- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 8 Oct 2013 16:28:06 +0100
- To: "'David Wainberg'" <dwainberg@appnexus.com>
- Cc: "'Shane M Wiley'" <wileys@yahoo-inc.com>, <public-tracking@w3.org>, "'Geoff Gieron - AdTruth'" <ggieron@adtruth.com>, <jeff@democraticmedia.org>, "'Joseph Lorenzo Hall'" <joe@cdt.org>, "'Alan Chapell'" <achapell@chapellassociates.com>
- Message-ID: <2b9f01cec43a$fd50c7c0$f7f25740$@baycloud.com>
Hi David, I am bundling ad blocker & cookie blocker browser extensions along with privacy settings on browsers that block third-party cookies. What they all have in common is giving the user control over network interactions motivated by a wish to render tracking techniques ineffective. They all more or less act to enforce a users' requirement for privacy. There are other reasons to use ad blockers such as not wishing to see any ads even contextual, but IMO this is less a motivation than the privacy one. If DNT was a clearly defined signal, transparently honoured by advertisers and others, there would be less reason for people to resort to these technologies, and less reason for browsers to enable them by default. Mike From: David Wainberg [mailto:dwainberg@appnexus.com] Sent: 08 October 2013 16:02 To: Mike O'Neill Cc: 'Shane M Wiley'; public-tracking@w3.org; 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org; 'Joseph Lorenzo Hall'; 'Alan Chapell' Subject: Re: Further text associated with the change proposal on Unique Identifiers, issue-199 Hi Mike, I don't understand the assumption that ad blocking has anything to do with DNT and privacy. Can you explain? -David On 2013-10-08 5:33 AM, Mike O'Neill wrote: Hi Shane, On the 20% ad-blocking estimate there is this: http://www.adexchanger.com/online-advertising/battle-lines-drawn-were-not-al l-about-blocking-ads-says-no-1-ad-blocker/ This mentions that "Twenty percent of Germans have an ad blocker installed and there's growing interest in Eastern Europe, Russia, Poland and France" and that 19% of ads there being blocked in Germany, Austria and Hungary. In April it was announced that the number of ADB downloads on Firefox had reached 200M https://adblockplus.org/blog/200-million-firefox-downloads. Here is a report from back in May 2012 that reports >9% ads being blocked http://clarityray.com/Content/ClarityRay_AdBlockReport.pdf Ad blocking and cookie blocking technologies in browsers and extensions are increasingly popular, recently having been boosted by the Snowden revelations and alarm at the pervasive collection and trading in web activity data. The recent move by some to bypass browser based third-party cookie blocking with fingerprinting will only further fuel this arms race. Some of these technologies are indiscriminate in the features they block and their widespread use will have a disastrous effect on the web and innovation in it. I should imagine that developers are already working on extensions that will block XHR, POSTs etc. from third-party iframes. You are correct saying that my position is that DNT should clearly signal that tracking should not occur and that unique ids should not be stored, used or derived when DNT:1 - unless purpose limited for a permitted use. My opinion is that it is the interest of significant players to commit to transparently honouring DNT to head-off the use of blockers and help restore trust in the web economy. Mike From: Shane M Wiley [mailto:wileys@yahoo-inc.com] Sent: 07 October 2013 19:12 To: Mike O'Neill; public-tracking@w3.org Cc: 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org; 'Joseph Lorenzo Hall'; Alan Chapell Subject: RE: Further text associated with the change proposal on Unique Identifiers, issue-199 Mike, Would you agree that in your approach you prohibit the assignment of Unique Identifiers, either based on random assignment in a cookie or on a digital fingerprinting technique, when DNT:1? In this case, you're equating Cookie IDs and Digital Fingerprints, correct? I wanted to be clear with the group that this is your position (this is similar to the position I took earlier in conversations with John Simpson). - Shane From: Mike O'Neill [mailto:michael.oneill@baycloud.com] Sent: Wednesday, October 02, 2013 5:44 AM To: public-tracking@w3.org Cc: 'Geoff Gieron - AdTruth'; jeff@democraticmedia.org; 'Joseph Lorenzo Hall'; Alan Chapell Subject: Further text associated with the change proposal on Unique Identifiers, issue-199 Here is some additional text to underline that there should be no browser fingerprinting when DNT:1. I have slightly improved the definitions, added unique back to the persistent identifier definition to make it clearer and more consistent to how the term is used elsewhere in the spec. There is now a new line item 3 below the Third Party Compliance paragraph (non-permitted uses) that requires no unique ids or fingerprinting when DNT:1. A persistent unique identifier is an arbitrary value held in, or derived from other data in, the user agent whose purpose is to identify the user agent in subsequent transactions to a particular web domain. It may be encoded for example as the name or value attribute of an HTTP cookie, as an item in localStorage or recorded in some way in the cache. The duration of a persistent unique identifier is the maximum period of time it will be retained in the user agent. This could be specified for example using the Expires or Max-Age attributes of an HTTP cookie so that it is automatically deleted by the user agent after the specified time period is exceeded. Browser fingerprinting is a method of tracking individuals based on creating a persistent identifier from a set of other device specific information, either inherent in a content request or stored within the user-agent and accessed by executing rendered script. Such an identifier may not itself need to be stored in the user-agent as it can be calculated again in subsequent transactions, and so can have an arbitrarily long duration. Third Party Compliance. 3 . the third party MUST NOT create or use persistent unique identifiers, either directly or derived using browser fingerprinting methods, for the purpose of collecting further information from this user or device.
Received on Tuesday, 8 October 2013 15:28:45 UTC