- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Thu, 20 Jun 2013 15:04:45 +0100
- To: "'Chris Mejia'" <chris.mejia@iab.net>, "'Rigo Wenning'" <rigo@w3.org>, <public-tracking@w3.org>
- Cc: "'Matthias Schunter \(Intel Corporation\)'" <mts-std@schunter.org>, "'Rob van Eijk'" <rob@blaeu.com>, "'Mike Zaneis'" <mike@iab.net>
Hi Chris, Cumbersome "cookie hardening" would not be needed with a default opted-out philosophy. A far more elegant solution would be one based on requiring an opt-in state stored in the browser. If browser storage is cleared the user's preference for privacy is preserved and this approach would not conflict with a user's intention when blocking third-party cookies. I agree that the HTTP cookie mechanism can be used to respect everyone's fundamental right to privacy and help regain trust in the web, and we should concentrate on that not "how can I get to keep my precious cookies?" Mike -----Original Message----- From: Chris Mejia [mailto:chris.mejia@iab.net] Sent: 20 June 2013 02:26 To: Mike O'Neill; 'Rigo Wenning'; public-tracking@w3.org Cc: 'Matthias Schunter (Intel Corporation)'; 'Rob van Eijk'; Mike Zaneis Subject: Re: Batch closing of TPE related issues Hi Mike, To clarify per your point below, in our current industry self-regulatory program the user has the option to "harden" their opt-out cookies using a browser plug-in that's made freely available to the user for this purpose (and for no other purpose-- i.e. you can't use this plug-in to harden other cookies-- only opt-out cookies). So with the opt out cookies hardened, they are not cleared with all the other cookies that are cleared when a user opts to "clear cookies". Your point below was an early criticism of the industry self-regulatory program, one that we responded to with a good solution that's used by thousands of people today. I actually think our group's work around cookies is short sighted-- if managed well, the cookie is an excellent technical tool to manage online advertising, AND privacy. I wish we'd concentrate our efforts on "if managed well" instead of "let's kill them cookies, they are the agents of evil doers". Best, Chris Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group | Interactive Advertising Bureau - IAB On 6/18/13 8:08 AM, "Mike O'Neill" <michael.oneill@baycloud.com> wrote: >I also agree that using cookies as an opt-out signal is sub optimal. A >user deleting their cookies as a privacy protection tactic will >paradoxically revoke all their carefully arranged opt-outs. Also if >they have set their Firefox browser to block third-party cookies but >accept those from visited sites (which was going to be the default in >Firefox 22) then just accepting an opt-out cookie will allow >third-party cookies from the same site, the opposite to the user's >intention.
Received on Thursday, 20 June 2013 14:05:28 UTC