RE: DISCUSSION: Selective Opt-in (chapter 5 of editors draft) [ISSUE-42, ISSUE-27, ISSUE-46] from Brett Error on 2011-10-17 (public-tracking@w3.org from October 2011)

From: Brett Error <brett@adobe.com>
Date: Sun, 16 Oct 2011 18:30:03 -0700
To: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <F62F2425E58BB043AF79B36E9F6281C8056B7B9834@nambx07.corp.adobe.com>
I like the idea, but what is the "exemptions list" and who maintains it?  I think the browser representatives suggested they would not create the appropriate tools to manage such a list.

Another possible system would be to allow each publisher to independently manage their own exception status in a decentralized way.  Such a system might looks something like this:

START:
1) User's browser requests a page from Publisher (pub.com) w/ DNT turned on
2) Publisher sees DNT flag, looks for a DNT exemption cookie
	- Could be a true, browser-managed cookie
	- Could just be an attribute attached to the user record in a server-side database
3) If no cookie, go to NO COOKIE
4) if cookie shows the user has granted an exception go to EXCEPTION GRANTED
5) Go to EXCEPTION DENIED

NO COOKIE:
1) Publisher presents user w/ benefits of exemption
2) User chooses to accept or decline
3) Publisher notes user choice w/ cookie, DB entry, etc.
4) GOTO either EXCEPTION GRANTED or EXCEPTION DENIED depending on user's choice

EXCEPTION GRANTED:
1) Server sends back DNT signal meaning even though you have DNT on, I'm still tracking you.
2) Browser handles this as browser vendors feel appropriate
	- Could automatically take action-- block the site for example
	- Could prompt the user to confirm this is OK (and essentially build an exception list in doing so)
	- Could give the user some type of feedback ("Whirlpool" icon referred to several times in Boston)
	- Could do nothing
3) Browser receives and renders requested content
4) Server tracks the hell out of the user (to whatever extent user agreed in the NO COOKIE section
5) Go to START

EXCEPTION DENIED:
1) Browser sends back a signal stating the user is not being tracked.
2) Browser receives and renders content
	- Publisher may choose to alter content depending on user's tracking choice
	- Example: Publisher may allow only X articles per day
	- Example: Publisher may allow access to subset of content, or just teaser content
	- Publisher may even show a page describing that the requested content is not available to users not being tracked and why
3) Go to START

I think it would be a better user experience if the user had the tools to manage an exception list in a centralized way rather than something like this, not to mention how annoying it could be to users when their preference keeps disappearing due to cookie fading.  However, a system like this doesn't preclude the addition of centralized browser-driven management as noted in the process.  

A user revoking her exception is also problematic in the decentralized option.  The experience is entirely dependent on the publisher.

-----Original Message-----
From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Shane Wiley
Sent: Sunday, October 16, 2011 12:10 AM
To: Matthias Schunter; public-tracking@w3.org
Subject: RE: DISCUSSION: Selective Opt-in (chapter 5 of editors draft) [ISSUE-42, ISSUE-27, ISSUE-46]

(Issue 46 is related to Issue 81 for DNT responses and granular user control)

It'll be important to record exceptions client side as a Publisher will need some signal on whether to trigger an exception dialogue with a user or not.  

Example Use Case:
1.	User turns on DNT and visits ExamplePublisher1.com
2.	ExamplePublisher1.com does not receive a signal it's on the exceptions list
3.	ExamplePublisher1.com requests exception from user to access content for free
4.	User grants exception to ExamplePublisher1.com (and listed parties <to be discussed separately>)
5.	User views content
6.	User returns to ExamplePublisher1.com a week later
7.	DNT signal is still turned on but ExamplePublisher1.com is sent an exemption flag (or else doesn't send a DNT signal at all)
8.	In either case, it'll be important that ExamplePublisher1.com know to not trigger the exception request for this user/web browser/device

-----Original Message-----
From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Matthias Schunter
Sent: Wednesday, October 12, 2011 2:55 PM
To: public-tracking@w3.org
Subject: DISCUSSION: Selective Opt-in (chapter 5 of editors draft) [ISSUE-42, ISSUE-27, ISSUE-46]

Hi Team,


as agreed in the telco, I'd like to kick-off the discussion on selective opt-in:
 - ISSUE-43: Sites should be able to let the user know their options when they arrive with Do Not Track
 - ISSUE-27: How should the "opt back in" mechanism be designed?
 - ISSUE-46: Enable users to do more granular blocking based on whether the site responds honoring Do Not Track

>From my perspective, the goal of this discussion is to decide on how a
site can explain to a user to opt back in and how this opting-back in shall be achieved technically/protocol-wise.

Please state your opinions and start a discussion.

Again I urge you to distinguish:
 GOALS: What do we want to achieve
 CRITERIA: How do we want to assess the quality of a solution
 OPTIONS: Different proposals how to achieve the GOALS
   while maximizing certain CRITERIA


Regards,
matthias


--
Dr. Matthias Schunter, MBA
IBM Zurich Research Laboratory,  Ph. +41 (44) 724-8329
Homepage: www.schunter.org, Email: schunter(at)acm.org
PGP Fingerprint    989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Monday, 17 October 2011 01:31:56 UTC