- From: Sean Harvey <sharvey@google.com>
- Date: Thu, 8 Mar 2012 17:11:48 -0500
- To: Nicholas Doty <npdoty@w3.org>
- Cc: Kevin Smith <kevsmith@adobe.com>, "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
- Message-ID: <CAFy-vuc2LfYH+7H0YFm_Xk1=njebz+jBgzsiw_Mbj_pWoFrVJA@mail.gmail.com>
e.g. silo-ing is the issue here. unless silo-ing is not a requirement. On Thu, Mar 8, 2012 at 5:09 PM, Sean Harvey <sharvey@google.com> wrote: > Thanks Nick. Please do tell me if you think I'm not thinking clearly about > this. But regardless of whether it is being handled by the browser, you > would still need separate cookies per "site" if the exception is > site-specific. > > Example use case: I am third party ad server AdDoty (yes there are brand > names this and more stupid in our industry) and I have a site specific > exemption from both Yahoo and AOL. How do I differentiate this data on the > server side, regardless of whether or not the browser is "handling it"? > > > > > > On Thu, Mar 8, 2012 at 5:06 PM, Nicholas Doty <npdoty@w3.org> wrote: > >> On Mar 8, 2012, at 11:45 AM, Sean Harvey wrote: >> >> > at a high level this would be new functionality in the ecosystem. there >> is no such thing as a site-specific exemption or site-specific cookie for >> an ad servers, etc. coming from a third party domain. >> > >> > i also agree that this is probably not practically implementable by >> anyone -- one potential implementation would involve domain-specific >> cookies in a sub-domain of the third party, but this would mean potentially >> thousands of cookies on the client browser where previously only one >> existed. Which does not sound like an ideal outcome. >> >> Sorry, I'm not sure I understand here. As proposed, the >> user-agent-managed site-specific exception would be handled by the browser >> (choosing when to send DNT:0) rather than asking the ad server or other >> third-parties to create separate cookies to manage that state for each >> first-party site. Right now when an ad network receives a request from a >> browser that has an opt-out cookie for that network, it has to use a >> different behavior (not showing a targeted ad) no matter what the >> first-party site is, right? Can these site-specific exception headers >> prompt per-request behavior in the same way that an opt-out cookie does? >> >> Or is the concern that site-specific exceptions would require siloing of >> data and that requires different cookies for each first-party site? >> >> My take on Vincent and Kevin's question: Do first-party publishers get >> any indication from the user or the third-party that the user has an >> opt-out cookie installed and is potentially generating less revenue for the >> publisher? >> >> Thanks, >> Nick > > > > > -- > Sean Harvey > Business Product Manager > Google, Inc. > 212-381-5330 > sharvey@google.com > -- Sean Harvey Business Product Manager Google, Inc. 212-381-5330 sharvey@google.com
Received on Thursday, 8 March 2012 22:12:19 UTC