Re: ACTION-255: Work on financial reporting text as alternative to legal requirements from Chris Mejia on 2012-09-27 (public-tracking@w3.org from September 2012)

From: Chris Mejia <chris.mejia@iab.net>
Date: Thu, 27 Sep 2012 22:55:25 +0000
To: Rigo Wenning <rigo@w3.org>, Alan Chapell <achapell@chapellassociates.com>
CC: Tracking WG <public-tracking@w3.org>, Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
Message-ID: <CC8A95A1.24767%chris.mejia@iab.net>

Rigo, I believe the standard of practice in these cases of adherence to
laws/guidelines/specification/regulations is most often interpreted and
regulated via the premise of doing what's reasonably necessary to adhere
(emphasis on reasonable).  As you point out, it's possible for users to
mask their IP address.  In the vast majority of cases however, that's not
done, is not normal and it's certainly not the status quo (you describe
more of an edge case with respect to IP spoofing than what's the norm).
In Alan's real-world scenario, the ad network has to do what's reasonably
required to adhere, and since placing a line trace on every user's IP
address to determine if they are using a proxy to spoof their location
wouldn't be reasonable, assuring that the IP address matches known Geo
locations associated with that IP address is the standard of enforcement--
because it's reasonable, and workable in a production environment.

Best Regards,

Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group |
Interactive Advertising Bureau - IAB

On 9/27/12 11:42 PM, "Rigo Wenning" <rigo@w3.org> wrote:

>Alan, 
>
>On Thursday 27 September 2012 11:55:34 Alan Chapell wrote:
>> Jeff and others have made repeated requests for industry to share
>> specifics on how industry operates. Its sort of frustrating that
>> my attempts to provide an example have been met with such
>> ridicule.
>
>I'm deeply sorry if you feel I was welcoming your thoughts with
>ridicule. I was rather taking the challenge to be as colorful as you
>are. Maybe that went wrong.
>
>Even without DNT:1, it would already be difficult to guarantee that
>a certain IP comes from a certain territory. VPN is your friend
>here, and proxies, and Tor and... So while I take your example
>seriously, people trying to distinguish a user being in UK or not is
>not really realistic. I'm currently using a socks-proxy that re-
>routes my HTTP-traffic via Boston. It is like relying on the number
>plate of the car to determine the nationality of the driver. It's
>often true, but in Europe less and less frequently.
>
>All this is something we have to develop a strategy for. But it is
>no reason for a permitted use. You sounded like striving for a
>permitted use that would just allow to do business and collection as
>usual, even for DNT:1 users.
>
>Rigo
>

Received on Thursday, 27 September 2012 22:56:23 UTC