W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Today's call: summary on user agent compliance

From: Jeffrey Chester <jeff@democraticmedia.org>
Date: Thu, 07 Jun 2012 01:57:19 -0400
Message-id: <3D22D5A4-E289-4649-8C09-7E778B2F34B9@democraticmedia.org>
Cc: Mike Zaneis <mike@iab.net>, "Aleecia M. McDonald" <aleecia@aleecia.com>, David Singer <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
To: "ifette@google.com" <ifette@google.com>
The W3c should not sanction the punishing of consumers who use a browser or user agent that has publicly declared that DNT is the default.  No mechanism that enables a site to reject the DNT signal from a user agent that has publicly declared it is offering it as a default should be adopted. DNT is also likely to become a norm users expect. I assume brands that ignore such requests will find themselves in the privacy spotlight. I can imagine that many advertisers will add to their own brand safe protection lists the need for a site to honor DNT. 



On 07 Jun 2012, at 12:01 AM, Ian Fette (イアンフェッティ) <ifette@google.com> wrote:

> Mike,
> 
> The discussion on that part largely revolved around what sites an option has when it receives a request that, for whatever reason, it believes doesn't meet the bar. We've said from the beginning that no one is forcing sites to implement DNT (or browsers for that matter). We are coming up with a specification for what DNT means, we have no power to force anyone to use the specification. The question came up something along the lines of "So, what happens if I get a request from an IE10 user with DNT:1, what options do I as a site have?".
> 
> There's some people in the working group who felt that if you as a site support DNT, then you must support it when you see DNT:1 and you have no business second-guessing the UI decisions made by the browser or the level of compliance of the browser. You see DNT:1, you do your DNT:1 thing, whatever that means.
> 
> There's other people in the working group, myself included, who feel that since you are under no obligation to honor DNT in the first place (it is voluntary and nothing is binding until you tell the user "Yes, I am honoring your DNT request") that you already have an option to reject a DNT:1 request (for instance, by sending no DNT response headers). The question in my mind is whether we should provide websites with a mechanism to provide more information as to why they are rejecting your request, e.g. "You're using a user agent that sets a DNT setting by default and thus I have no idea if this is actually your preference or merely another large corporation's preference being presented on your behalf." Given that DNT is optional and the only regulatory hooks are what you sign up for and say you're going to do, someone suggested what Aleecia paraphrased in her email, "we comply with the W3C DNT specification except we ignore non-compliant user agents.". E.g. the site determining what amount of DNT compliance it wishes to claim and under what circumstances. Perhaps we go beyond there, perhaps we don't, who knows, but that was where the discussion started to go.
> 
> -Ian
> 
> On Wed, Jun 6, 2012 at 7:19 PM, Mike Zaneis <mike@iab.net> wrote:
> I was not on the call today because I was with Marc and others at the CFA conference, so I'd love to hear more about this potential new publisher requirement. If they are outside of the Spec then why would they have any response obligation?  Happy to learn more about the initial discussion.
> 
> Mike Zaneis
> SVP & General Counsel, IAB
> (202) 253-1466
> 
> On Jun 6, 2012, at 10:06 PM, "Aleecia M. McDonald" <aleecia@aleecia.com> wrote:
> 
> >
> > On Jun 6, 2012, at 3:00 PM, David Singer wrote:
> >
> >>
> >> On Jun 6, 2012, at 11:48 , Aleecia M. McDonald wrote:
> >>
> >>> We did NOT hear a view that the specification should require publishers to honor DNT:1 signals from non-compliant User Agents.
> >>
> >> I think that I have consistently argued that when the two ends adhere to the protocol (i.e. their expression and responses are correct), then it's non-compliant to do other than the protocol requires, both in email and on the call.
> >>
> >> You might have good reason.  But it's still not compliant.  I sent you "Please do X", and you replied "No, I won't, I don't believe you."  I don't think you can describe that as *compliant*.  You might think it *justified*.
> >>
> >> Note well that this goes as much for servers claiming compliance and expecting to be treated as compliant, when in fact they implement something else (e.g. "do not target"). What is sauce for the goose is sauce for the gander, as they say, and if we write anything about one, we should write about both.
> >
> > To follow up on this, which is all a good capture of discussion, there was talk of publishers noting in a privacy policy "we comply with the W3C DNT specification except we ignore non-compliant user agents." We did not talk that all through. There is a lot more to talk about here, actually. We did make a good start getting into it; more to go.
> >
> >    Aleecia
> 
> 
Received on Thursday, 7 June 2012 05:58:55 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC