[PrivacyBadger] Pushing Privacy Badger's buttons, part 2

Mike O'Neill michael.oneill at baycloud.com
Sat Apr 16 09:19:04 PDT 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thinking about this I think a better "block me" response would be a Tracking Status Value of "D", which means the web application is "Disregarding" DNT.

T could be a valid TSV when Tracking for one of the permitted uses is happening, although the particular permitted use must be declared in the "qualifiers" property. PB could check for a T along with an absent "qualifiers" property, or one that does not have one of the permitted use codes, but that seems long winded. A "D" would be simpler.

So either the TSV includes:

{ "tracking": "D", ... }

Or there is a response header "Tk: D"

I am writing an implementers guide to DNT (for the TPWG) that will include that suggestion.

Mike

- -----Original Message-----
From: PrivacyBadger [mailto:privacybadger-bounces+michael.oneill=baycloud.com at eff.org] On Behalf Of Cooper Quintin
Sent: 12 April 2016 02:56
To: privacybadger at eff.org; Don Marti <dmarti at zgp.org>
Subject: Re: [PrivacyBadger] Pushing Privacy Badger's buttons, part 2

Actually this seems like a pretty good solution to Don's problem and one
that we should maybe adopt anyway. There are other benefits to reading
the TSR as well such as getting a list of first parties. I would likely
support this change.

- - Cooper

On 04/09/2016 11:31 AM, Mike O'Neill wrote:
> Why not agree on a "block me" signal. Any reference to a third-party marked in a particular way will cause the request to be blocked by tracking protection i.e. PrivacyBadger
> 
> The Do Not Track (candidate) recommendation contains such a signal. A TSR (a JSON resource at //ad.aloodo.com/.well-known/dnt ) with Tracking set to "T" ( { "Tracking": "T", ... } when accessed with the DNT set (DNT:1), would signal refusal to stop tracking, i.e. block me. You could also do it by returning a Tk: T to any ad.aloodo.com  resource.
> 
> 
> 
> 
> -----Original Message-----
> From: PrivacyBadger [mailto:privacybadger-bounces+michael.oneill=baycloud.com at eff.org] On Behalf Of Don Marti
> Sent: 09 April 2016 18:48
> To: privacybadger at eff.org
> Subject: [PrivacyBadger] Pushing Privacy Badger's buttons, part 2
> 
> Still working on tools that a web site can use to
> notify users when they're vulnerable to third-party
> tracking.
> 
> Here's the problem.
> 
>  * If the script warns the user when a third-party
>    iframe loads, it will falsely notify some users
>    of an "untrained" Privacy Badger.
> 
>  * If we wait to notify until we're sure that a
>    third-party cookie can be set and read on three
>    sites, then we miss a chance to notify some users
>    of list-based protection who haven't been to enough
>    sites that include the iframe.
> 
> One solution is...put the https://ad.aloodo.com/track/
> iframe everywhere!!1!1  Even if you don't want to run
> tracking notifications on your own site, the iframe
> will train Privacy Badger to block it, so the cookie
> test will work when the user goes to a site that does
> do notifications.  Still looking for other solutions.
> 
> Anyway, more here:
> 
>   http://blog.aloodo.org/posts/track-js-script/
> 
> Comments and suggestions welcome.
> 
> 
> _______________________________________________
> PrivacyBadger mailing list
> PrivacyBadger at eff.org
> https://lists.eff.org/mailman/listinfo/privacybadger
> 
_______________________________________________
PrivacyBadger mailing list
PrivacyBadger at eff.org
https://lists.eff.org/mailman/listinfo/privacybadger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using gpg4o v3.5.54.6734 - http://www.gpg4o.com/
Charset: utf-8

iQIcBAEBAgAGBQJXEmX3AAoJEOX5SQClVeMP1hkP/jxYepxjFAwZe0k4Q6o2F1ny
xbNRJ9i2AqggxOwwG8+SofVaSFsrNboF7iAq2kvR0t5hdOJZOCUFEhE4AVJtevQG
gbjpBm4sxcecoroTbop1DVRAJ3zMkvt1sWBsi857uo2qR2uqivnDi3g7eyw/FKuP
C8ySGKpnS2BBE1cTIbvaoIk7FX1joBJHn1UXL2ESfPAkt747d6Kq/g40/Cr/nIA7
u60MHB5BRDInHYNj+ZgHpZD6ChzTrWhbhSsde0qZnv7MHn7G5dfcUmNrC7kWG4yk
q0MiRQ7eEFeYLgttvVUFO4qj/9Wr3SJLazi1EusIIFgBugX9mqSM8EfGjOcF2+WP
M99AlM8c1ijaFZfBYkuwMepMlEjPv77JuvIZLbItZZilcfsGrao4KKBEV4ogEbsl
3CxDWkPcTG/0z4A8grLuhrECWD37PMRk4/bMWexo5GlMJ4k4wx9dHS2Hh3Is/5sg
8NjQlKNL4O0SnTQECo4l9/A3xVfLRKI1HdrlIbcZuIPSsuGAzuXN0HnYn9XkUxIu
Isd/+iE4+YavZ9e+ijQu/hYPsUHnjH+AxYas0C8yocMP6lQ8cO6O+hiB7hFZekBA
nLXJu2CU6msx7d7h/tqIMnxeCc8jMqN8g/Sg+fb7EwvCll5WF3Dz00WunmI1SCxC
jK1ecbHjKGsByZWOWZ/l
=VmiJ
-----END PGP SIGNATURE-----

More information about the PrivacyBadger mailing list