W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

Notes from the Exception Working Group [ISSUE-113, ISSUE-128, ISSUE-129, ISSUE-130]

From: Matthias Schunter <mts-std@schunter.org>
Date: Thu, 12 Apr 2012 20:19:23 +0200
Message-ID: <4F871CAB.1040106@schunter.org>
To: "public-tracking@w3.org" <public-tracking@w3.org>
Hi Team,

Here are my preliminary notes from the Exception Working Group

Matthias

-----------------------------------
Scope:
- Exception Working Group
- How to implement exceptions and the Javascript API

====== Restriction on Origin =======================

a) Asking for Exceptions
- We agree that the JavascriptAPI for requesting a site-wide exception
  (allthirdparties, thissite) can only be called from thissite
- We agree that the JavascriptAPI  call for requesting a web-wide exception
  (thisthirdparty, anysite) can only be called from thisthirdparty
- Third party and first party can call this API

b) Querying Exceptions
- We agree that a site can only ask for the status involving its domain

====== Insist on * on One Side ======================

Discussion about three flavours of API calls:
1 - (thissite, *-thirdparty)
2 - (*-site, thisthirdparty)
3 - (thissite, giventhirdparty)
-> Question is whether [3] should be permitted or not.

Opinions raised:
- API for [3] is complex
- [3] allows users to permit only a subset
- There might be third parties that a user does not like
(the-evil-tracker.com)
- Example: User is OK with being tracked by an entity except for a few sites
- Example: Widget tracking everywhere except a few places

Result: There is no agreement that (thissite, thisthirdparty)

====== Part II (larger group) ======================
====== API for removing exceptions ====================

- We need an API to remove site-specific exceptions,
  i.e., I no longer need "these" site-specific exceptions
- Yes: Action for Tom

====== Who can call the Javascript API? ====================

- Anybody who has content on the page
- Currently the text says that the API is usually called by first parties
-
====== Transparency ====================

- User agents have sufficient information to tell their users what third
parties are on a site
- Whether and how this is done and how the UI looks like is out of scope

====== Under what conditions is DNT;0 sent to the first party =======

Wider question: What information to relay to the first party
- DNT preference for this site (0/1)
- Exception status for the third parties (all third parties are
excepted, some are exempted, ...)

- Agreement: DNT preference for this site should be transmitted
- Agreement: Some feedback on third party exeption status should be
transmitted

- Call for text/proposals needed to get text alternatives on the table
Received on Thursday, 12 April 2012 18:19:46 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:27 UTC