Re: Further text associated with the change proposal on Unique Identifiers, issue-199 from David Wainberg on 2013-10-08 (public-tracking@w3.org from October 2013)

From: David Wainberg <dwainberg@appnexus.com>
Date: Tue, 8 Oct 2013 11:02:07 -0400
To: Mike O'Neill <michael.oneill@baycloud.com>
CC: 'Shane M Wiley' <wileys@yahoo-inc.com>, <public-tracking@w3.org>, 'Geoff Gieron - AdTruth' <ggieron@adtruth.com>, <jeff@democraticmedia.org>, 'Joseph Lorenzo Hall' <joe@cdt.org>, 'Alan Chapell' <achapell@chapellassociates.com>
Message-ID: <52541E6F.6070005@appnexus.com>

Hi Mike,

I don't understand the assumption that ad blocking has anything to do 
with DNT and privacy. Can you explain?

-David

On 2013-10-08 5:33 AM, Mike O'Neill wrote:
>
> Hi Shane,
>
> On the 20% ad-blocking estimate there is this: 
> http://www.adexchanger.com/online-advertising/battle-lines-drawn-were-not-all-about-blocking-ads-says-no-1-ad-blocker/
>
> This mentions that "Twenty percent of Germans have an ad blocker 
> installed and there's growing interest in Eastern Europe, Russia, 
> Poland and France" and that 19% of ads there being blocked in Germany, 
> Austria and Hungary. In April it was announced that the number of ADB 
> downloads on Firefox had reached 200M 
> https://adblockplus.org/blog/200-million-firefox-downloads. Here is a 
> report from back in May 2012 that reports >9% ads being blocked 
> http://clarityray.com/Content/ClarityRay_AdBlockReport.pdf
>
> Ad blocking and cookie blocking technologies in browsers and 
> extensions are increasingly popular, recently having been boosted by 
> the Snowden revelations and alarm at the pervasive collection and 
> trading in web activity data. The recent move by some to bypass 
> browser based third-party cookie blocking with fingerprinting will 
> only further fuel this arms race.
>
> Some of these technologies are indiscriminate in the features they 
> block and their widespread use will have a disastrous effect on the 
> web and innovation in it. I should imagine that developers are already 
> working on extensions that will block XHR, POSTs etc. from third-party 
> iframes.
>
> You are correct saying that my position is that DNT should clearly 
> signal that tracking should not occur and that unique ids should not 
> be stored, used or derived when DNT:1  - unless purpose limited for a 
> permitted use. My opinion is that it is the interest of significant 
> players to commit to transparently honouring DNT to head-off the use 
> of blockers and help restore trust in the web economy.
>
> Mike
>
> *From:*Shane M Wiley [mailto:wileys@yahoo-inc.com]
> *Sent:* 07 October 2013 19:12
> *To:* Mike O'Neill; public-tracking@w3.org
> *Cc:* 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org; 'Joseph 
> Lorenzo Hall'; Alan Chapell
> *Subject:* RE: Further text associated with the change proposal on 
> Unique Identifiers, issue-199
>
> Mike,
>
> Would you agree that in your approach you prohibit the assignment of 
> Unique Identifiers, either based on random assignment in a cookie or 
> on a digital fingerprinting technique, when DNT:1?  In this case, 
> you're equating Cookie IDs and Digital Fingerprints, correct?  I 
> wanted to be clear with the group that this is your position (this is 
> similar to the position I took earlier in conversations with John 
> Simpson).
>
> - Shane
>
> *From:*Mike O'Neill [mailto:michael.oneill@baycloud.com]
> *Sent:* Wednesday, October 02, 2013 5:44 AM
> *To:* public-tracking@w3.org <mailto:public-tracking@w3.org>
> *Cc:* 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org 
> <mailto:jeff@democraticmedia.org>; 'Joseph Lorenzo Hall'; Alan Chapell
> *Subject:* Further text associated with the change proposal on Unique 
> Identifiers, issue-199
>
> Here is some additional text to underline that there should be no 
> browser fingerprinting when DNT:1.
>
> I have slightly improved the definitions, added unique back to the 
> persistent identifier definition to make it clearer and more 
> consistent to how the term is used elsewhere in the spec. There is now 
> a new line item 3 below the Third Party Compliance paragraph 
> (non-permitted uses) that requires no unique ids or fingerprinting 
> when DNT:1.
>
> A *persistent unique identifier* is an arbitrary value held in, or 
> derived from other data in, the user agent whose purpose is to 
> identify the user agent in subsequent transactions to a particular web 
> domain. It may be encoded for example as the name or value attribute 
> of an HTTP cookie, as an item in localStorage or recorded in some way 
> in the cache.
>
> The *duration *of a persistent unique identifier is the maximum period 
> of time it will be retained in the user agent. This could be specified 
> for example using the Expires or Max-Age attributes of an HTTP cookie 
> so that it is automatically deleted by the user agent after the 
> specified time period is exceeded.
>
> *Browser fingerprinting* is a method of tracking individuals based on 
> creating a persistent identifier from a set of other device specific 
> information, either inherent in a content request or stored within the 
> user-agent and accessed by executing rendered script. Such an 
> identifier may not itself need to be stored in the user-agent as it 
> can be calculated again in subsequent transactions, and so can have an 
> arbitrarily long duration.
>
> Third Party Compliance.
>
> 3 . the third party MUST NOT create or use persistent unique 
> identifiers, either directly or derived using browser fingerprinting 
> methods,  for the purpose of collecting further information from this 
> user or device.
>

Received on Tuesday, 8 October 2013 15:02:36 UTC