W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: FW: Issue-95: User Setting DNT Response (Draft)

From: Tom Lowenthal <tom@mozilla.com>
Date: Wed, 30 Nov 2011 10:21:35 -0800
Message-ID: <4ED6742F.7040509@mozilla.com>
To: public-tracking@w3.org
Alternative text suggestion:

A decision to send a Do Not Track signal SHOULD be based on the
affirmatively expressed preference of the user. In general the signal
SHOULD only be sent by a user's agent, and SHOULD NOT be modified by any
intermediary.

There are some situations where an entity other than the user wishes to
express a Do Not Track preference on the user's behalf. Such situations
may include those where the user has designated another person as their
system's administrator, such as in a shared computing environment like
an employer's network, or a public-use computer system like a library.
If a non-user wishes to express a Do Not Track preference on a user's
behalf, this SHOULD be done by configuring the user's agent to send the
desired signal.

Intermediaries to an HTTP(s) connection SHOULD NOT modify, add, or
remove a DNT signal sent by a user's agent. There may be limited
situations where an intermediary reasonably acts on a user's behalf. If
an intermediary modifies or sends a Do Not Track signal on the user's
behalf, and that modification or sending does not occur within the
user-agent, the scope of such modification should be as limited as
possible. Extreme care should be taken to ensure that any modification
accurately and completely expresses the user's preference. In
particular, the intermediary should take care to avoid disrupting user's
site-specific preferences and exceptions, and not to cause undue impact
to the user's browsing experience.

NOTE: it is understood that it is very difficult to technically verify
or enforce these provisions regarding intermediaries. They are included
to express what is and is not appropriate behavior for all participants
in the web ecosystem.

On 11/30/2011 09:57 AM, Shane Wiley wrote:
> Here is a draft for Issue-95 (http://www.w3.org/2011/tracking-protection/track/issues/95):
> 
> "Generally, the setting and/or unsetting of a Do Not Track signal SHOULD only be established by a user proactively.  Intermediaries to an HTTP/S request SHOULD NOT attempt to modify the DNT signal in any way.  There are limited situations where it MAY be appropriate for an intermediary to modify a user's DNT settings on their behalf such as through employer networks or public networks (libraries, for example).  But, care should be taken even in these cases to limit the scope of modification as much as possible to decrease the possible impact to a user's web surfing experience as overriding DNT signals could disrupt content consumption through user granted site-specific exceptions.  NOTE - it is understood this particular compliance standard cannot be technically enforced but it should be clear to all web ecosystem participants what the standard baseline is in this matter."
> 


Received on Wednesday, 30 November 2011 18:22:17 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC