W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Today's call: summary on user agent compliance

From: Roy T. Fielding <fielding@gbiv.com>
Date: Sat, 9 Jun 2012 16:06:35 -0700
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <BE0BEB29-C8BE-4612-BB12-357810356CF6@gbiv.com>
To: Peter Cranstone <peter.cranstone@gmail.com>
On Jun 9, 2012, at 10:13 AM, Peter Cranstone wrote:

>>> I think you are missing the point.  The DNT signals do not matter if
>>> the UA's implementation is broken.
> 
> How do you determine that in real time?

I don't need to.

> Exactly what information arrives
> so the Web server understands itıs broken?

Somebody tests the browser and says it is broken.  We add logic
to the server to move the invalid value out of the way based on
the presence of a variable, and then a BrowserMatch directive to
set the variable based on User-Agent pattern.  I believe you know
how that works.

>>> A site can choose to do anything
>>> it wants, including denying all service, provided that what it chooses
>>> to do is consistent with other claims it has made to this user.
> 
> How does it communicate this to the user?

However it likes.  It is a server, after all.

>>> If the service has the ability to supply or overlay content on
>>> the page, it might go further and render a piece of content that
>>> informs the user that they are using a non-compliant browser,
>>> along with a link to a hypertext page that describes an opt-out
>>> mechanism that is not subject to browser bugs, along with pointers
>>> to browsers that aren't so buggy.
> 
> You're not serious right? Your asking vendors to write code to determine
> whether or not the browser has bugs, is sending a non compliant UA and
> then asking them to add all of that into a page for the user to read. And
> BTW you should download a browser that works?

It is all optional, and no I am not asking them to do it.  IE is.

> Exactly how does all of this work on mobile?

The same way HTTP works on mobile.

>>> All that is needed is a choice made by the user (not the OS
>>> vendor, the browser vendor, nor the sysadmin installing the OS).
>>> That's not a high bar.
> 
> Again how do you know? All the server sees is DNT=1 Are you now going to
> ask them to run a quick check against all the known UAıs for good
> browsers. 
> 
>>> DNT is already defined as
>>> an expression of the user's choice.  If a UA decides to send the
>>> header field without a user choice, then it is lying to the server.
> 
> Your server just received DNT=1 How do you know if the header was sent
> without the users choice?

It doesn't matter.  The site does not support that UA, period.
Sites are under no obligation to support broken user agents.

> All Joe Public is going to do is go to his browser privacy setting, turn
> on ³Tell Web Sites to Not Track Me² and EXPECT them to comply. Can you
> imagine his surprise when he finds out that nothing is further from the
> truth, that his browser is broken, the site has decided not to honor DNT
> and oh yes, his header never turned up there because it got stripped out
> along the way.

I don't think the user will be surprised when a site tells them that
their new user agent is not standards-compliant and will not be
treated as such.

....Roy
Received on Saturday, 9 June 2012 23:07:00 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC