user whether they selected it themselves actively or
>>passively by choosing a browser with this default on.  Once we begin to
>>focus on exceptions, the spirit of a simple on/off for a consumers
>>too muddied and their faith in our ability to protect their privacy will
>>be shattered and likely the faith of the FTC or other regulatory or
>>government entities believing that self-regulation can indeed work.
>>Geoff Gieron
>>Director of Global Operations and Compliance
>>O:   +1.480.776.5525
>>M:   +1.602.418.8094
>>Subscribe to the AdTruth Blog <http://blog.adtruth.com/>
>>On 6/12/12 8:59 PM, "Shane Wiley" <wileys@yahoo-inc.com> wrote:
>>>I appreciate that you, as a site owner, do not want that option to
>>>legitimately call out non-compliant UAs to users.  That is your choice
>>>a site owner and you could choose to honor invalid DNT signals.  As W3C
>>>standards are voluntary and the goal is typically to develop a standard
>>>that is broadly adopted (otherwise why develop a standard in the first
>>>place?) then the working group should look to those among us that would
>>>actually be implementing the W3C version of a DNT standard at scale to
>>>get their perspective.  I believe many of us that represent 3rd parties
>>>ourselves or work directly with a large number of 3rd parties the
>>>standard is aimed at are telling the working group that we'd like a
>>>response code to notify a user that we'll not be honoring DNT signals
>>>from non-compliant UAs and provide them with options outside of their
>>>current UA to exercise choice.  The continued discussion of possible
>>>regulatory compliance is our issue to content with - not the W3C's
>>>If the TPWG would like to achieve a broadly implemented standard then an
>>>invalid UA response code should be added to the TPE.  All debate of
>>>whether servers are "appropriately" sending this signal can be held in
>>>public view once the standard is implemented in the real world.  Forcing
>>>Servers to honor invalid DNT signals will ensure nearly no one ever
>>>implements this standard.  If that's the outcome the working group wants
>>>then we should stop work on the standard now and save everyone travel
>>>budgets on the face-to-face to Seattle (why build something no one will
>>>use).  I've yet to hear from a single organization that is the subject
>>>the W3C's version of a DNT standard (a 3rd party - typically an ad
>>>network) to say they'd be willing to move forward with this standard if
>>>they were forced to honor non-compliant UAs (outside of assuming MSFT
>>>If I'm wrong, could a legitimate 3rd party please chime in to tell me
>>> If not, could we please add an "invalid UA response code" to the TPE
>>>response list ("pending review") and we can move forward to other
>>>Thank you,
>>>-----Original Message-----
>>>From: Bjoern Hoehrmann [mailto:derhoermi@gmx.net]
>>>Sent: Tuesday, June 12, 2012 10:14 PM
>>>To: Roy T. Fielding
>>>Cc: public-tracking@w3.org (public-tracking@w3.org)
>>>Subject: Re: Today's call: summary on user agent compliance
>>>* Roy T. Fielding wrote:
>>>>I think you are missing the point.  The DNT signals do not matter if
>>>>the UA's implementation is broken.  A site can choose to do anything
>>>>it wants, including denying all service, provided that what it chooses
>>>>to do is consistent with other claims it has made to this user.
>>>I think I understand the point, but as a site owner I do not want the
>>>option to "second-guess" DNT signals, and as a user I do not want any
>>>site to "second-guess" DNT signals I might be sending, within the con-
>>>fines of "conforms to the DNT specifications", including that I do not
>>>want sites to tell me something meaningless like "If you send DNT:1 we
>>>won't track you, unless we think you might not really mean 'DNT:1'".
>>>My concern here is about "authority". If the DNT specifications say the
>>>W3C will publish, say, a list of User-Agent headers that can or must be
>>>used to filter out broken signals, I'll not complain. But if individual
>>>sites get to decide which DNT signals are broken, then I will complain.
>>>Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>>>Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>>>25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
>>The information contained in this e-mail is confidential and/or
>>proprietary of AdTruth. The information transmitted herewith is intended
>>only for use by the individual or entity to which it is addressed. If you
>>are not the intended recipient, you should not copy, distribute, disclose
>>or use the information it contains, please e-mail the sender immediately
>>and delete this message from your system.
>The information contained in this e-mail is confidential and/or
>of AdTruth. The information transmitted herewith is intended only for use
>the individual or entity to which it is addressed. If you are not the
>intended recipient, you should not copy, distribute, disclose or use the
>information it contains, please e-mail the sender immediately and delete
>this message from your system.
Received on Wednesday, 13 June 2012 19:48:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:48 UTC