RE: explicit-explicit exception pairs from Shane Wiley on 2012-05-03 (public-tracking@w3.org from May 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Thu, 3 May 2012 13:27:17 -0700
To: Rigo Wenning <rigo@w3.org>
CC: Kevin Smith <kevsmith@adobe.com>, Matthias Schunter <mts-std@schunter.org>, Jonathan Mayer <jmayer@stanford.edu>, "ifette@google.com" <ifette@google.com>, Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D16AA3168@SP2-EX07VS02.ds.corp.yahoo.com>

Rigo,

Disagree on granularity.  If I say "the 3rd parties I work with = '*' " then it is defined and consent has been reached.

- Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: Thursday, May 03, 2012 1:26 PM
To: Shane Wiley
Cc: Kevin Smith; Matthias Schunter; Jonathan Mayer; ifette@google.com; Nicholas Doty; public-tracking@w3.org
Subject: Re: explicit-explicit exception pairs

Shane, 

I'm surprised to hear that from you because in order to get a web-wide or 
even a site-wide exception, you need this granularity anyway. I also not 
that a consent mechanism could not work that way as the object of the 
consent would be open ended and thus undefined. If you only say * and don't 
tell what it means, there can't be any consent or agreement. 

Best, 

Rigo

On Thursday 03 May 2012 10:44:34 Shane Wiley wrote:
> I know we're not supposed to add "+1" but I do want to pile on a bit here
> to support Kevin and Ian in that I can't see the value in overloading the
> standard to add such a high-level of complexity to meet a very small
> percentage of likely use cases.
> 
> From a web browser vendor perspective, this is going to become fairly
> complex quickly and will likely deter all but the most advanced users
> attempting to manage preferences at this level of granularity.  Those
> very same users are probably savvy enough to simply reset or block 3rd
> party cookies already -- AND/OR -- go into "Privacy Mode" in their
> browser -- AND/OR -- leverage 3rd party tools that already solve much
> (all?) that is attempting to be solved here.
> 
> From a publisher perspective, attempting to support a static list of known
> 3rd parties is going to be significantly difficult to impossible.  And
> the rate of change will require continuous repermissioning of users to
> gain a "user granted exception".  I understand there are a very small
> sub-set of publishers that could find value in the origin/origin
> approach, but appears this weight comes to bear on larger publishers to
> some degree -- all depending on how the UA UI is built (which as we've
> already discussed is going to be fairly complex).
> 
> - Shane

Received on Thursday, 3 May 2012 20:28:01 UTC