W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

RE: explicit-explicit exception pairs

From: Kevin Smith <kevsmith@adobe.com>
Date: Wed, 2 May 2012 13:49:41 -0700
To: Matthias Schunter <mts-std@schunter.org>, Rigo Wenning <rigo@w3.org>
CC: Jonathan Mayer <jmayer@stanford.edu>, "ifette@google.com" <ifette@google.com>, Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <6E120BECD1FFF142BC26B61F4D994CF307D0A02792@nambx07.corp.adobe.com>
I really do not understand this proposal.  This seems to incorporate all of the negatives of explicit-explicit exceptions without realizing the possible benefits.  The ad network (and so on down the chain) does not have direct interaction with the user.  How would they add elements to the list and when would that list be shown to the user?  It would be impossible to show it to the user at a useful time, such as early enough for the publisher to make an intelligent decision based on the outcome.

So, the standard still requires the complication of explicit/explicit exceptions.  The browsers still have to support it.  Implementing 1st parties still have the expense of partial exceptions, and yet users still do not know all 3rd parties involved.  Sounds like the worst of all worlds.

Kevin Smith  |  Engineering Manager  |  Adobe  |  385.221.1288 |  kevsmith@adobe.com

-----Original Message-----
From: Matthias Schunter [mailto:mts-std@schunter.org] 
Sent: Wednesday, May 02, 2012 1:35 PM
To: Rigo Wenning
Cc: Jonathan Mayer; ifette@google.com; Nicholas Doty; public-tracking@w3.org
Subject: Re: explicit-explicit exception pairs


I second Rigo's point that the following solution seems workable while satisfying our requirements:
1. A site only needs to declare the third parties that it directly uses (e.g., an ad network) 2. A site is not required to name any other third parties that are then used indirectly (e.g., recursively loaded ads) 3. The ad network (in this example) is then permitted to further include any subsequent third parties
    (i.e.  the ad network basically obtains a "*" exception for its third parties)

This has the following advantages (from my subjective point of view) 1. The user will obtain some transparency and choice 2. The list of third parties should be limited and known to the 1st party 3. The UI should be manageable and the feedback/consent somewhat meaningful 4. The ad network will then inherit some responsibility (at least in in the EU context)

What do others think?


On 02/05/2012 17:34, Rigo Wenning wrote:
> The legal solution that results in the right incentives is simple. 
> Make the site responsible for the choice of services they make. We can 
> at least write that assumption into the compliance Spec or in the "how-to".
> I don't believe we should go down the DRM - route and want to control 
> every subservice of a subservice, neither technically nor legally. 
> This is guaranteed to go wrong. We know that from DRM. It would also 
> overcharge the DNT Specifications IMHO.
> Rigo
> On Monday 30 April 2012 16:09:51 Jonathan Mayer wrote:
>> 2) How does a website determine which third parties presently have an 
>> exception?
>> I agree that this is a non-trivial problem for websites with many 
>> third parties, especially chained third parties.  I disagree that 
>> it's a particularly challenging problem, as I've explained several 
>> times in other threads.  Moreover, it's a problem that already exists 
>> for the self-regulatory opt-out programs.  At any rate, if local law 
>> allows, those websites might choose to use a site-wide exception.  
>> Allowing explicit-explicit exceptions doesn't make the problem any harder.
Received on Wednesday, 2 May 2012 20:52:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:42 UTC