Hi,
in a previous email exchange on this list concerning the IAB
consideration (3.1) about notification to content providers, I
somewhere typed the following:
>> (3.1) Notification: The overall OPES framework needs to assist
>> content providers in detecting and responding to client-centric
>> actions by OPES intermediaries that are deemed inappropriate by
>> the content provider.
>
> Section 2.6 of the draft should extend to include some form of
> notification of the OPES action to the originating party *when
> requested* by the originating party. Implicit notification
> mechanisms would not scale, but a content provider should be able
> to explicitly request notification in some form.
In discussing this issue with others, the question arised whether the
capability of requesting such notification might eventually violate
the privacy of a content consumer/client, since it would allow a
CONTENT PROVIDER to find out about CLIENT-CENTRIC actions.
Such notification might eventually reveal private information the
client does not necessarily want to share with a content provider, for
example the client's prefered language (revealed by a language
translation service). Or what about a scenario in which the client
browses the Web through an anonymizing proxy, but the client-centric
service is provided on an OPES box sitting between the client and the
anonymizing proxy? Normally, the content provider would only see the
IP address of the anonymizing proxy, but with requested OPES
notifiactions he/she would eventually find out about the OPES box
sitting close to the client, thus eventually allowing him/her to
figure out the client's ISP and such like. Other scenarios are thinkable.
Any thoughts on that? How should this be adressed? Does this rule out
direct notification of CLIENT-CENTRIC actions to the CONTENT-PROVIDER,
or would the benefits of such notifications outweight the privacy
concerns? Might indirect notification by the client (based on OPES
tracing information) be acceptable, i.e. bringing the client back into
the notifiaction loop? Does the client have a right to veto direct
notification?
-Markus