RE: Further text associated with the change proposal on Unique Identifiers, issue-199 from Mike O'Neill on 2013-10-08 (public-tracking@w3.org from October 2013)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Tue, 8 Oct 2013 10:33:13 +0100
To: "'Shane M Wiley'" <wileys@yahoo-inc.com>, <public-tracking@w3.org>
Cc: "'Geoff Gieron - AdTruth'" <ggieron@adtruth.com>, <jeff@democraticmedia.org>, "'Joseph Lorenzo Hall'" <joe@cdt.org>, "'Alan Chapell'" <achapell@chapellassociates.com>
Message-ID: <2a6801cec409$69779f00$3c66dd00$@baycloud.com>

Hi Shane,

 

On the 20% ad-blocking estimate there is this:
http://www.adexchanger.com/online-advertising/battle-lines-drawn-were-not-al
l-about-blocking-ads-says-no-1-ad-blocker/

This mentions that "Twenty percent of Germans have an ad blocker installed
and there's growing interest in Eastern Europe, Russia, Poland and France"
and that 19% of ads there being blocked in Germany, Austria and Hungary. In
April it was announced that the number of ADB downloads on Firefox had
reached 200M https://adblockplus.org/blog/200-million-firefox-downloads.
Here is a report from back in May 2012 that reports >9% ads being blocked
http://clarityray.com/Content/ClarityRay_AdBlockReport.pdf

 

Ad blocking and cookie blocking technologies in browsers and extensions are
increasingly popular, recently having been boosted by the Snowden
revelations and alarm at the pervasive collection and trading in web
activity data. The recent move by some to bypass browser based third-party
cookie blocking with fingerprinting will only further fuel this arms race. 

 

Some of these technologies are indiscriminate in the features they block and
their widespread use will have a disastrous effect on the web and innovation
in it. I should imagine that developers are already working on extensions
that will block XHR, POSTs etc. from third-party iframes.

 

You are correct saying that my position is that DNT should clearly signal
that tracking should not occur and that unique ids should not be stored,
used or derived when DNT:1  - unless purpose limited for a permitted use. My
opinion is that it is the interest of significant players to commit to
transparently honouring DNT to head-off the use of blockers and help restore
trust in the web economy.

 

Mike

 

 

 

From: Shane M Wiley [mailto:wileys@yahoo-inc.com] 
Sent: 07 October 2013 19:12
To: Mike O'Neill; public-tracking@w3.org
Cc: 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org; 'Joseph Lorenzo
Hall'; Alan Chapell
Subject: RE: Further text associated with the change proposal on Unique
Identifiers, issue-199

 

Mike,

 

Would you agree that in your approach you prohibit the assignment of Unique
Identifiers, either based on random assignment in a cookie or on a digital
fingerprinting technique, when DNT:1?  In this case, you're equating Cookie
IDs and Digital Fingerprints, correct?  I wanted to be clear with the group
that this is your position (this is similar to the position I took earlier
in conversations with John Simpson).

 

- Shane  

 

From: Mike O'Neill [mailto:michael.oneill@baycloud.com] 
Sent: Wednesday, October 02, 2013 5:44 AM
To: public-tracking@w3.org
Cc: 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org; 'Joseph Lorenzo
Hall'; Alan Chapell
Subject: Further text associated with the change proposal on Unique
Identifiers, issue-199

 

Here is some additional text to underline that there should be no browser
fingerprinting when DNT:1.

 

I have slightly improved the definitions, added unique back to the
persistent identifier definition to make it clearer and more consistent to
how the term is used elsewhere in the spec. There is now a new line item 3
below the Third Party Compliance paragraph (non-permitted uses) that
requires no unique ids or fingerprinting when DNT:1.

 

A persistent unique identifier is an arbitrary value held in, or derived
from other data in, the user agent whose purpose is to identify the user
agent in subsequent transactions to a particular web domain. It may be
encoded for example as the name or value attribute of an HTTP cookie, as an
item in localStorage or recorded in some way in the cache. 

 

The duration of a persistent unique identifier is the maximum period of time
it will be retained in the user agent. This could be specified for example
using the Expires or Max-Age attributes of an HTTP cookie so that it is
automatically deleted by the user agent after the specified time period is
exceeded.

 

Browser fingerprinting is a method of tracking individuals based on creating
a persistent identifier from a set of other device specific information,
either inherent in a content request or stored within the user-agent and
accessed by executing rendered script. Such an identifier may not itself
need to be stored in the user-agent as it can be calculated again in
subsequent transactions, and so can have an arbitrarily long duration. 

 

Third Party Compliance.

 

3 . the third party MUST NOT create or use persistent unique identifiers,
either directly or derived using browser fingerprinting methods,  for the
purpose of collecting further information from this user or device.

Received on Tuesday, 8 October 2013 09:33:47 UTC