Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance] from Tamir Israel on 2012-06-05 (public-tracking@w3.org from June 2012)

From: Tamir Israel <tisrael@cippic.ca>
Date: Tue, 05 Jun 2012 13:32:09 -0400
To: Rigo Wenning <rigo@w3.org>
CC: public-tracking@w3.org, Justin Brookman <justin@cdt.org>
Message-ID: <4FCE4299.5050107@cippic.ca>

Hi there,

On 6/5/2012 12:29 PM, Rigo Wenning wrote:
> So a service can_always_  ignore a DNT signal. Now I hear the
> saying: "They claimed compliance". But compliance to what? That
> their entire site is honoring DNT? What about if I'm logged in to
> W3C services? They must track me because of the ACL. Consequence: I
> get an NACK. And rightly so. But if the service issues an NACK, it
> does not make a misleading statement anymore. Because the service
> does not claim to honor DNT;1 and doesn't. And if we accept the user
> sending DNT;1 as an expression, we also have to accept NACK as an
> expression. Whether from a pure wording we then tell that after
> sending NACK a service is not "dnt-compliant" anymore is a matter of
> terminology, branding, campaigning etc. But the NACK would have to
> be defined in the Specification. And if a service is acting
> according to that Specification, I wonder how we could still say it
> is "not compliant".
I'm not clear: are there obligations to communicate NACK responses to 
the end user if DNT-1 is set by UA default?

>
> So I say, with defaults or without, you can't force a service to
> honor DNT;1 until they've sent you an ACK! If we violate this basic
> principle, I will start to send contracts to all those in favor of
> the violation of that principle and request that they do what I have
> written down in the contract.
>
> Is getting a NACK on a DNT;1 the end of the world? No! The browser
> knows now that the service is not willing to apply DNT;1 rules and
> can react accordingly. I can show you in Seattle what that
> potentially can mean. I would e.g. hope that the browser-bundle
> would start TOR on demand for that situation.
Is there something in the spec that would require this? I think making 
the UA the enforcer might be problematic, as per P3P....

I appreciate the desire to avoid dictating server responses and stick to 
explaining  what is being 'expressed' by each signal. Yes, legal regimes 
can impose 'fictional' DNT-1 defaults onto servers, but I think that can 
be precluded if some UA/server process is set up to manage 'disagreements'.

Best regards,
Tamir

Received on Tuesday, 5 June 2012 17:35:41 UTC