- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Wed, 05 Dec 2012 17:30:06 +0100
- To: <public-tracking@w3.org>
Ian Fette's text proposes: A graduated response a methodology where the action taken is proportional to the size of the problem or risk that is trying to be mitigated. In the context of this document, the term is used to describe an increase in the collection of data about a user or transaction in response to a specific problem that a party has become aware of, such as an increase in fraudulent activity originating from a particular network or IP address range resulting in increased logging of data relating to transactions from that specific range of IP addresses as opposed to increased logging for all users in general. While agreeing with the gist of the text, I think it does both too much and too little. A proportionate response can be under certain extreme circumstances to maximise data gathering because there are concrete reasons that all ads are subject to fraudulent clicking behaviour from an unspecified number of IP-adresses. Graduated response implies slowly stepping up. My suggestion would be not to use the term graduated response but 'proportionate response' and that: A proportionate response to concrete indications that fraudulent and/or other malicious HTTP requests are being made is one that proportional to the size and impact of the percieved problem or the risk that is being mitigated. In the context of this document, the term is used to describe the collection of data about users, devices and network adresses in response to a specific problem that a party has become aware of, such as an increase in fraudulent activitiy from a particular network or IP address range. Such increased data collection MUST be as specific and brief as possible and MAY only result in increased logging for all users in general in extreme cases. Regards, Walter
Received on Wednesday, 5 December 2012 16:30:43 UTC