I agree - I'm worried about any tech-specific requirements here. Something along these lines without the cookie-specific is good. Have we actually decided, though, whether the header reflects the choice to ok tracking for a given site? On Wed, Nov 9, 2011 at 8:14 AM, Shane Wiley <wileys@yahoo-inc.com> wrote: > Thank you John – helpful starting point. I’d suggest we not assert only a > cookie as the “exception” memory mechanism but a recommended one. It could > be equally viable and appropriate to store this information in a > registration key, a browser setting, or some other technical mechanism.*** > * > > ** ** > > - Shane**** > > ** ** > > *From:* John Simpson [mailto:john@consumerwatchdog.org] > *Sent:* Wednesday, November 09, 2011 8:00 AM > *To:* Aleecia M. McDonald; Nicholas Doty > *Cc:* public-tracking@w3.org Group WG > *Subject:* Action 32 -- Proposed language for site-specific exception**** > > ** ** > > Proposed language for a site-specific exception using a cookie:**** > > ** ** > > When a DNT enabled user agent grants a site-specific exception, the site > places a site-specific opt-in cookie on the user agent allowing the site to > respond as a First Party. The DNT header must remain enabled so that if > the user returns to the site, both the user's general preference for DNT > and the site-specific exception will be clear. This could enable the site > to provide a higher level of privacy than if DNT were not enabled, but less > than if the exception had not been granted. Opt-in site-specific exception > cookies should expire within three months, enabling the site to determine > periodically whether the user intends to continue to grant an exception.** > ** > > ** ** > > ----------------**** > > John M. Simpson**** > > Consumer Advocate**** > > Consumer Watchdog**** > > Tel: 310-392-7041**** > > **** > -- Heather West | Google Policy | heatherwest@google.com | 202-643-6381
Received on Wednesday, 9 November 2011 17:28:58 UTC