- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 28 Mar 2012 18:26:11 +0200
- To: Vincent Toubiana <v.toubiana@free.fr>
- Cc: Shane Wiley <wileys@yahoo-inc.com>, David Singer <singer@apple.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
On Mar 28, 2012, at 11:17 AM, Vincent Toubiana wrote: > Shane, > > IMHO it just means "I'm ok being tracked on this site". I believe this is quite different, I trust my bank website but would not be ok to be tracked while I'm browsing it. > Furthermore, trusting a website is not enough if even the 1st party does not know which third parties will be called on its site (it can not trust them). > > Vincent The first party doesn't need to know what domains are being used by third-party ad services because it is the exchange that monitors and enforces compliance with its own service policies. Otherwise, you would see inappropriate ads all the time (because the bad guys always bid more and don't pay the bill). The first party needs to trust the exchange. More importantly, IIRC, the decision about what ad service is selected is highly dependent on context, with much of that context being potentially identifiable of a user (because there is no minimum sample size), so once the process of using an ad exchange has begun ... we are wasting our time worrying further about tracking that request. I agree with Kevin. The site-specific exception model doesn't work unless it includes all subrequests on the first-party page. If a user doesn't want to be tracked, they need to send DNT:1 to everyone. If a first party doesn't want DNT:1 users, then they have to convince the user to turn it off or design a separate site that tracks based on account login and prior consent. Regardless, first-parties will have to communicate with ad exchanges (via contract or parameter passing) about how to handle clients that send DNT:0 (or no header at all) to the first-party but DNT:1 to its ad servers. A UI for selective exceptions of specific domains per first-party site is worse than useless. ....Roy
Received on Wednesday, 28 March 2012 16:26:44 UTC