- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 26 Apr 2013 12:55:22 -0700
- To: Rigo Wenning <rigo@w3.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Apr 26, 2013, at 11:42 AM, Rigo Wenning wrote: > On Friday 26 April 2013 01:31:29 Roy T. Fielding wrote: >> I don't think I was clear. Currently, the only advantage the UGE >> framework has is that it doesn't get cleared when cookies get cleared. >> If that isn't true, we should delete the entire framework and replace >> it with a named cookie that is sent along with the DNT:1 signal. Then >> we wouldn't have to wait until all browsers implement UGEs and we >> wouldn't have to implement two different opt-in consent mechanisms. > > The argument so far was to provide a persistent store that would survive > clearing cookies. This was one of the main selling arguments for DNT. As > people clear cookies once a month at least, the exceptions would not be > persistent at all. If this is the case, we would not need any DNT - > header anyway as the entire thing could operate with cookies. Well, no, the DNT header field needs to be more persistent than a cookie and I don't want sites to be able to set its value. What I meant is that the DNT header field would always be sent with the user's general preference and a specially named cookie would be set by sites after they have confirmed an exception with the user. This would not be a problem in the EU because the consent dialog would be asking permission to set the consent cookie. After consent is granted, the site sets a cookie and the user agent would thereafter send something like DNT: 1 Cookie: w3dnt=0 to indicate that an exception has been granted to this site. Hence, the w3dnt cookie acts as the opt-in signal when DNT:1 is being sent, or when no DNT is sent for regional contexts that require an opt-in. Cookies are safe to use as an opt-in because the result of a general cookie purge would be a reversion to DNT:1 (or the regional default for unset). This mechanism would work for all existing browsers. There would be no need for an additional database for UGE. There would be no need for an additional database lookup on every request because it just gets dropped into the cookie lookup the browser already does. Browsers could then be extended to support additional manipulations of these named cookies within their normal cookie storage, including a UI for managing such cookies and options for *not* clearing them when the other cookies are cleared. This would work only for updated browsers, and could be entirely defined by competition in the browser space. The drawback of this mechanism is that sites can't set the cookie for other sites in their same-party that do not share the same TLD. I can live with that. Yes, it is less good for multisite parties than a fully functional UGE API which can provide an exception to an entire array of sites in one go. OTOH, it has already been implemented by browsers and would allow us to implement a single opt-in mechanism for all of them (including old browsers). A harder question is what to do about ad auctions wherein the user has consented for personalization at this site (including its ads) but does not consent to the unknown ad auction companies harvesting their data. For that scenario, I would allow the site to send a signal to the auction (in the form of a URI parameter indicating the site has consent for personalization of ads) that would allow auction participants to see both DNT:1 and that signal and know that they can use the data they already know about the user, and the context of the page in which this ad is appearing, but cannot use the data received in *this* ad request for later tracking or append unless it will be siloed by first party or the user has separately consented to tracking by the ad provider (i.e., the user already has another w3dnt cookie set for that third party). Hence, the ads can then be personalized for a site without the user consenting to further tracking of this request by the third party, which I am hoping would satisfy Aleecia's concern and enable ad-revenue dependent sites to support DNT without losing the substantial premium of auction-based ads. Cheers, Roy T. Fielding <http://roy.gbiv.com/> Senior Principal Scientist, Adobe <https://www.adobe.com/>
Received on Friday, 26 April 2013 19:55:52 UTC