Re: Issue-39: Tracking of Geographic Data

I am sorry I missed yesterday's call (we helped organize yesterday's Privacy Caucus meeting in House of Representatives, which conflicted).

There is a range of geo-location data that should be stopped via DNT signal.   Geo-location is a key and growing element in the tracking system--and basis of course of much of mobile web tracking.  Just a few examples of the role of geo-location in tracking---

For example, as Yahoo explains:  "Yahoo!'s Location Detection: Precision in Spades

Unlike other providers that rely solely on IP information, Yahoo! geographic targeting leverages multiple data sources -- including IP address, visitor registration data, and location data self-provided by consumers across a range of Yahoo! services -- to determine the most accurate location of potential customers. A proprietary Yahoo! algorithm validates both IP address and location to ensure highly accurate location-based targeting."  http://advertising.yahoo.com/article/geographic-targeting.html

What Quova does: "Using IP intelligence to determine geolocation has been possible for more than a decade, but the ability to acquire impressions and target display advertising across the Web is very new, made possible with the development and rapid growth of RTB (Real-Time Bidding). Quova has built proprietary technology to effectively purchase advertising impressions based on an IP address instead of cookie..."  http://www.quova.com/ip-audience-targeting/

Digital Element: "Offering advertisers the ability to geotarget their ads to the city-level (IP city) worldwide and to serve ads to visitors based on more than a dozen other parameters such as visitor connection speed and type, Internet Service Provider (ISP), user domain name, company name, home or business user and more, NetAcuity helps to reduce wasted impressions and deliver measureable results."  http://www.digitalelement.com/our_technology/targeted_online_advertising.html


Google/Doubleclick:   
New Hyperlocal Ad Feature Provides Distance Information; Location Extensions with Multiple Addresses Available on Mobile Devices



 http://googlemobileads.blogspot.com/2010/09/new-hyperlocal-ad-feature-provides.html;  http://googlemobileads.blogspot.com/2010/09/location-extensions-with-multiple.html


Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009
www.democraticmedia.org
www.digitalads.org
202-986-2220

On Dec 14, 2011, at 9:05 PM, Shane Wiley wrote:

> David,
> 
> I'm not sure how often this would occur in real practice but I'm fine with the idea that "cross-site historical reference (use) to geo-location is halted for a 3rd party when the DNT:ON signal is present (and no site-specific-exception exists)".
> 
> Most geo-location use in the advertising world is real-time and is NOT referenced from past sessions with a user/agent.  For example, an ad server may be told to only serve a specific ad campaign to US users (most often because their brand is not sold outside of the US so it would be wasteful to market to users outside of the US).  To fuel this feature, the ad server will typically license an IP Address Location map to facilitate the filtering process.  When the ad server is called, it passes the IP Address to the Location Map and asks for the country of origin (typically accurate at this level but some countries have blurry lines).  If the IP Address origin is in the US, then the ad server can serve the ad targeted to US users.  The next time a user/agent is encountered, this process is repeated.  I've never heard of a situation where a 3rd party ad server will look at historical location to make an ad serving decision.
> 
> From a "retention" perspective, the IP Address and resulting geo-location country must be retained in this case as the ad server must be able to prove they did not serve this ad outside of the targeting parameters.  This is important from a financial audit perspective and from a fraud prevention perspective.  One of the fraud issues within the online ad industry are possibly malicious ad networks purposely serving their ads outside of the US to falsely increase impression counts for higher payments).
> 
> Can anyone think of a 3rd party geo-location scenario where cross-site geo-location information is used over time?  Outside of Google Maps recording your location in a "history" for easier selection in the future (and this can be cleared at any time), I don't believe this information is leveraged for targeting or altering the user experience.  I would also argue the Google Maps experience would receive 1st party treatment if the user meaningfully interacted with the Widget (entering an address feels "meaningful" to me).
> 
> Thoughts?
> 
> - Shane
> 
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com] 
> Sent: Wednesday, December 14, 2011 2:22 PM
> To: Shane Wiley
> Cc: Karl Dubost; Jeffrey Chester; public-tracking@w3.org
> Subject: Re: Issue-39: Tracking of Geographic Data
> 
> I wonder whether it's useful here also to distinguish between data that is present in the (HTTP) transaction, and remembered data about the user, and other world knowledge?
> 
> As a strawman, how is it if we say that DNT:1 means that you put a firewall between this transaction and your stored data about this user (actually, users in general, since with the firewall there you don't know which user it is)?  
> 
> There is no firewall between what the user tells you in this transaction, and world knowledge.
> 
> So, it's OK to work out "this guy is in San Francisco!" based on the IP address.  It is not OK to record "this guys was in San Francisco on Wednesday" in the database.  And it's not OK to notice "he was in London only two days ago".  The first adds to the database, the second reads from it.  They are 'tracking my movements'.
> 
> (Since I can and will tell the 1st party more than 3rd parties, there is also a firewall between the 1st and 3rd parties in terms of data passing, but that's out of scope).
> 
> This correlates with the discussion this morning:  if I have agreed with an ad network that they will caption all my video ads, and they set a cookie to remember "I am a caption-needing user", then if that cookie is supplied in a transaction with DNT:1 set, it's OK (maybe even expected) to still caption video ads.  (The user can turn off cookies for 3rd-party sites independently, logically).
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
>