W3C home > Mailing lists > Public > public-tracking@w3.org > May 2012

Re: Initial feedback on the well-known URI Proposal

From: Rob van Eijk <rob@blaeu.com>
Date: Wed, 02 May 2012 23:07:39 +0200
Message-ID: <4FA1A21B.3010300@blaeu.com>
To: public-tracking@w3.org
On 28-3-2012 20:51, Lauren Gelman wrote:
> I work with small businesses.  I think that for sites that have the technical skill to implement targeted ads, it is not unreasonable to ask them to implement DNT.  There already are off-the shelf implementations.  Here is an open source one for apache.
> http://jiboumans.wordpress.com/2012/03/09/be-do-not-track-compliant-in-30-microseconds-or-less/

I looked at this implementation a bit closer. Krux is operating as a 
third party in a first party context. It operates for example at the 
popular Dutch website www.nu.nl.

To start, cudo's for setting a DNT cookie (_uid_) to non-persistent and 
with a consistent generic expiration data.

A friendly remark however to the author: although DNT is set to 1, the 
beacon still return a unique userid (_kuid=Ho7gSZj4):
     eg.    GET /pixel.gif?_kcp_d=nu.nl&_kuid=Ho7gSZj4
in the same session where the cookies have the value "DNT" ( _kuid_=DNT)
     ie.    Set-Cookie: _kuid_=DNT; path=/; expires=Fri, 01-Jan-38 
00:00:00 GMT; domain=.krxd.net

In sessions with DNT="", the beacon userid and the cookie-ID have the 
same value for _kuid_.

So this brings me back to the permitted uses discussion we had in DC. 
Even when no unique identifiers are in the cookies when DNT is enabled, 
having them in the header will not make the implementation it compliant. 
Re-identification on the serverside is a still possible in that case.

kind regards,
Received on Wednesday, 2 May 2012 21:08:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:42 UTC