Re: tracking-ISSUE-111: Different DNT values to signify existence of associated exceptions [Tracking Preference Expression (DNT)] from Rigo Wenning on 2012-01-06 (public-tracking@w3.org from January 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 06 Jan 2012 12:54 +0100
To: public-tracking@w3.org
Cc: Tracking Protection Working Group Issue Tracker <sysbot+tracker@w3.org>
Message-ID: <14599336.i7Tp4Trly4@freud>

On Friday 06 January 2012 02:57:30 Tracking Protection Working Group Issue 
Tracker wrote:
> tracking-ISSUE-111: Different DNT values to signify existence of associated
> exceptions [Tracking Preference Expression (DNT)]
> 
> http://www.w3.org/2011/tracking-protection/track/issues/111
> 
> Raised by: Nick Doty
> On product: Tracking Preference Expression (DNT)
> 
> Should the user agent send a different DNT value to a first party site if
> there exist site-specific exceptions for that first party? (e.g. DNT:2
> implies "I have Do Not Track enabled but grant permissions to some third
> parties while browsing this domain", DNT:3 implies "I grant you a web-wide
> tracking exception")

If you do not send DNT=0 for the same origin after the user has decided to 
opt-back in, there are a number of questions: 

What is the object of your declaration? How do you express the scope of your 
declarations? Do we need regular expressions on URI-space? Would you express 
DNT=27-*://*.w3.org/ to make your statement complete?

If there is an exception, what is the semantic of this exception? What means 
DNT=27? Do I allow some, more, all expressiveness? The amount of whole numbers 
is infinite, so we can have infinite expressiveness. But from a developer's 
perspective, this doesn't look very comprehensive. 

Sending DNT=0 in case of exceptions would mean that either the UA or the proxy 
have to know about the range of things the user is opting back in. The service 
would just receive a DNT=0 and behave correspondingly. For the service, this 
would be simpler than understanding what DNT=19 means. 

Or the service could send: If you want my exception, send DNT=19 back. And we 
would have a registry for those numbers. We could create the IAADN, the 
Internet Authority for Advertisement Numbers, a bit like they do already for 
RFID tags.

Hm, retention times could be encoded in a range: DNT=100.000-10,000,000 would 
describe retentions times in seconds.

Or the Service could return a P3P Policy upon exception. And the user agent 
would have to implement a P3P parser to tell the user what opt-back-in means 
in this concrete case.

Happy New Year

Rigo

Received on Friday, 6 January 2012 11:54:29 UTC