Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance]

The intermediary will correct based on what information?  Who will 
create the black list of "browser matches" and on what criteria, 
maintain it, deduce what the browser UI was that the user interfaced 
with, and determine that the user did not otherwise interact with the 
browser settings?

Justin Brookman
Director, Consumer Privacy
Center for Democracy&  Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
tel 202.407.8812
fax 202.637.0969
justin@cdt.org
http://www.cdt.org
@CenDemTech
@JustinBrookman


On 6/1/2012 5:45 PM, Roy T. Fielding wrote:
> I do what I usually do when a user agent has a broken
> implementation of HTTP -- I correct it before anything
> downstream sees it.  In this case, an intermediary will delete
> the DNT field value based on browser match before the applications
> have a chance to make a decision based on the DNT field value.
>
> ....Roy
>
> On Jun 1, 2012, at 2:36 PM, Justin Brookman wrote:
>
>> Agree with David --- we don't even know what MSFT's eventual 
>> implementation is going to be, and I can't say I know what AVG's is 
>> today.  Is there a screen that's pre-checked?  Is there some sort of 
>> ephemeral notice saying "by the way, DNT is on."  Will those UIs 
>> change over time?  Who is going to monitor the UIs and make the 
>> decision: "No, this isn't user choicey enough!"  How will you know 
>> what the UI was when the user installed the user agent?  Even if the 
>> default is on and there's no notice at all, how will the party know 
>> that the user didn't turn it off at some point, see a retargeted ad 
>> for a Vegas casino, and then turn in back on again?
>>
>> I can't see how a standard answers those questions.
>> Justin Brookman
>> Director, Consumer Privacy
>> Center for Democracy&  Technology
>> 1634 I Street NW, Suite 1100
>> Washington, DC 20006
>> tel 202.407.8812
>> fax 202.637.0969
>> justin@cdt.org
>> http://www.cdt.org
>> @CenDemTech
>> @JustinBrookman
>>
>> On 6/1/2012 5:28 PM, David Singer wrote:
>>>
>>> On Jun 1, 2012, at 14:22 , Shane Wiley wrote:
>>>
>>>> David,
>>>> I disagree.  If you know that an UA is non-compliant, it should be 
>>>> fair to NOT honor the DNT signal from that non-compliant UA and 
>>>> message this back to the user in the well-known URI or Response 
>>>> Header.  Further, we can provide information for the user to use a 
>>>> UA that is DNT compliant if they wish for their preference to be 
>>>> honored in that regard.
>>>
>>> OK, I think we will have to agree to disagree.  I can't think of any 
>>> other spec., off hand, that allows one end to 'misbehave' if they 
>>> believe the other end is misbehaving.  There *are* specs that deal 
>>> with what you do if you see actual invalid values, incorrect 
>>> responses, etc., but none that I know of that allow you to conclude 
>>> 'you didn't really mean that' and do something other than what was 
>>> signalled.
>>>
>>> I still don't know how you tell the difference between a user who 
>>> agree with, and wanted, the choice, and a user who wasn't aware of it.
>>>
>>>
>>>
>>> David Singer
>>> Multimedia and Software Standards, Apple Inc.
>>>
>

Received on Friday, 1 June 2012 21:53:57 UTC