W3C home > Mailing lists > Public > www-tag@w3.org > January 2015

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Mark Watson <watsonm@netflix.com>
Date: Wed, 28 Jan 2015 09:21:15 -0800
Message-ID: <CAEnTvdARkneBWULHy+3w3v8255RsyrCt_fX1ZE6Q_bx3U4KM-Q@mail.gmail.com>
To: "Eric J. Bowman" <eric@bisonsystems.net>
Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
On Mon, Jan 26, 2015 at 7:15 PM, Eric J. Bowman <eric@bisonsystems.net>
wrote:

>
>
> Assuming those missing participants have any clue where "here" is, or
> if they do, that their participation is actually welcomed vs. dismissed
> as giggle-worthy or whatever else. ISPs and Web Developers who *do*
> know where here is, tend to be discouraged by an ivory-tower attitude
> which derides what they do to make a living as misguided, technically
> the same as theft-of-services, outmoded, etc.
>
>
​I think it's unfair to characterize my earlier comment as derisive.

I pointed out that outright ad-replacement was considered by some as
theft-of-revenue. I hope we can agree on that.

You claimed that ad-insertion could be a reasonable business practice
between consenting user and ISP and my counterpoint was that there is a
non-consenting party, the site operator, who suffers loss of revenue in a
similar manner as with ad replacement, though to a lesser degree.

I would go further and claim that all non-standards-compliant handling of
traffic can cause loss-of-revenue, because it introduces untestable
scenarios for the site operator. There will be bugs. UX-impacting ones. And
we know from rigorous A/B testing that UX impacts revenue. This is not even
counting the engineering time taken to investigate /
remotely-reverse-engineer the non-compliant intermediary behavior causing
the problem. I speak from extensive recent personal experience when I say
this is significant.

You made a point about the legal status of the practice of ad-insertion​,
but that is not at issue here: in this forum we must decide what are
reasonable practices that should be protected / maintained / alternatives
found in the drive to improve security and privacy on the web. If a
practice were illegal it obviously doesn't factor. This is a question of
balance and my point was only that whilst you point to the consenting
business arrangement between ISP and user there is a third party who does
not consent and suffers loss. That this aspect should be considered is far
from "derisive". The TAG are the people we have elected to make a judgement
on this balance and it seems they've sided with a standards-compliant
network where data travels between user and site unmodified.

…Mark





>
> -Eric
>
>
Received on Wednesday, 28 January 2015 17:21:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:09 UTC