- From: TOUBIANA Vincent <vtoubiana@cnil.fr>
- Date: Tue, 23 May 2017 08:10:11 +0000
- To: "singer@apple.com" <singer@apple.com>, Rob van Eijk <rob@blaeu.com>
- CC: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Hi David, As Rob mentioned it would be very helpful if publisher could store multiple site specific exceptions, one for each category. However, my understanding is that site-specific-exceptions are stored as duplets [origin, target] or [origin,*] so it is not possible to record an exception for a purpose. We may have to store triplets instead [origin, *, category] but that's not a minor change I guess. Best regards, Vincent -----Message d'origine----- De : singer@apple.com [mailto:singer@apple.com] Envoyé : vendredi 12 mai 2017 16:38 À : Rob van Eijk <rob@blaeu.com> Cc : public-tracking@w3.org (public-tracking@w3.org) <public-tracking@w3.org> Objet : Re: [w3c/dnt] Add more meta data in the Tracking Status Resource (#22) > On May 11, 2017, at 22:39 , Rob van Eijk <rob@blaeu.com> wrote: > > >> So, I am having a hard time with finer-grained exception handling on both ends — unlikely to be used at the UA, and unlikely to make sense for sites. Why do we keep exploring it? > > In Europe most sites allow for granular consent based on categories of embedded 3rd parties, e.g., > • Functional cookies > • Analytics > • Social media > • Advertising cookies > • (Re)targeting cookies > Would the publisher still be able to allow for such granularity based on the current text in the TPE? Yes. If the publisher has more than one ‘bundle’ of third parties, it can call the exceptions API multiple times, to store site-specific exceptions (a) for my advertisers (b) for my social media connections, etc. In each case, it knows it either has the complete requested exception granted, or not; there’s no partial exception. Either I have advertising tracking go-ahead, or I don’t. > > Rob > — > PGP id: CC4F3863 [public key] > PGP fingerprint: 1D00 A9FD 7CCB A5A5 850E 2149 BEA0 20B7 CC4F 3863 > > Social media: @rvaneijk, github, linkedin, ssrn, stackoverflow. > > > -----Original message----- > From: David Singer > Sent: Friday, May 12 2017, 12:28 am > To: public-tracking@w3.org (public-tracking@w3.org) > Subject: Re: [w3c/dnt] Add more meta data in the Tracking Status Resource (#22) > > > > On May 11, 2017, at 9:39 , Mike O'Neill <michael.oneill@baycloud.com> wrote: > > > > Matthias, > > > > The user can already "choose to constrain an exception to a subset of third parties" if the server allows him to. That is what the arrayOfDomainStrings parameter is for. > > > > At the moment, because the TPE must enforce "one out, all out", the user agent in its own UI can only allow the user to change what has been established during their interaction with the server by revoking all of them at once. It cannot allow the user to selectively change the set of third-parties once they are granted. > > Agreed. I also think that the likelihood that a UA will want to offer a finer-grained UI is very small. Let’s look at cookies: Firefox allows you to delete individual cookies, but Safari only offers ‘all for a site’ and as far as I can tell, Chrome only offers ‘all cookies and other state from all sites for the past N hours’. > > I also have trouble imagining how a site would ‘feel’ if it says “look, for you to get free access I need tracking for <these advertisers> and <these audit companies>”, and you say ‘ok’ but then send DNT:0 only to the audit companies. > > So, I am having a hard time with finer-grained exception handling on both ends — unlikely to be used at the UA, and unlikely to make sense for sites. Why do we keep exploring it? > > > Dave Singer > > singer@mac.com > > David Singer Manager, Software Standards, Apple Inc.
Received on Tuesday, 23 May 2017 08:10:55 UTC