W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: DNT-aware JavaScript (ISSUE-84)

From: Nicholas Doty <npdoty@w3.org>
Date: Sun, 12 Feb 2012 18:03:57 -0800
Cc: Jonathan Mayer <jmayer@stanford.edu>, Kevin Smith <kevsmith@adobe.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <00352D3D-33DC-4689-AE1B-BF6F3E01BA67@w3.org>
To: Roy T. Fielding <fielding@gbiv.com>
On Jan 26, 2012, at 1:02 AM, Roy T. Fielding wrote:
> On Jan 25, 2012, at 10:52 PM, Jonathan Mayer wrote:
>> DNT-aware JavaScript is a frequently proposed use case / called for feature request.  I think it'd be unwise to leave out something implementers want, especially when the approach appears to be counterintuitive for some.
> 
> My concern is fairly specific.  We do personalization via javascript.  Some
> of that personalization is based on server-side information and some based
> on client-side information.  Some of it is based on pure session data (like
> where the mouse pointer spends the most time in your window).
> 
> I expect client-side personalization to increase in the future (depending on
> regions and devices) when client-side storage is more prevalent.
> 
> The end result is that users may start seeing targeted behavior entirely
> driven by client-side data and cached javascript, which means no server
> request is being made to the third party and thus no DNT header is sent.
> 
> Do we care to address that use case?  I don't know if we do.

I think this is an issue worth discussing, if only briefly. 

My impression is that while client-side JavaScript personalization is often a privacy-preserving technique there might be some situations where a site wouldn't want its personalization to be too intrusive to avoid surprising or disturbing its users. Perhaps we could note (in MAY or non-normative language) that DNT-aware JavaScript (whether achieved via a DOM property or other means) may use awareness of a DNT signal to avoid, for example, behavior that could reveal past interactions. If in the future client-side personalization becomes prevalent and raises privacy concerns among users we could give normative recommendations in later versions of the spec.

Thanks,
Nick
Received on Monday, 13 February 2012 02:04:03 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:45 UTC