RE: Indirect DNT Processing (Proposed)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I agree with that (always reply G), for the transparency reason. 

I have already pointed out the impossibility of sending the bidder specific DNT:x but I think Roy's wording is OK and leaves the door open for cross-origin DNT confirmation by other methods, yet to be determined. 

To be clear, the gateway cannot tell a general preference of DNT:0 or DNT unset from  a site specific UGE, which the first-party may have arranged (or the gateway's own web-wide UGE unless it took care never to request one).

So in all cases (unless there exists a mechanism to confirm cross-origin) it must indicate DNT:1 unless it knows that the first-party has not requested a site specific UGE (which remember could be site wide).

But I think that the general (gateway's own) TSR should indicate in its controller property any bidders that may have retained the tracking data. The user/UA has no other way of determining this because there are no embedded resource references. 

In addition, as implied by the existing text but we might as well mention it,  the bidder specific TSR should indicate the identity of the bid winner in its controller property.

Mike

> -----Original Message-----
> From: TOUBIANA Vincent [mailto:vtoubiana@cnil.fr]
> Sent: 17 December 2014 12:55
> To: Tracking Protection Working Group
> Cc: Eijk, drs. ing. R.J.W. van (CBP)
> Subject: RE: Indirect DNT Processing (Proposed)
> 
> 
> Following last week discussion about Roy's proposal, Rob and I suggest to
> remove the third and fourth paragraphs which explain how a gateway could
> send a "N" or "T" response.
> 
> Not only would this increase transparency to users, it would also clarify the role
> of the gateway and make a distinction between the response sent by the
> gateway (i.e. "G") and the response sent by the winning bidder. For instance, this
> could clarify case c).
> 
> Would it be ok to remove the third and fourth paragraph of Roy's proposal?
> 
> Best Regards,
> 
> 
> Vincent Toubiana
> Rob van Eijk
> 
> -----Message d'origine-----
> De : David Singer [mailto:singer@apple.com]
> Envoyé : mercredi 10 décembre 2014 23:29
> À : Justin Brookman
> Cc : Tracking Protection Working Group
> Objet : Re: Indirect DNT Processing (Proposed)
> 
> 
> > On Dec 10, 2014, at 14:21 , Justin Brookman <jbrookman@cdt.org> wrote:
> >
> >> 3. How does this interact with Exceptions? Perhaps some clarifying notes are
> in order?
> >
> > Right, this we discussed on the call, and I'm not entirely sure I understand the
> answer.  I also don't understand how Roy's proposal intersects with Shane's
> separate proposal to allow servers to use cached information about a UGE in
> order to claim an exception.  I know Nick had some concerns about this
> proposal, but I don't know if Roy's proposal was meant to address this issue (or
> reject it by not including).
> >
> > Either way, I imagine a winning bidder who has consent should respond with a
> C in the Tk header field, yes?  It sounds like losers wouldn't be able to retain
> even if they have consent to track (though not sure that's much different than
> how RTB operates today).  It also sounds like the gateway couldn't collect
> tracking data even if it had consent; again, not sure how different that is from
> today if they really are effectively service providers.
> 
> Yes, we need to look at the cases:
> 
> a gateway gets dnt:0 (as a result of an exception, or for other reason) b gateway
> has out of band consent c winning bidder has consent (but gateway doesn't) d
> losing bidder has consent (but gateway doesn't)
> 
> In case (a) I think Roy said that the user is effectively giving consent to the whole
> transaction, that the dnt:0 will pass through to the bidders.  I think that that still
> means that only the winning bidder gets to track.
> 
> In case (b) I guess the gateway itself gets to track, but not pass on permission to
> track?
> 
> In case (c) I guess the winning bidder returns an indication saying it thinks it has
> consent (even though it didn't get a dnt:0)?
> 
> In case (d) I think it's irrelevant; losing bidders never get to track.
> 
> I think we're going to have to explain this a little.
> 
> 
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJUkYpKAAoJEHMxUy4uXm2JzpoIAJRt0+dRWy6D7urmKs0PeNPQ
xfeC5t4H3am+l01KbbOEKgYJengJ6ncssNYzwnBL6TKhnu41aI5+xnXjykCS+Mv0
W+4Br89bZ5Roza/n4WJXJ5pwIM8INiWvfuRIDrGh0tHRtuUdAp8H9/fv/brDZ60X
Q9TdmfSRGZ/75uHxSjhSL0BUq1aewPqIADIHXkAD+ekJZNgItIT+waC4eVeQ0mLx
6qncUgjTc9dSHsZ8mGNJl8yoccwft7vicvASwKF4damu4UB6xkikN0KSG/evRT5D
oQbFQ1Ey5BiAdqCWS4WC8pPQL/GfY4zHNPbaNSyCGoBb9G5YKqvepDL1caa0LVQ=
=o3Do
-----END PGP SIGNATURE-----

Received on Wednesday, 17 December 2014 13:52:01 UTC