W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Today's call: summary on user agent compliance

From: Tamir Israel <tisrael@cippic.ca>
Date: Thu, 07 Jun 2012 13:08:08 -0400
Message-ID: <4FD0DFF8.9010809@cippic.ca>
To: David Singer <singer@apple.com>
CC: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Hi there,

I think this raises a very valid point, which extends well beyond the IE 
default scenario. Allowing any point in the chain to second guess 
signals that are *facially* valid,  but assert compliance. This could be 
problematic, no?

On 6/7/2012 12:30 PM, David Singer wrote:
> On Jun 7, 2012, at 8:05 , Rigo Wenning wrote:
>> On Wednesday 06 June 2012 15:00:00 David Singer wrote:
>>> You might have good reason.  But it's still not compliant.  I sent
>>> you "Please do X", and you replied "No, I won't, I don't believe
>>> you."  I don't think you can describe that as *compliant*.  You
>>> might think it *justified*.
>> For the record and as a personal opinion. I expressed a totally
>> different opinion on the call. This was not taken into account.
>> If the TPE allows you to send an NACK ("No, I won't" full stop),
>> then it is compliant to say No. It may not be privacy enhancing, but
>> it is compliant. If the TPE contains no way to (explicitly or
>> implicitly) say "No, I won't" then we go into very troubled water,
>> socially and legally!
> I think you need to explain this.
> It's a choice to implement DNT (on either end), but once you do, your obligations -- what you signed up for -- should be clear (for both ends).  "Yes, we implement DNT and comply with the W3C specifications" should mean that both ends should know what to expect of the other.
> Defining that "I'll stop tracking unless I don't feel like it" as *compliant* makes it basically unpredictable what will happen.
>> It means that the user can force the
>> preference on the server.
> Nobody is forcing anyone to implement DNT, but once they do, it should be clear what is expected of them: and that needs to be more than "exercise their own judgment over what to do and what not to do".
>> The only option is then that the server
>> can silently give up compliance which could be seen as misleading.
>> If I would be a server in this situation, I would give up compliance
>> immediately for all DNT because this is legally untenable.
> These are strong words, which I don't see supported.
> Imagine a function
> "Y = SQRT(X)
> This returns the square root of X, unless the system has reason to believe that the caller didn't need a square root at this time, whereupon it returns something else."
> Seriously, this is a useful definition?
>> Shane argued many times in other areas that if we fail to honor, we
>> can do so, but have to alert the UA.
> *That* I agree with.  At the moment, it's even hard to detect whether the server claims one or more permissions, or believes it has an exception grant from the user.
> Overall, the way to get good behavior in any protocol is to strive to be *more compliant* than the other end.  At the moment, people are arguing that they should be allowed, encouraged even, to be *less compliant* (because you would ignore a DNT signal from users who did, in fact, mean it).  This is a race to the bottom, and a recipe for something worthless.
> David Singer
> Multimedia and Software Standards, Apple Inc.
Received on Thursday, 7 June 2012 17:09:13 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:50 UTC