Re: Transparency vs. Fingerprinting from Matthias Schunter (Intel Corporation) on 2017-05-02 (public-tracking@w3.org from May 2017)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Tue, 2 May 2017 08:56:57 +0200
To: public-tracking@w3.org
Message-ID: <a6919679-5bf6-6c3e-219d-6aa92a997791@schunter.org>

Hi Shane,


thanks a lot for the input.

I agree that most users will usually allow/disallow all third parties.

However, one could turn this argument around and argue that sending
publishers the information "all your third parties made it" or "not all
of your third parties made it" would be sufficient in this scenario:
For most users (the all or nothing guys), the information would be correct.

The "not all your third parties made it" information would be sent iff
1. A valid site-wide exception for this third party existed (either "*"
 or a specific site-wide pattern that covered this TP)
2. The page actually tried to load the third party and it was either  
 not loaded or did not receive a DNT;0

For a few users (the geeks), the UA would return "your TPs did not make
it" while some made it. In reality, this could mean that the geeks end
up in the paywall even if they (worst case) only blocked a single TP
that was not even important.

Would you agree? If yes, we could make this "all or nothing" info a MUST
feature and declare the detailed debugging API an optional (MAY)
feature. I agree that the full information is useful also for debugging
(also for the publisher-triggered blocking); however, you need not
obtain this information from each and every user.

Opinions/feedback/concerns?

Regards,
matthias

PS: In addition we should think about the information returned to
minimize fingerprinting risks. The corresponding Question: When to put a
given TP into the list that is returned to the publisher?

Same Conditions:
1. A valid site-wide exception for this third party existed (either "*"
 or a specific site-wide pattern that covered this TP)
2. The page actually tried to load the third party and it was either  
 not loaded or did not receive a DNT;0

PPS: Second Question: If a TP was blocked on behalf of the publisher,
should the publisher be notified anyway (i.e. a TP occured that was not
listed in other-parties and -at the request of the publisher- was
blocked). Again a MAY function could enable publishers to debug with
some UAs while not requring this information from all users.

Received on Tuesday, 2 May 2017 06:57:33 UTC