RE: Indirect DNT Processing (Proposed)


I'm not saying that at all - and I think you know better.  I'm saying we need to find solutions within DNT that support the programmatic marketplace.

- Shane

From: Jeffrey Chester []
Sent: Wednesday, October 29, 2014 10:15 AM
To: Shane M Wiley
Cc: Rob van Eijk; TOUBIANA Vincent; (
Subject: Re: Indirect DNT Processing (Proposed)

Is what you and Yahoo saying that DNT shouldn't protect privacy from the widespread and unregulated uses of audience buying/programmatic advertising?  DNT must address programmatic, which is already the majority of the display market and-as we all know-will dominate (even across platforms).


Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009<><>

On Oct 29, 2014, at 12:50 PM, Shane M Wiley <<>> wrote:


I'm the Chair of the Metadata Working Group at the IAB so thank you for calling that out.  But understand even that standard will take time to roll out and is meant to compliment - NOT DISRUPT - the current workflow.  The discussions around RTB are highly disruptive and BREAK the current model - with no easily solutions at hand.  That is my core concern - there is a lack of consideration within the group of this critical dynamic.

- Shane

-----Original Message-----
From: Rob van Eijk []
Sent: Wednesday, October 29, 2014 9:46 AM
To: Shane M Wiley
Cc: TOUBIANA Vincent; Tracking Protection Working Group
Subject: RE: Indirect DNT Processing (Proposed)

Well, change is a constant factor. For example, the IAB is working on adding metadata all the way down the ad chain. There is no reason why the current protocols are cast in stone. The whole purpose of DNT is to have in impact on current ad practices.

Shane M Wiley schreef op 2014-10-29 17:06:

Disagree - any new standard should respect the marketplace that it
expects to adopt it.  If we force considerable changes in the current
ad ecosystem you won't have any adoption (meet in the middle versus
force all in one direction).

-----Original Message-----
From: Rob van Eijk []
Sent: Wednesday, October 29, 2014 6:44 AM
To: Shane M Wiley
Cc: TOUBIANA Vincent; Tracking Protection Working Group
Subject: RE: Indirect DNT Processing (Proposed)

>From what I understand, the URL is an optional field in Bid Requests
in most RTB-protocols. In my view RTB-protocols should innovate to
adapt to DNT, not the other way around.

Shane M Wiley schreef op 2014-10-24 00:33:


Some bidders may only be contextually targeting information (not
cross-site or "different context") and will need to the URL to
determine content on the page.

- Shane

SENT: Thursday, October 23, 2014 3:26 PM
TO: Shane M Wiley; Tracking Protection Working Group
SUBJECT: RE: Indirect DNT Processing (Proposed)


My idea was to keep it as a one step process where the bid request
would only contain the UID and only the win notice would contain the
URL. I still don't understand how the ADX can broadcast (URL,UDI) in
the bid request without violating the "Third party compliance"
requirement to not share data
e .html#third-party-compliance [1]). Sending only the UID could solve
this problem.

That being said, a two step process would actually work very well.
Especially, if UGE status are directly reported in the "matching
tables" hosted by the ad-exchange; in that case the "additional step"
would have no impact at all on the transaction latency.


-----Original Message-----
From: Shane M Wiley []
Sent: Thu 10/23/2014 8:23 PM
To: TOUBIANA Vincent; Tracking Protection Working Group
Subject: RE: Indirect DNT Processing (Proposed)


The Bid occurs in a single pass so all relevant information is
passed as part of the "offer to bid" transaction (URL, UID) the
bidder would then check their UGE records for that particular UID to
then determine if leveraging profile information would be possible in
this transaction. Attempting to make this a "two-step" process would
slow down the transaction too much in a world where Ad Exchanges
already struggle to meet SLAs with a single call structure.

- Shane

From: TOUBIANA Vincent []
Sent: Thursday, October 23, 2014 2:29 AM
To: Shane M Wiley; Tracking Protection Working Group
Subject: RE: Indirect DNT Processing (Proposed)


I have a clarifying question. In the precise case of RTB, when DNT
is set, is it possible to only include in the Bid Request information
about the user (i.e. the user id) but not about the current network
transaction (i.e. no information related to the visited website)?
That would allow website to check that they have a UGE before
bidding, information about the visited website would then be only
transmitted to the winning bidder.

This option would still allow RTB to take place while preventing
information about a network transaction to be shared with third


De : Shane M Wiley []  Envoyé : mercredi
15 octobre 2014 17:33  À : 'Tracking Protection Working Group'
Objet : Indirect DNT Processing (Proposed)


I was asked to develop language for consideration of how to manage
DNT signals within Real-Time Bidding (RTB) environments such as an Ad
Exchange. I've up-leveled the concept to "Indirect DNT Processing" to
cover scenarios where a user's signal may move from a direct client
interaction to one between servers (server-to-server).

For Servers in direct communication with the User Agent that then
communicate further with other parties within the same transaction
but outside direct communication with the User Agent, those Servers
MUST convey the current DNT flag relayed to their domain to those
other parties. In cases where other parties have recent knowledge of
their own domain's DNT flag or UGE MAY process the request leveraging
that information but MUST respond appropriately in the status
response that they have done so - which, in turn, MUST then be
conveyed by the Server to the User Agent.

This is intended to facilitate indirect communications through a
transitive passing of permission to allow for DNT processing to occur
even when a processor doesn't have direct access to the User Agent.
If the processor has direct information about their own domain's DNT
setting with the User Agent, such as their last direct interaction
with the User Agent, they may want to consider this in their
transaction handling.

Question - While from a policy perspective the passage of the STATUS
RESPONSE value makes sense I'm not sure if this works as cleanly with
the current TPE handling of those statuses. Should we add a new
flag/field to state a response is being conveyed from another party
as to not confuse the User Agent into thinking the response is coming
from the server in which it is in direct communication?

- Shane


Received on Wednesday, 29 October 2014 17:34:25 UTC