W3C home > Mailing lists > Public > public-tracking@w3.org > November 2014

RE: ISSUE-262: guidance regarding server responses and timing

From: TOUBIANA Vincent <vtoubiana@cnil.fr>
Date: Sat, 1 Nov 2014 16:49:46 +0100
Message-ID: <01A1856C4999FF4287CCB37912A708EB04E12A8F@srv-cnilexc.cnil.fr>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, "Tracking Protection Working Group" <public-tracking@w3.org>

> We don't require ISPs and routers to respond to DNT, yet they are sharing
just as much information as an HTTP recipient.  Why?  Because we assume
(incorrectly) that they are service providers for the user agent.  Likewise,
we provide definitions to allow service providers for a given service to
answer on behalf of the owner of that service, because doing so within the
restrictions of a service provider contract makes them no worse for privacy
than interacting with the owner directly.

TPE focuses on interaction between user agent and servers ; ISP routers  -- and as you noticed recently User-Agentss http://www.w3.org/2011/tracking-protection/track/issues/263 -- are not the recipient of the signal.


> What Shane has described is a fairly unusual form of service provider
because it is acting on behalf of many parties (most of which are
likely to be third parties, but some might be the first party).
I didn't include that use case in the current design of TPE.
However, it is fair to say that it does exist, and that it won't be
disappearing just because the TPWG finds it inconvenient or even
alarming.

Ad exchange are not Service Providers under the current definition, they will certainly not disappear which does not mean they should not comply if they want to respect the DNT signal. Since they are not service providers, when they share the data about an interaction with other third parties, they should inform the user-agent that they disregarded the DNT signal and send the "D" response. It is likely that some ad-exchange will follow one of the proposed privacy-friendly approach and should be able to differentiate themselves and let users know that they comply.

> Our task is therefore to make the use case transparent and to include
enough requirements to make the 1:N gateway capable of communicating
enough of DNT's semantics so that only a deliberately non-conforming
origin server (bidder) would fail to adhere to them.

Our task is to define a protocol which convey the user's tracking preference expression and to let him/her know when this preference is not respected.

> After all, this use case only impacts the DNT response, which is largely irrelevant to
users of DNT.

We disagree on that last point, we clearly have different objectives and I'm fairly confident (and I think I'm not the only one in this WG)  that many users will actually care about the DNT response. 
Received on Saturday, 1 November 2014 15:51:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:40:15 UTC