Insertion of adverisements (was: Re: Draft finding - "Transitioning the Web to HTTPS")

Whatever the other issues, I think it would be good for the TAG to focus 
particularly on the importance of complying with specifications.

The specifications for HTTP and associated supporting protocols (TCP etc.) 
either do or do not make clear whether insertion of advertisements is 
conformant with the specifications. I would like to believe that such 
content alteration is non-conforming, but HTTP does allow for some 
transformations, and provides a header to prohibit such transformations 
being done [1]. In any case, I will leave it to others who are more expert 
in HTTP to decide whether insertion of advertisements is or is not 
conforming to the pertinent specifications.

I'm suggesting that the TAG's analysis (if any) should start with that 
question, though I can see the TAG going further to discuss other questions 
relating to ad insertion as well.



On 1/28/2015 12:21 PM, Mark Watson wrote:
> On Mon, Jan 26, 2015 at 7:15 PM, Eric J. Bowman <
> <>> wrote:
>     Assuming those missing participants have any clue where "here" is, or
>     if they do, that their participation is actually welcomed vs. dismissed
>     as giggle-worthy or whatever else. ISPs and Web Developers who *do*
>     know where here is, tend to be discouraged by an ivory-tower attitude
>     which derides what they do to make a living as misguided, technically
>     the same as theft-of-services, outmoded, etc.
> ​I think it's unfair to characterize my earlier comment as derisive.
> I pointed out that outright ad-replacement was considered by some as
> theft-of-revenue. I hope we can agree on that.
> You claimed that ad-insertion could be a reasonable business practice
> between consenting user and ISP and my counterpoint was that there is a
> non-consenting party, the site operator, who suffers loss of revenue in a
> similar manner as with ad replacement, though to a lesser degree.
> I would go further and claim that all non-standards-compliant handling of
> traffic can cause loss-of-revenue, because it introduces untestable
> scenarios for the site operator. There will be bugs. UX-impacting ones. And
> we know from rigorous A/B testing that UX impacts revenue. This is not even
> counting the engineering time taken to investigate /
> remotely-reverse-engineer the non-compliant intermediary behavior causing
> the problem. I speak from extensive recent personal experience when I say
> this is significant.
> You made a point about the legal status of the practice of ad-insertion​,
> but that is not at issue here: in this forum we must decide what are
> reasonable practices that should be protected / maintained / alternatives
> found in the drive to improve security and privacy on the web. If a
> practice were illegal it obviously doesn't factor. This is a question of
> balance and my point was only that whilst you point to the consenting
> business arrangement between ISP and user there is a third party who does
> not consent and suffers loss. That this aspect should be considered is far
> from "derisive". The TAG are the people we have elected to make a judgement
> on this balance and it seems they've sided with a standards-compliant
> network where data travels between user and site unmodified.
> …Mark
>     -Eric

Received on Wednesday, 28 January 2015 18:05:30 UTC