- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Sat, 23 Mar 2013 15:09:15 -0000
- To: "'Ronan Heffernan'" <ronansan@gmail.com>
- Cc: "'Rob van Eijk'" <rob@blaeu.com>, "'Roy T. Fielding'" <fielding@gbiv.com>, "'Justin Brookman'" <justin@cdt.org>, <public-tracking@w3.org>
- Message-ID: <03b701ce27d8$64c69c40$2e53d4c0$@baycloud.com>
Hi Ronan, I meant that you do not need to use OOBC, the DNT:0 in-band consent would work fine if you had JS tags or not. You just need to let your panel-members easily give your domain(s) web wide tracking consent and you are done. Connecting people's web history with long duration persistent identifiers is tracking in my book, and this standard is about giving people the ability to refuse it. Mike From: Ronan Heffernan [mailto:ronansan@gmail.com] Sent: 23 March 2013 14:46 To: Mike O'Neill Cc: Rob van Eijk; Roy T. Fielding; Justin Brookman; public-tracking@w3.org Subject: Re: TPE Handling Out-of-Band Consent (including ISSUE-152) We also use JavaScript tags, not just pixel tags, though which one we use is up to the publisher, not up to us. Using JavaScript tags does not help us with real-time OOBC determination; the limitations are server-side, and if we could do real-time JS-tag lookup, we could do real-time pixel-tag lookup; neither lookup is possible. Any kind of interaction with the user will most likely not be allowed to occur, since few publishers will want their user experience turned to crap by having the user interact with either User Agent pop-ups or custom pages from third parties. Even if all of that were not an issue, using the in-band exception mechanism would skew research horribly, and the balanced and tuned panels constructed by our Measurement Science department would be replaced by biased and un-measurable crowds. None of those mechanisms or outcomes are acceptable. I don't understand why you think that non-real-time determination of OOBC undermines the standard, as long as only permitted uses are followed. How is there "tracking" if users for whom there is no consent have their data de-identified to the same level that is required for DNT:1 users, before any use? --ronan On Sat, Mar 23, 2013 at 7:02 AM, Mike O'Neill <michael.oneill@baycloud.com> wrote: It would be very easy to set up a page (that includes JS) with a document origin the same as the 1x1 gif hostname., then execute the API to get consent. A panel member just needs to visit the page and click a "I agree I am a member of the panel" button. If they must run with JS disabled they just need to set the DNT general pref. to 0. We do not need to change the TPE for this and we are undermining the core reason for the standard if we allow an exemption for it. Mike
Received on Saturday, 23 March 2013 15:09:55 UTC