RE: JS Exception API from Andy Zeigler on 2012-03-06 (public-tracking@w3.org from March 2012)

From: Andy Zeigler <andyzei@microsoft.com>
Date: Tue, 6 Mar 2012 23:32:47 +0000
To: Kevin Smith <kevsmith@adobe.com>, Tom Lowenthal <tom@mozilla.com>
CC: "public-tracking@w3.org" <public-tracking@w3.org>, Nicholas Doty <npdoty@w3.org>
Message-ID: <0F7D108E1379EE45AE5867800F8DB18D9E314C5E@TK5EX14MBXC126.redmond.corp.microsoft.>

If it isn't feasible for 1st-parties to know which 3rd-parties will render on their site, then websites will just use "*". 

If sites only use "*", then I agree with you that it makes sense to scrap the per-3rd-party affordance altogether, as it has the side effect of massively simplifying implementations, *and* it solves the "DNT value accessibility from Javascript" issue. In other words, there would only be one possible DNT value per DOM, which means that any 3rd-party script will get the correct value. 

Thanks,

Andy

-----Original Message-----
From: Kevin Smith [mailto:kevsmith@adobe.com] 
Sent: Tuesday, March 06, 2012 3:17 PM
To: Tom Lowenthal
Cc: public-tracking@w3.org; Andy Zeigler; Nicholas Doty
Subject: RE: JS Exception API

I completely agree.  That is why I think the exception should live at the 1st party level, which works for both the site in decision making ahead of time, as well as the user, since the 1st party is the trusted entity.

-----Original Message-----
From: Tom Lowenthal [mailto:tom@mozilla.com]
Sent: Tuesday, March 06, 2012 1:18 PM
To: Kevin Smith
Cc: public-tracking@w3.org; Andy Zeigler; Nicholas Doty
Subject: Re: JS Exception API

On 03/05/2012 02:08 PM, Kevin Smith wrote:
> One more thought.  It's also critical that the 1st party knows upfront 
> whether it has an exception or not, because under DNT:1, it may choose 
> to use completely different 3rd party services (ie - to maximize cpm, 
> they may choose to go with 1 ad exchange for targeted ads, but a 
> completely different one for truly random ads)
>
> Its not acceptable to have to try to make these decisions after the page has loaded and requests have succeeded or failed.  It makes for a more expensive and complicated implementation and a poorer user experience, so again, a site would not implement it.
> 
> Again, I am ok with having the option to pass it an array of 3rd party services, but it would be a very poor API indeed which required a parameter in which everyone used the same value.

If you think it's troublesome for the publisher, just think how difficult it is for the user. They need to consent *in advance* to allow themselves to be tracked by a list of parties which is so difficult to corral that not even the publishers knows in advance who's on it? That doesn't seem credible, either from the point of view of making a useful tool, or from the point of view of getting real consent.

Received on Tuesday, 6 March 2012 23:33:32 UTC