In this scenario, a user initially signs up with a PDS to broadcast their federated identity provider to make it easier to login to other websites, both on this computer any others they use. Once they have signed up for the PDS, they then use it to specify some privacy preferences, as well as to allow some websites to not follow those privacy preferences.
- Sara logs into Gmail.com and sees a promotion "Use your Gmail account to login to other websites without having to create more passwords." When she clicks it, she is asked "Many websites will allow you to login to their site by simply clicking a Gmail button instead of having to create another username/password. However for this to work well, you need to configure your computer to allow those websites to automatically detect that you are a Gmail user (though they will not know your actual Gmail address and thus cannot send your spam). Click here if you would like to signup for this service on this computer."
- Sara clicks the signup link, and then is redirected to cds.com where she sees a simple page that says "Please confirm you would like all the websites you visit to be able to determine that gmail.com has your web browsing preferences."
- She visits Plaxo a few minutes later, and their login box is replaced with a Gmail button, and a smaller link under it that says "Click here to login using an account other then Gmail." She clicks the Gmail buttons and is logged in
- She visits CookingOnline.com and is browsing. Under one of the ads she notices the option "click here to set your advertising preferences." She is then taken to a page on that site which describes a few possible options, one of which is to opt-out of behavioral targeting on that site. After selecting that option, she is asked whether she wants that to be her default preference on all websites and whether she wants that preference to follow her across computers. She choose that option, and is redirected to gmail.com who says "Please confirm you would like all the websites you visit to know you prefer not to see behaviorally targeted ads." Once she confirms that choice on her PDS, she is redirected back to CookingOnline.com which immediately stops showing her behaviorially targeted ads, and just shows the less-relevant content based ads.
- She later visits coolnewstartup.com and is browsing. She sees a popup that says "The site is provided for free through advertising, however currently you prefer not to receive behaviorally targeted ads. To continue to use this site, click here to agree to accept behaviorally targeted ads on this site." She clicks that agreement link, and is then asked whether she wants that preference to follow her across computers. She says yes, and is redirected to gmail.com who says "Please confirm that you would like to opt-in to behaviorally targeted ads on coolnewstartup.com on any computer you visit." Once she confirms that choice on her PDS, she is redirected back to coolnewstartup.com which shows her the more relevant behaviorially targeted ads.
- Sara goes to a webcafe. She logs into Gmail.com and sees a promotion "Configure this machine to use Gmail as your Personal Discovery Server." When she clicks it, she is asked "Would you like the websites you browse on this computer to know your preferences?" and below that question she sees a list of those preferences (such as the behavioral ads targeting opt-out (with coolnewstartup.com as an exception) and Gmail as their Federated Login identity provider.
- Sara clicks the signup link, and then is redirected to cds.com where she sees the same simple page as in step 2 that says "Please confirm you would like all the websites you visit to be able to determine that gmail.com has your web browsing preferences."
- She revisits Plaxo and Plaxo automatically detects she is a Gmail user
- She revisits CookingOnline and is automatically opted-out of behaviorally targeted ads
- She revisits coolnewstartup and is automatically opted back IN to behaviorally targeted ads, but only on that site