Re: Confused by DAA's messages. Please explain

Shane,

Not to beat a dead horse – how does the server know that they do not recognize the particular DNT:1 signal? It's a binary signal – the client sent it, the server receives and that's it. There is no way for the server to know from that single 'bit' who set it, what set it, or where along the conversation it was set, unless they suspect – in which case there has to be 'corroborating evidence' which they must supply back to the user.

But we now enter a loop – what's the corroborating evidence that leads the server to the conclusion that this binary signal might be suspect? Unless there is some sort of quantum effect going on inside that bit there is NO ambiguity which is exactly what Do Not Track was designed to be from the get go – link to: The History of the Do Not Track header<http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html>

If it looks like a 1, sounds like a 1 then it's a 1 – there is no ambiguity not even perceived.


Peter


From: Shane Wiley <wileys@yahoo-inc.com<mailto:wileys@yahoo-inc.com>>
Date: Wednesday, July 10, 2013 9:37 AM
To: "Peter J. Cranstone" <peter.cranstone@3pmobile.com<mailto:peter.cranstone@3pmobile.com>>, John Simpson <john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>>, Mike Zaneis <mike@iab.net<mailto:mike@iab.net>>, Marc Groman <mgroman@networkadvertising.org<mailto:mgroman@networkadvertising.org>>, Jack Hobaugh <jack@networkadvertising.org<mailto:jack@networkadvertising.org>>
Cc: "public-tracking@w3.org<mailto:public-tracking@w3.org> List" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: RE: Confused by DAA's messages. Please explain

Peter,

The Server would need to notify the user they are not recognizing the particular DNT:1 signal and provide a link for further information for why this occurring.

- Shane

From: Peter Cranstone [mailto:peter.cranstone@3pmobile.com]
Sent: Wednesday, July 10, 2013 4:05 PM
To: Shane Wiley; John Simpson; Mike Zaneis; Marc Groman; Jack Hobaugh
Cc: public-tracking@w3.org<mailto:public-tracking@w3.org> List
Subject: Re: Confused by DAA's messages. Please explain

Shane,

Thanks for the thoughtful response. I'm trying to think of the corner case that generates this 'exception'. The current spec says that there are two settings for DNT… 1 and unset. If I send 'unset' (it's a value) then the server just goes about business as normal. In the second case I can only send a 1. The server now has two options – accept the signal OR send a UGE request. The server has to send something to the user otherwise the user has no idea what just happened to trigger the condition which is causing the signal to be disregarded. So IMO the burden is always on the server to notify the user.



Peter


From: Shane Wiley <wileys@yahoo-inc.com<mailto:wileys@yahoo-inc.com>>
Date: Wednesday, July 10, 2013 8:51 AM
To: "Peter J. Cranstone" <peter.cranstone@3pmobile.com<mailto:peter.cranstone@3pmobile.com>>, John Simpson <john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>>, Mike Zaneis <mike@iab.net<mailto:mike@iab.net>>, Marc Groman <mgroman@networkadvertising.org<mailto:mgroman@networkadvertising.org>>, Jack Hobaugh <jack@networkadvertising.org<mailto:jack@networkadvertising.org>>
Cc: "public-tracking@w3.org<mailto:public-tracking@w3.org> List" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: RE: Confused by DAA's messages. Please explain

Peter,

I agree with you that since so many different parties can activate DNT:1 in the page request header, it would be difficult to disambiguate which one inappropriately added the signal outside of compliance (as you point out, a user may have actually turned on DNT in IE10 – how do you tell that outcome from a user that simply allowed the default to flow through as is).  I can only think of corner cases which would drive this outcome but the point is that the user should know that something about their setup is causing a non-compliant signal to be received (I’m assuming the details would be provided for the user if they’re interested).  Rather than the burden being on the server to confirm with the user, this provides a mechanism for the burden to be placed on the user to decide if they wish to continue to use this site and alter the setting that is causing the disregard signal being sent.

- Shane

From: Peter Cranstone [mailto:peter.cranstone@3pmobile.com]
Sent: Wednesday, July 10, 2013 3:40 PM
To: Shane Wiley; John Simpson; Mike Zaneis; Marc Groman; Jack Hobaugh
Cc: public-tracking@w3.org<mailto:public-tracking@w3.org> List
Subject: Re: Confused by DAA's messages. Please explain

Shane,

Can you please give a clear and unambiguous example of what constitutes a 'non-compliant' signal.

I have asserted since the beginning that because the W3C chose to make the signal values binary, there is NO way to distinguish WHO set the signal without asking for a UGE or confirmation. IMO there is NO such thing as a non-compliant signal. It simply doesn't exist in the spec.

If you think it does then please show case the example of how you know that the signal is invalid.




Peter


From: Shane Wiley <wileys@yahoo-inc.com<mailto:wileys@yahoo-inc.com>>
Date: Wednesday, July 10, 2013 7:41 AM
To: John Simpson <john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>>, Mike Zaneis <mike@iab.net<mailto:mike@iab.net>>, Marc Groman <mgroman@networkadvertising.org<mailto:mgroman@networkadvertising.org>>, Jack Hobaugh <jack@networkadvertising.org<mailto:jack@networkadvertising.org>>
Cc: "public-tracking@w3.org<mailto:public-tracking@w3.org> List" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Subject: RE: Confused by DAA's messages. Please explain
Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Wednesday, July 10, 2013 7:43 AM

John,

I tried to answer this several weeks ago.  While its believe most, perhaps all, DNT:1 signals will be honored we should still hold out the option to disregard an obviously non-compliant signal.  This will provide balance within the eco-system that all parties activating DNT:1 should do this in compliance with the W3C DNT standard as there is a threat their signal will be disregarded if they do not.  As I stated previously, it’s often difficult to disambiguate between “good” and “bad” DNT:1 signals, so the industry proposal is a path forward where we bias towards accepting most DNT:1 signals but still hold the threat of being able to disregard truly non-compliant and observable situations to keep everyone honest.

- Shane

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Friday, July 05, 2013 5:47 PM
To: Mike Zaneis; Marc Groman; Jack Hobaugh; Shane Wiley
Cc: public-tracking@w3.org<mailto:public-tracking@w3.org> List
Subject: Confused by DAA's messages. Please explain

Colleagues,

I am trying to reconcile Mike Zaneis' description of the new industry position during Wednesday's call with what is actually written in the DAA proposal document.

Here is Mike's characterization as recorded in the minutes:


"zaneis: My members seeing 20-25% of user base sending flag. Early on, our position had been: perhaps the W3C could standardize the DNT signal, and we would treat that as an industry opt-out.
... That is no longer tenable.
... We expect DNT:1 signals to approach 50% in short-term.

<johnsimpson> you have 25 percent DNT flags because people do not want to be tracked.

zaneis: No longer want to try to distinguish between what DNT:1 signals are legitimate and which are not.

<jmayer> I also agree with David. We worked *very* hard to quickly compile issue-by-issue proposals and rationales, as the chairs requested. The stakeholders who declined to follow that constructive and substantive process are being rewarded with extra time and focus.

zaneis: Now, within industry, we've decided to take a different approach, and focus on deidentification. Hope that could be a way to make consensus.
... Yes, we had fought tooth and nail on the default and UI issue, and we're now willing to take those off the table in the name of progress. Now the question is what level of deidentification is appropriate and implementable. We want to have that discussion."

Yet in Section 4 -- First Party Compliance,  the authors of the "DAA" text (whoever they are) have inserted "Parties that disregard a DNT signal MUST respond to the user agent, using the response mechanism defined in the [TRACKING -DNT] specification."

This seems to flatly contradict what Mike said is the industry's new position.  If you don't distinguish between DNT:1 signals why would you disregard one and send a message that you are doing so?

Can someone please explain this discrepancy?

Regards,
John

Received on Wednesday, 10 July 2013 15:52:02 UTC