W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

Re: ACTION-152 - Write up logged-in-means-out-of-band-consent

From: Rigo Wenning <rigo@w3.org>
Date: Mon, 02 Apr 2012 21:39:29 +0200
To: public-tracking@w3.org
Cc: David Singer <singer@apple.com>, Shane Wiley <wileys@yahoo-inc.com>
Message-ID: <1506843.Cg215VVTIV@hegel.sophia.w3.org>
On Monday 02 April 2012 11:30:15 David Singer wrote:
> But we are left with the question of defining what the user needs to give
> consent to, and how much consent may reasonably be bundled. That's a
> description of our protocol.

And that's why I believe the YAY of Shane was a bit early. And this exactly 
what JC was suggesting. 

David, the lack of precision of "give consent" is creating a pseudo 
consensus IMHO. We have to be more concrete. Shane said, the service would 
declare if it honors DNT even though the user is logged-in. This hints to 
the fact that we have to agree on the response headers. So if a service 
tracks because it believes it has an agreement (I heard Shane telling that 
story in Brussels) it can either say: DNT is off, you're logged-in/consented 
Or the service can say: We accept your DNT=1 and the compliance spec would 
specify what JC suggested for that case. 

But at least, there is no misunderstanding that people believe DNT=1 while 
Services send DNT=ack and track anyway because of some privacy policy 
meaning in section 178. It would also solve my use case with the forgotten 
login-cookie as the browser would recognize the tracking in the response 
header. So I think this is a viable way out. Shane?

Rigo
Received on Monday, 2 April 2012 19:39:59 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:27 UTC