W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Action 31 - Propose a user-agent managed site-specific exception

From: Nicholas Doty <npdoty@w3.org>
Date: Wed, 16 Nov 2011 21:48:11 -0800
Cc: "Tracking Protection Working Group WG (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <7855D319-FC10-486F-ACEF-A6E45345B863@w3.org>
To: Andy Zeigler <andyzei@microsoft.com>, Shane Wiley <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>, Sid Stamm <sid@mozilla.com>
Per discussion on the call today I've re-assigned ACTION-31 to Shane. Vincent and Sid have offered to help with the technical side.


On Nov 11, 2011, at 4:28 PM, Andy Zeigler wrote:

> So I volunteered for the action "Propose a user-agent managed site-specific exception". A few of us over here sat down and figured out a couple of ways of doing this, but I think that this approach is fundamentally flawed, and I think a website-based approach in Action 32 is better for a variety of reasons.
> Namely, it would be an awkward user experience if the user-agent injects itself into the opt-in process. This approach would essentially require a protocol that associates domains with business entities. I think that "what" a user opts-into and which resources on the page are included in that opt-in are much better managed by the sites that include them.
> There are other issues here:
> -          For example, imagine that I belong to a social network, and I opt-in to tracking. The user-agent stores the domain name of network. Now I'm on a different website, and the same social network operates a "like" button on the page. Should the exception carry over? These types of issues are much better handled by the websites that have business relationships with tracking entities, and there are scenarios where this becomes very difficult to jam into a protocol without adding a lot of technical complexity.
> -          The primary benefit of having a user-agent-managed list of exceptions would be for the user-agent to be able to “enforce” opt-ins by managing requests from tracking entities. I think this is basically wasted work – if a tracking service is not DNT-compliant, then they won’t bother requesting that the user opt-in – they’ll just track the user directly, rendering user-agent enforcements useless.
> Thanks,
> Andy
Received on Thursday, 17 November 2011 05:48:23 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC