- From: TOUBIANA Vincent <vtoubiana@cnil.fr>
- Date: Sat, 1 Nov 2014 16:49:46 +0100
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, "Tracking Protection Working Group" <public-tracking@w3.org>
- Message-ID: <01A1856C4999FF4287CCB37912A708EB04E12A8F@srv-cnilexc.cnil.fr>
> We don't require ISPs and routers to respond to DNT, yet they are sharing just as much information as an HTTP recipient. Why? Because we assume (incorrectly) that they are service providers for the user agent. Likewise, we provide definitions to allow service providers for a given service to answer on behalf of the owner of that service, because doing so within the restrictions of a service provider contract makes them no worse for privacy than interacting with the owner directly. TPE focuses on interaction between user agent and servers ; ISP routers -- and as you noticed recently User-Agentss http://www.w3.org/2011/tracking-protection/track/issues/263 -- are not the recipient of the signal. > What Shane has described is a fairly unusual form of service provider because it is acting on behalf of many parties (most of which are likely to be third parties, but some might be the first party). I didn't include that use case in the current design of TPE. However, it is fair to say that it does exist, and that it won't be disappearing just because the TPWG finds it inconvenient or even alarming. Ad exchange are not Service Providers under the current definition, they will certainly not disappear which does not mean they should not comply if they want to respect the DNT signal. Since they are not service providers, when they share the data about an interaction with other third parties, they should inform the user-agent that they disregarded the DNT signal and send the "D" response. It is likely that some ad-exchange will follow one of the proposed privacy-friendly approach and should be able to differentiate themselves and let users know that they comply. > Our task is therefore to make the use case transparent and to include enough requirements to make the 1:N gateway capable of communicating enough of DNT's semantics so that only a deliberately non-conforming origin server (bidder) would fail to adhere to them. Our task is to define a protocol which convey the user's tracking preference expression and to let him/her know when this preference is not respected. > After all, this use case only impacts the DNT response, which is largely irrelevant to users of DNT. We disagree on that last point, we clearly have different objectives and I'm fairly confident (and I think I'm not the only one in this WG) that many users will actually care about the DNT response.
Received on Saturday, 1 November 2014 15:51:17 UTC