- From: Nicholas Doty <npdoty@w3.org>
- Date: Thu, 8 Mar 2012 14:06:19 -0800
- To: Sean Harvey <sharvey@google.com>
- Cc: Kevin Smith <kevsmith@adobe.com>, "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
On Mar 8, 2012, at 11:45 AM, Sean Harvey wrote: > at a high level this would be new functionality in the ecosystem. there is no such thing as a site-specific exemption or site-specific cookie for an ad servers, etc. coming from a third party domain. > > i also agree that this is probably not practically implementable by anyone -- one potential implementation would involve domain-specific cookies in a sub-domain of the third party, but this would mean potentially thousands of cookies on the client browser where previously only one existed. Which does not sound like an ideal outcome. Sorry, I'm not sure I understand here. As proposed, the user-agent-managed site-specific exception would be handled by the browser (choosing when to send DNT:0) rather than asking the ad server or other third-parties to create separate cookies to manage that state for each first-party site. Right now when an ad network receives a request from a browser that has an opt-out cookie for that network, it has to use a different behavior (not showing a targeted ad) no matter what the first-party site is, right? Can these site-specific exception headers prompt per-request behavior in the same way that an opt-out cookie does? Or is the concern that site-specific exceptions would require siloing of data and that requires different cookies for each first-party site? My take on Vincent and Kevin's question: Do first-party publishers get any indication from the user or the third-party that the user has an opt-out cookie installed and is potentially generating less revenue for the publisher? Thanks, Nick
Received on Thursday, 8 March 2012 22:06:32 UTC