Re: action-231, issue-153 requirements on other software that sets DNT headers from David Singer on 2012-08-22 (public-tracking@w3.org from August 2012)

From: David Singer <singer@apple.com>
Date: Wed, 22 Aug 2012 10:54:15 -0700
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <CAE6E089-A5CE-465B-8D30-5A632902B337@apple.com>
On Aug 21, 2012, at 17:12 , Tamir Israel <tisrael@cippic.ca> wrote:

> What does a server do when it gets a DNT-1 that is not a UA default, but with no implementation for exceptions?
> 
> I think the exceptions are important….

so do we all, but there is little practical difference between

a) a UA that doesn't implement exceptions
b) a UA that's hard-wired to say no
c) a user who always says no

In all cases, the server knows it doesn't get the exception.  The consequence is probably that the user doesn't get the experience that a user who does grant an exception would have got (else, why ask?).

Again, we do not need lots of rules.  We need protocol definitions.


> 
> On 8/21/2012 8:05 PM, Ian Fette (イアンフェッティ) wrote:
>> 
>> Hypothetical situation here. Server gets a DNT:1 request from a browser. Browser ships DNT:1 by default. Browser doesn't implement exceptions. Browser may or may not block third party cookies by default. What exactly is the server supposed to do in this case?
>> 
>> -Ian
>> 
>> On Tue, Aug 21, 2012 at 4:59 PM, Shane Wiley <wileys@yahoo-inc.com> wrote:
>> Jeff,
>> 
>>  
>> I disagree both on your philosophical position (compliant Servers must honor non-compliant UAs) but more importantly as part of the working group process.  Hopefully we can review this (again) at the next TPE weekly meeting.
>> 
>>  
>> - Shane
>> 
>>  
>> From: Jeffrey Chester [mailto:jeff@democraticmedia.org] 
>> Sent: Tuesday, August 21, 2012 4:56 PM
>> To: Shane Wiley
>> Cc: John Simpson; Tamir Israel; Dobbs, Brooks; David Singer; David Wainberg; public-tracking@w3.org (public-tracking@w3.org); Nicholas Doty
>> 
>> 
>> Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers
>>  
>> Shane:  I don't believe we have said such flags are "invalid."  I agree with John, DNT:1 must be honored. We should not penalize privacy by design, a policy most stakeholders support.  
>> 
>> Regards,
>> 
>>  
>> Jeff
>> 
>>  
>>  
>>  
>> On Aug 21, 2012, at 7:49 PM, Shane Wiley wrote:
>> 
>> 
>> 
>> John,
>> 
>> 
>> I thought we already agreed in the working group to remain silent on this situation and allow implementers to defend their actions with respect to sending invalid flags.  Correct?  I understand your personal views here but I wanted to reconfirm the working group end-point on this issue.
>> 
>>  
>> Thank you,
>> Shane
>> 
>>  
>> From: John Simpson [mailto:john@consumerwatchdog.org] 
>> Sent: Tuesday, August 21, 2012 4:46 PM
>> To: Tamir Israel
>> Cc: Dobbs, Brooks; David Singer; David Wainberg; public-tracking@w3.org (public-tracking@w3.org); Nicholas Doty; Shane Wiley
>> Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers
>> 
>>  
>> For what it's worth I do not see how you can "blacklist" a UA that is supposedly noncompliant if it sends a valid DNT:1 You can write a letter to the vendor, you can call them out for being noncompliant, you can protest to regulatory authorities if they claim to be complaint when they are not.
>> 
>>  
>> However, if you get a DNT:1 signal, it needs to be honored.  
>> 
>>  
>> On Aug 21, 2012, at 2:58 PM, Tamir Israel wrote:
>> 
>> 
>> 
>> 
>> OK -- I am not advocating two headers! Although one for each personality would probably lead to more accurate profiling ; P
>> 
>> I suppose my concern was a combination of a.) how far will a UA's obligation to check that alterations to its DNT are 'reflective of user input' be stretched and b.) whether this opens up the door to more UA blacklisting potential.
>> 
>> Best,
>> Tamir
>> 
>> On 8/21/2012 5:13 PM, Dobbs, Brooks wrote:
>> 
>> 
>> Tamir,
>> 
>>  
>> You are making this too complicated.  UAs shouldn't be required to audit
>> 
>> applications, plugins, etc - they should, per the spec, only ever send a
>> 
>> signal which is consistent with a user preference.  If they don't feel
>> 
>> confident that what they are sending meets that requirement they shouldn't
>> 
>> send anything.  Anything else completely undermines the spec.  If you send
>> 
>> two DNT headers, you are by definition, non-compliant (schizophrenic users
>> 
>> not withstanding).
>> 
>>  
>> -Brooks
>> 
>>  
>>  
>>  
>> ----------
>> 
>> John M. Simpson
>> 
>> Consumer Advocate
>> 
>> Consumer Watchdog
>> 
>> 1750 Ocean Park Blvd. ,Suite 200
>> 
>> Santa Monica, CA,90405
>> 
>> Tel: 310-392-7041
>> 
>> Cell: 310-292-1902
>> 
>> www.ConsumerWatchdog.org
>> 
>> john@consumerwatchdog.org
>> 
>>  
>>  
>> Jeffrey Chester
>> 
>> Center for Digital Democracy
>> 
>> 1621 Connecticut Ave, NW, Suite 550
>> 
>> Washington, DC 20009
>> 
>> www.democraticmedia.org
>> 
>> www.digitalads.org
>> 
>> 202-986-2220
>> 
>>  
>> 

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 22 August 2012 17:55:10 UTC