Re: AW: Re: Behavior of user agents after granting exceptions from SULLIVAN, BRYAN L on 2012-04-15 (public-tracking@w3.org from April 2012)

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Sun, 15 Apr 2012 16:47:33 +0000
To: "mts-std@schunter.org" <mts-std@schunter.org>
CC: Lee Tien <tien@eff.org>, Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "ifette@google.com" <ifette@google.com>
Message-ID: <39D048E0-E043-4158-BA44-3D587C68D366@att.com>

Matthias,

I think you are referring to the text "A user agent must send the DNT header field on all HTTP requests if (and only if) a tracking preference is enabled<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-enabled>. A user agent must not send the DNT<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-dnt-1> header field if a tracking preference is not enabled<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-not-enabled>.".

I agree that the UA is not allowed per this to send a default setting. But to be clear, this statement in the TPE spec also does not limit the mechanisms of "express intent" as mentioned by Rigo. This is clear also from the text in "3. Determining User Preference" which notes a non-exhaustive set of examples of how preferences (and related DNT expression) MIT be set.

Do you agree with that assessment? Or were you referring to something else in the TPE spec?

Thanks,
Bryan Sullivan

On Apr 15, 2012, at 5:13 PM, "mts-std@schunter.org<mailto:mts-std@schunter.org>" <mts-std@schunter.org<mailto:mts-std@schunter.org>> wrote:

Fyi: we agreed (see TPE spec) that dnt should transmit user preference. i.e. Setting a vendor default is usually not permitted (except for eg privacy tools where this preference is expressed during installation).


--- Ursprüngl. Mitteilung ---
Von: "SULLIVAN, BRYAN L"
Gesend.:  15.04.2012, 04:50
An: Lee Tien
Cc: Rigo Wenning; "public-tracking@w3.org<mailto:public-tracking@w3.org>"; Matthias Schunter; "ifette@google.com<mailto:ifette@google.com>"
Betreff: Re: Behavior of user agents after granting exceptions


I'm unsure If we have consensus on what represents express intent, or its role in exception granting and expression. Express intent seems to me to be once of those double-edged concepts, that if we attempt to define too narrowly, could stifle innovation at the same as it places undue burdens on users to take explicit action in every exception grant case.

Or am I reading too much into the meaning of express intent as you are using it?

Thanks,
Bryan Sullivan

On Apr 15, 2012, at 9:26 AM, "Lee Tien" <tien@eff.org<mailto:tien@eff.org>> wrote:

Did we actually reach consensus on the default issue?  I wasn't in DC and have been working cybersecurity stuff so I'm not up on the latest, haven't had a chance to get briefed by Peter.

Lee

On Apr 14, 2012, at 7:38 AM, Rigo Wenning wrote:

On Friday 13 April 2012 22:10:48 Matthias Schunter wrote:
This heuristics is in general not permitted as the default. Installed as
default (without obtaining a user preference), it would send DNT;1's
that do not reflect any collected preference

To further the violent agreement, let me add that DNT expressions without
being a reflection of the user's express intent would not fulfill the EU
requirements for consent either. If we say DNT is a reflection/expression of
a user's preference, we have to constrain it to something that at least
remotely has something to do with a willful act from the user.

Best,

Rigo

Received on Sunday, 15 April 2012 16:48:49 UTC