- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 10 Feb 2012 14:25:11 -0800
- To: Peter Eckersley <peter.eckersley@gmail.com>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Feb 10, 2012, at 1:43 PM, Peter Eckersley wrote: > This is an unacceptably large amount of trust to ask users to place in the operation of opaque server infrastructure. DNT is inherently going to require some amount of trust in the sense that when servers claim they are compliant, users will have to believe them. However, the most robust method for reinforcing this trust is maximizing the scope for auditability: when the DNT header is sent, compliant domains delete their ID cookies. If this type of auditing is not possible, then it is inevitable that some of the dozens/hundreds of third parties that ultimately implement the server-side of the convention will do the opaque server-side privacy part wrong, whether by accident, incompetence, or malice. > > From EFF's perspective, an exception for ID cookies for administrative purposes related to the 3rd party ad delivery would be a non-starter. Then turn off cookies. There is nothing preventing the user from doing so in addition to sending DNT: 1. ....Roy
Received on Friday, 10 February 2012 22:25:31 UTC