- From: Rob van Eijk <rob@blaeu.com>
- Date: Wed, 02 May 2012 23:07:39 +0200
- To: public-tracking@w3.org
On 28-3-2012 20:51, Lauren Gelman wrote:
> I work with small businesses. I think that for sites that have the technical skill to implement targeted ads, it is not unreasonable to ask them to implement DNT. There already are off-the shelf implementations. Here is an open source one for apache.
>
> http://jiboumans.wordpress.com/2012/03/09/be-do-not-track-compliant-in-30-microseconds-or-less/
>
>
Lauren,
I looked at this implementation a bit closer. Krux is operating as a
third party in a first party context. It operates for example at the
popular Dutch website www.nu.nl.
To start, cudo's for setting a DNT cookie (_uid_) to non-persistent and
with a consistent generic expiration data.
A friendly remark however to the author: although DNT is set to 1, the
beacon still return a unique userid (_kuid=Ho7gSZj4):
eg. GET /pixel.gif?_kcp_d=nu.nl&_kuid=Ho7gSZj4
in the same session where the cookies have the value "DNT" ( _kuid_=DNT)
ie. Set-Cookie: _kuid_=DNT; path=/; expires=Fri, 01-Jan-38
00:00:00 GMT; domain=.krxd.net
In sessions with DNT="", the beacon userid and the cookie-ID have the
same value for _kuid_.
So this brings me back to the permitted uses discussion we had in DC.
Even when no unique identifiers are in the cookies when DNT is enabled,
having them in the header will not make the implementation it compliant.
Re-identification on the serverside is a still possible in that case.
kind regards,
Rob
Received on Wednesday, 2 May 2012 21:08:06 UTC