W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance]

From: Justin Brookman <justin@cdt.org>
Date: Tue, 05 Jun 2012 12:45:25 -0400
Message-ID: <4FCE37A5.6090307@cdt.org>
CC: public-tracking@w3.org
For purposes of argument, substitute NACK with a different response 
header for "Invalid User Agent" or "Non-Compliant User Agent"that Shane 
suggested.

Justin Brookman
Director, Consumer Privacy
Center for Democracy&  Technology
1634 I Street NW, Suite 1100
Washington, DC 20006
tel 202.407.8812
fax 202.637.0969
justin@cdt.org
http://www.cdt.org
@CenDemTech
@JustinBrookman


On 6/5/2012 12:29 PM, Rigo Wenning wrote:
> Justin,
>
> I have concerns that some of the assumptions underlying certain
> argumentations will not hold in front of central principles of law.
> Unless there is buy-in.
>
> Sending a DNT;1 header is an expression of a preference. But this
> expression can not force the service to do anything without
> violating the freedom of contract. And W3C is no legislator. If a
> law said, on reception of DNT;1 you have to do what is written down
> in the W3C compliance specification, that would be different. But
> this would only count for the jurisdiction the law was made for.
>
> So a service can _always_ ignore a DNT signal. Now I hear the
> saying: "They claimed compliance". But compliance to what? That
> their entire site is honoring DNT? What about if I'm logged in to
> W3C services? They must track me because of the ACL. Consequence: I
> get an NACK. And rightly so. But if the service issues an NACK, it
> does not make a misleading statement anymore. Because the service
> does not claim to honor DNT;1 and doesn't. And if we accept the user
> sending DNT;1 as an expression, we also have to accept NACK as an
> expression. Whether from a pure wording we then tell that after
> sending NACK a service is not "dnt-compliant" anymore is a matter of
> terminology, branding, campaigning etc. But the NACK would have to
> be defined in the Specification. And if a service is acting
> according to that Specification, I wonder how we could still say it
> is "not compliant".
>
> So I say, with defaults or without, you can't force a service to
> honor DNT;1 until they've sent you an ACK! If we violate this basic
> principle, I will start to send contracts to all those in favor of
> the violation of that principle and request that they do what I have
> written down in the contract.
>
> Is getting a NACK on a DNT;1 the end of the world? No! The browser
> knows now that the service is not willing to apply DNT;1 rules and
> can react accordingly. I can show you in Seattle what that
> potentially can mean. I would e.g. hope that the browser-bundle
> would start TOR on demand for that situation.
>
> I maintain, nearly every server, except perhaps dedicated tracking
> servers, has areas where user tracking is part of the necessity to
> provide the service. We need an NACK for that anyway.
>
> Rigo
>
> On Tuesday 05 June 2012 11:54:28 Justin Brookman wrote:
>> The
>> ad net would send back a NACK signal . . . and then what?  There
>> would  be no way to reset the DNT mechanism to say "yes, I really
>> mean this" on a persistent basis.  Effectively, any "compliant"
>> third party will have the ability to refuse to ever acknowledge
>> any DNT:1 signal coming from a UA that it unilaterally deems out
>> of compliance.  They may be some transparency around that
>> refusal, but no ability for the user to redeem the faults of the
>> UI.  And then what would the UA do in this conundrum? Block
>> communications to servers that report back that they're ignoring
>> its DNT signal?  I do not think this is an optimal result.
>
Received on Tuesday, 5 June 2012 16:45:56 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC