- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 31 Oct 2014 15:17:06 -0700
- To: TOUBIANA Vincent <vtoubiana@cnil.fr>
- Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, "Tracking Protection Working Group" <public-tracking@w3.org>
On Oct 31, 2014, at 1:10 PM, TOUBIANA Vincent wrote: > The Ad-exchange is sharing the data with third parties and therefore does not respect the DNT signal in the first place. If an Ad-exchange plans to share data about a transaction with a set of third parties it should send a disregard response. I don't see how the "I'm a 1:N gateway" would not be interpreted as "I'm sharing data related to this transaction". We don't require ISPs and routers to respond to DNT, yet they are sharing just as much information as an HTTP recipient. Why? Because we assume (incorrectly) that they are service providers for the user agent. Likewise, we provide definitions to allow service providers for a given service to answer on behalf of the owner of that service, because doing so within the restrictions of a service provider contract makes them no worse for privacy than interacting with the owner directly. What Shane has described is a fairly unusual form of service provider because it is acting on behalf of many parties (most of which are likely to be third parties, but some might be the first party). I didn't include that use case in the current design of TPE. However, it is fair to say that it does exist, and that it won't be disappearing just because the TPWG finds it inconvenient or even alarming. Our task is therefore to make the use case transparent and to include enough requirements to make the 1:N gateway capable of communicating enough of DNT's semantics so that only a deliberately non-conforming origin server (bidder) would fail to adhere to them. After all, this use case only impacts the DNT response, which is largely irrelevant to users of DNT. ....Roy
Received on Friday, 31 October 2014 22:17:30 UTC