Re: action-231, issue-153 requirements on other software that sets DNT headers from David Singer on 2012-08-22 (public-tracking@w3.org from August 2012)

From: David Singer <singer@apple.com>
Date: Wed, 22 Aug 2012 10:52:12 -0700
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <A0D7D38D-E914-414B-8D8B-7457C775592E@apple.com>
On Aug 21, 2012, at 17:05 , Ian Fette (イアンフェッティ) <ifette@google.com> wrote:

> Hypothetical situation here. Server gets a DNT:1 request from a browser. Browser ships DNT:1 by default. Browser doesn't implement exceptions. Browser may or may not block third party cookies by default. What exactly is the server supposed to do in this case?

I think that the server has all the choices it has today;  carry on, re-direct to a page that explains that you need a different user-agent.  Plus it has the choice to treat the user as someone who always says 'no' to exception requests;  which might involve re-directing you to another page, and so on.

I think we are over-designing, again, here.  Both servers and browsers have choices over how they conduct the transactions (and, indeed, whether: browsers can choose not to visit, and servers can respond with error codes).

How is a user-agent supposed to respond to servers that they suspect are not compliant when they claim they are?  Again, any way they like.

We do not need rules; we have plenty of existing choices.

> 
> -Ian
> 
> On Tue, Aug 21, 2012 at 4:59 PM, Shane Wiley <wileys@yahoo-inc.com> wrote:
> Jeff,
> 
>  
> 
> I disagree both on your philosophical position (compliant Servers must honor non-compliant UAs) but more importantly as part of the working group process.  Hopefully we can review this (again) at the next TPE weekly meeting.
> 
>  
> 
> - Shane
> 
>  
> 
> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] 
> Sent: Tuesday, August 21, 2012 4:56 PM
> To: Shane Wiley
> Cc: John Simpson; Tamir Israel; Dobbs, Brooks; David Singer; David Wainberg; public-tracking@w3.org (public-tracking@w3.org); Nicholas Doty
> 
> 
> Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers
> 
>  
> 
> Shane:  I don't believe we have said such flags are "invalid."  I agree with John, DNT:1 must be honored. We should not penalize privacy by design, a policy most stakeholders support.  
> 
> Regards,
> 
>  
> 
> Jeff
> 
>  
> 
>  
> 
>  
> 
> On Aug 21, 2012, at 7:49 PM, Shane Wiley wrote:
> 
> 
> 
> 
> John,
> 
> 
> I thought we already agreed in the working group to remain silent on this situation and allow implementers to defend their actions with respect to sending invalid flags.  Correct?  I understand your personal views here but I wanted to reconfirm the working group end-point on this issue.
> 
>  
> 
> Thank you,
> Shane
> 
>  
> 
> From: John Simpson [mailto:john@consumerwatchdog.org] 
> Sent: Tuesday, August 21, 2012 4:46 PM
> To: Tamir Israel
> Cc: Dobbs, Brooks; David Singer; David Wainberg; public-tracking@w3.org (public-tracking@w3.org); Nicholas Doty; Shane Wiley
> Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers
> 
>  
> 
> For what it's worth I do not see how you can "blacklist" a UA that is supposedly noncompliant if it sends a valid DNT:1 You can write a letter to the vendor, you can call them out for being noncompliant, you can protest to regulatory authorities if they claim to be complaint when they are not.
> 
>  
> 
> However, if you get a DNT:1 signal, it needs to be honored.  
> 
>  
> 
> On Aug 21, 2012, at 2:58 PM, Tamir Israel wrote:
> 
> 
> 
> 
> 
> OK -- I am not advocating two headers! Although one for each personality would probably lead to more accurate profiling ; P
> 
> I suppose my concern was a combination of a.) how far will a UA's obligation to check that alterations to its DNT are 'reflective of user input' be stretched and b.) whether this opens up the door to more UA blacklisting potential.
> 
> Best,
> Tamir
> 
> On 8/21/2012 5:13 PM, Dobbs, Brooks wrote:
> 
> 
> 
> Tamir,
> 
>  
> 
> You are making this too complicated.  UAs shouldn't be required to audit
> 
> applications, plugins, etc - they should, per the spec, only ever send a
> 
> signal which is consistent with a user preference.  If they don't feel
> 
> confident that what they are sending meets that requirement they shouldn't
> 
> send anything.  Anything else completely undermines the spec.  If you send
> 
> two DNT headers, you are by definition, non-compliant (schizophrenic users
> 
> not withstanding).
> 
>  
> 
> -Brooks
> 
>  
> 
>  
> 
>  
> 
> ----------
> 
> John M. Simpson
> 
> Consumer Advocate
> 
> Consumer Watchdog
> 
> 1750 Ocean Park Blvd. ,Suite 200
> 
> Santa Monica, CA,90405
> 
> Tel: 310-392-7041
> 
> Cell: 310-292-1902
> 
> www.ConsumerWatchdog.org
> 
> john@consumerwatchdog.org
> 
>  
> 
>  
> 
> Jeffrey Chester
> 
> Center for Digital Democracy
> 
> 1621 Connecticut Ave, NW, Suite 550
> 
> Washington, DC 20009
> 
> www.democraticmedia.org
> 
> www.digitalads.org
> 
> 202-986-2220
> 
>  
> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 22 August 2012 17:53:34 UTC