RE: tracking-ISSUE-219 (Context separation): 3rd parties that are 1st parties must not use data across these contexts [Compliance Current] from Mike O'Neill on 2013-10-04 (public-tracking@w3.org from October 2013)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Fri, 4 Oct 2013 14:21:34 +0100
To: "'David Wainberg'" <dwainberg@appnexus.com>
Cc: "'Rob Sherman'" <robsherman@fb.com>, "'Walter van Holst'" <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>
Message-ID: <247c01cec104$a632f370$f298da50$@baycloud.com>

David,

They are not "required", the spec says they are allowed if there is no
reasonable alternative. I already posted a way to do unique visitor
detection without unique ids.

Mike


-----Original Message-----
From: David Wainberg [mailto:dwainberg@appnexus.com] 
Sent: 04 October 2013 13:54
To: Mike O'Neill
Cc: 'Rob Sherman'; 'Walter van Holst'; public-tracking@w3.org
Subject: Re: tracking-ISSUE-219 (Context separation): 3rd parties that are
1st parties must not use data across these contexts [Compliance Current]

Mike,

On 2013-10-03 11:11 AM, Mike O'Neill wrote:
> Rob,
>
> The problem is not customisation per se but relying on the use of 
> persistent unique ids to do it. If you do not track you do not need 
> unique ids - you can still customise with low entropy cookies i.e. ("I 
> prefer green like buttons", "My preferred language is German"). Using 
> unique ids also lets you collect web activity. If someone has DNT set 
> and you do not have a permitted use you do not need to store or use (or
derive) unique ids.
I'm glad you agree that customization itself is not the issue.

I don't think it's feasible to not have unique IDs, especially since they
are required for the permitted uses.

Best,

David

Received on Friday, 4 October 2013 13:22:12 UTC