W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

RE: tracking-ISSUE-121: Should a user agent advertise its DNT ability by, e.g., sending DNT;NULL [Tracking Preference Expression (DNT)]

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 1 Feb 2012 18:03:24 -0800
To: Nicholas Doty <npdoty@w3.org>
CC: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D0C8AC1BD@SP2-EX07VS02.ds.corp.yahoo.com>
Nick,

If you feel this can be managed via the site-specific exceptions call, then I believe we're covered.

This was assigned to me at Brussels as I saw the site-specific exception value but there were many on the email list that were arguing for having DNT:<null> too.  Hopefully someone else will speak up if they want to keep this option (but I hear you loud and clear on traffic bloat).

- Shane

-----Original Message-----
From: Nicholas Doty [mailto:npdoty@w3.org] 
Sent: Wednesday, February 01, 2012 10:02 AM
To: Shane Wiley
Cc: Tracking Protection Working Group WG
Subject: Re: tracking-ISSUE-121: Should a user agent advertise its DNT ability by, e.g., sending DNT;NULL [Tracking Preference Expression (DNT)]

On Feb 1, 2012, at 6:48 AM, Shane Wiley wrote:
> The publisher may request an exception proactively if they see that DNT is available to the user agent but not yet activated (may be required in some legal jurisdictions).

This would be good to discuss further. In JavaScript it would be particularly easy to check for the capability to request site-specific exceptions (a method which would just be null if the user agent doesn't support it). What's the relevant legal requirement? Do we expect that there are some jurisdictions that would require use of an exception mechanism if one existed even if the user weren't using Do Not Track?

> Why would a user NOT wish for their user agent to broadcast its ability to support DNT?

User agents don't typically broadcast every extension or capability they have on every outgoing HTTP request. It increases fingerprintability. A user might not want to unintentionally send a signal that they specifically hadn't enabled a privacy setting. For those concerned about bandwidth, sending the header on every browser that supports DNT, even if the vast majority of those users don't have it enabled, would generate a relatively large cost with possibly no advantage for the user.

Thanks,
Nick
Received on Thursday, 2 February 2012 02:04:20 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:44 UTC