W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

RE: Today's call: summary on user agent compliance

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Fri, 8 Jun 2012 11:24:00 -0700
To: David Singer <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D185908C1@SP2-EX07VS02.ds.corp.yahoo.com>

I agree with everything except remaining silent on uncompliant behavior and how to appropriately notify a user that their UA signal is non-compliant, won't be honored, and to provide them with meaningful choices from that point.

- Shane

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: Friday, June 08, 2012 11:13 AM
To: public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: Today's call: summary on user agent compliance

After offline conversation with Rigo, and re-reading some messages, I rather suspect we are closer to (violent) agreement than it might appear.

In particular:

A] We seem to agree that it should not be compliant for a server to respond to a compliant DNT:1 request by continuing track you for some reason of its own devising.

B] We also seem to agree that the user-agent/user needs to know the answer to the simple question "is this site possibly tracking me, or not?".

C] I would also guess that we all think we have our hands full answering the question of what constitutes compliant interaction. Adding to our workload specifying how the two ends may deal with non-compliant behavior, and expecting to maintain schedule, is probably optimistic.

I therefore suggest:

* We add to both documents that they specify how compliant end-points react and behave with other compliant end-points, and the handling of non-compliant behavior is currently, for the most part, unspecified.

* We re-examine the response header and well-known resource.  At the moment it's easier to determine "is this a first or third party?" than the more important "am I being tracked?".  I would suggest that the signal be clearer:
  - I am not tracking (though I may be engaging in Permitted Uses);
  - I am or may be tracking you, and then optionally add:
    - because I didn't see any DNT header from you at all (it's also acceptable not to respond at all in this case)
    - because I am a first party
    - because I think I received inline exception from you (DNT:0)
    - because I think I have an out-of-band exception from you
     [so, for Ian and Rigo, it would then be technically possible to respond "I am or may be tracking you" without one of these 'becauses']

* that we require what you say you are doing and what you do must match under all circumstances (even when faced with a non-compliant end-point, so this is one of the few places we'll talk about how to respond to non-compliant behavior).

* and we then say that it is not compliant for a third party to respond to a compliant DNT:1 signal by tracking

(Finally, we thank the people who started this fire, and take the weekend off. oof.)

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Friday, 8 June 2012 18:24:47 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:50 UTC