RE: issue-25

Hi Ronan,

 

No, not a unique identifier, which I agree would diminish privacy and should
be ruled out along with any other tracking identifier collection when DNT is
1. What I meant was a count value (number of ad impressions) which I assume
would have limited entropy i.e. the max value would be << the number of
online individuals in scope. How many ad impressions would you need to
count? I agree relying on the cache for 6 months would be a stretch, but do
you need to do that? At some point there may be some loss of functionality
when DNT is 1 but the setting is an important indication of user intent so
needs to be honoured.

 

How an ETag is generated in not specified in the HTTP spec, so in what way
would this be "improper"?

 

 

Mike

. 

 

From: Ronan Heffernan [mailto:ronansan@gmail.com] 
Sent: 19 July 2013 15:54
To: Mike O'Neill
Cc: Tracking Protection Working Group WG
Subject: Re: issue-25

 

Mike,

   I am not sure that I understand your proposal, but it looks like you are
trying to (mis-)use the If-Modified-Since header in conjunction with a small
(improper) ETag value to forge a unique identifier.  Is that right?  How is
that an improvement?  Do you expect that those values will be maintained in
the browsers for more than 6-months?

--ronan     

 

On Thu, Jul 18, 2013 at 4:42 PM, Mike O'Neill <michael.oneill@baycloud.com>
wrote:

Hi Ronan,

 

I had another thought about frequency capping. If you use the
ETag/If-None-Match to contain a low entropy count value, 0..7, you could
combine that with the If-Modified-Since header to give you unique visitor
detection *and* frequency counting, without a persistent UID in a cookie or
anywhere else,  and without JS. 

 

You could do that in your 1x1 gif handler and not need the iframe (or the
v60.js script tag that I notice imrworldwide.com - a Nielsen domain,  uses
sometimes).

 

If you did that (in the DNT:1 case), you would not need a permitted use. 

 

 

Mike