W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: "cross-site"

From: Nicholas Doty <npdoty@w3.org>
Date: Wed, 16 Nov 2011 19:19:54 -0800
Cc: John Simpson <john@consumerwatchdog.org>, Mark Nottingham <mnot@mnot.net>, Karl Dubost <karld@opera.com>, "public-tracking@w3.org WG (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <BAEF084C-3C2D-4888-ABF8-EB4CA58D2636@w3.org>
To: Roy T. Fielding <fielding@gbiv.com>
On Nov 16, 2011, at 12:43 AM, Roy T. Fielding wrote:

> On Nov 15, 2011, at 2:59 PM, John Simpson wrote:
>> Perhaps I am missing something, but I don't understand why we need the reference to "cross-site" nor to "across sites."  As a user I want to send a clear and unambiguous signal that I do not wish to be tracked.  I may be persuaded that first party sites and third party sites have different obligations when my message is received, but I definitely want both first and third party sites to get my message. Thus, I believe the specification should simply read:
>> "This specification defines the technical mechanisms for expressing a tracking preference via the DNT request header field in HTTP."
> No, we've already had this conversation.
> We chose to make exceptions for analytics and first-party-exclusive tracking from the preference expression because they are not a privacy concern, they do match user expectations, and are necessary for DNT adoption.

As John points out, while we do seem to agree that first and third parties may have different requirements, I'm not aware of a consensus decision that first parties are entirely excepted from the standards. In fact, the compliance document currently contains a "First Party Compliance" section, ISSUE-17 remains open and first parties could provide meaningful responses with the proposed response header. 

I also don't remember us choosing to grant an exception for analytics, besides highlighting that for later discussion. ISSUEs 23 and 24 haven't been opened yet, though the work on 73 suggests a direction for one type of analytics.

> The combination of those two choices requires that we place an adjective before tracking in order to properly define the meaning of the header field. "cross-site" is good enough for me.  We can replace it if somebody comes up with a better shorthand term.

I'd be happy with John's suggested text, or with whatever language we land on in the compliance document (there are open issues there about "behavioral" as a potential modifier for this purpose).

Received on Thursday, 17 November 2011 03:20:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC