W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: Feedback sought on timezone header for HTTP

From: David Morris <dwm@xpasc.com>
Date: Thu, 8 Dec 2011 13:24:36 -0800 (PST)
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.64.1112081317070.368@egate.xpasc.com>


On Thu, 8 Dec 2011, Karl Dubost wrote:

> 
> Le 6 déc. 2011 à 12:14, Matthew Fenelon a écrit :
> > What I would be proposing is to have a request HTTP header
> > 'Accept-Timezone' that would obsolete the need for the approaches
> > detailed above. The value of the header would consist of a timezone
> > identifier from the Olson database. An example of the header,
> > 
> > Accept-Timezone: Europe/London
> 
> 
> One potential issue I can imagine. As soon as something releases 
> explicit information about location, people use it. I can see Web 
> developers (and marketers) being happy about this one. Not used 
> for time, but for location data mining and send a representation 
> which is geolocated in addition to the commons geoip dbs. 
> 
> It also increases the Web fingerprinting surface of someone.

I'm not convinced that the web fingerprinting exposure is much different
than what is already available via the date: GMT Offset, IP, etc. Easy to
mitigate by requiring user opt-in for sending the information and/or
sending explicit wrong information.

I also see minimal value in adding this complexity vs. just using the
GMT offset in conjunction with accept values.

With the current shared profiles supported by facebook, google, et al,
I think the equivalent functionality is available and more obviously
configurable from the user's perspective.

Dave Morris
Received on Thursday, 8 December 2011 21:25:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:50 GMT