Re: Draft finding - "Transitioning the Web to HTTPS"

On Mon, Jan 26, 2015 at 7:15 PM, Eric J. Bowman <>

> Assuming those missing participants have any clue where "here" is, or
> if they do, that their participation is actually welcomed vs. dismissed
> as giggle-worthy or whatever else. ISPs and Web Developers who *do*
> know where here is, tend to be discouraged by an ivory-tower attitude
> which derides what they do to make a living as misguided, technically
> the same as theft-of-services, outmoded, etc.
​I think it's unfair to characterize my earlier comment as derisive.

I pointed out that outright ad-replacement was considered by some as
theft-of-revenue. I hope we can agree on that.

You claimed that ad-insertion could be a reasonable business practice
between consenting user and ISP and my counterpoint was that there is a
non-consenting party, the site operator, who suffers loss of revenue in a
similar manner as with ad replacement, though to a lesser degree.

I would go further and claim that all non-standards-compliant handling of
traffic can cause loss-of-revenue, because it introduces untestable
scenarios for the site operator. There will be bugs. UX-impacting ones. And
we know from rigorous A/B testing that UX impacts revenue. This is not even
counting the engineering time taken to investigate /
remotely-reverse-engineer the non-compliant intermediary behavior causing
the problem. I speak from extensive recent personal experience when I say
this is significant.

You made a point about the legal status of the practice of ad-insertion​,
but that is not at issue here: in this forum we must decide what are
reasonable practices that should be protected / maintained / alternatives
found in the drive to improve security and privacy on the web. If a
practice were illegal it obviously doesn't factor. This is a question of
balance and my point was only that whilst you point to the consenting
business arrangement between ISP and user there is a third party who does
not consent and suffers loss. That this aspect should be considered is far
from "derisive". The TAG are the people we have elected to make a judgement
on this balance and it seems they've sided with a standards-compliant
network where data travels between user and site unmodified.


> -Eric

Received on Wednesday, 28 January 2015 17:21:43 UTC