W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Today's call: summary on user agent compliance

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Mon, 11 Jun 2012 09:30:20 -0600
Cc: public-tracking@w3.org
Message-Id: <A73570A8-5969-4C65-9CBF-55950063356A@gmail.com>
To: Roy T. Fielding <fielding@gbiv.com>
> Somebody tests the browser and says it is broken.  We add logic
> to the server to move the invalid value out of the way based on
> the presence of a variable, and then a BrowserMatch directive to
> set the variable based on User-Agent pattern.  I believe you know
> how that works.


Yep I know how to do that. It¡¯s going to require a whole new Apache module: mod-see-if-this-request-is-from-a-browser-that-might-be-on-a-blacklist-because-someone-thinks-it-isn't-doing-something-right.so  Should be a piece of cake to build, debug, and then keep updated across every Apache and IIS server.

¡¦and any copy of Apache in the whole world who does NOT have this ¡°new module¡± installed is also, itself, immediately non-compliant with the DNT standard and subject
to financial penalties in places like Europe?

> It is all optional, and no I am not asking them to do it.  IE is.


Ah, the ¡°optional¡± get of jail free card. And while we¡¯re on the subject of accusing IE of being non compliant you might as well add all the other browsers to that list. The default ¡°Choice¡± is being made for you, which is one of ¡°track away¡±.

Let me explain. In the absence of  a pop-up during the install which gives the user the choice of either to be tracked or not, the default is to NOT set a header which is the functional equivalent of setting a DNT:0 (maybe that¡¯s why no current browser even allows you to set a header of DNT:0). 

In essence without a huge marketing campaign and a pop-up the default is to track. It¡¯s looking like Microsoft did the right thing for once and thought about protecting the consumer. But again it¡¯s all optional.


> The same way HTTP works on mobile.


Well HTTP does work on mobile. What doesn¡¯t work on mobile very well is JavaScript. So get ready to test and debug any JavaScript you¡¯re using to support DNT on a mobile device. 



> I don't think the user will be surprised when a site tells them that
> their new user agent is not standards-compliant and will not be
> treated as such.



Again I come back to the ¡°How¡±. Think UI on a 4¡± screen. Also what about sight impaired people. Are we just writing them off with confusing pop-ups on their mobile devices because they can¡¯t see correctly.

The amount of work that is going to have to take place on the server is staggering. And in countries where compliance has financial penalties there¡¯s going to be huge pressure to ensure that your code is up to spec. 



Peter
___________________________________
Peter J. Cranstone


Contact information (Email is fastest)
____________________________________
Email:      peter.cranstone@gmail.com
Phone:    (00 +1) 720.663.1752




On Jun 9, 2012, at 5:06 PM, Roy T. Fielding wrote:

> On Jun 9, 2012, at 10:13 AM, Peter Cranstone wrote:
> 
>>>> I think you are missing the point.  The DNT signals do not matter if
>>>> the UA's implementation is broken.
>> 
>> How do you determine that in real time?
> 
> I don't need to.
> 
>> Exactly what information arrives
>> so the Web server understands it©ös broken?
> 
> Somebody tests the browser and says it is broken.  We add logic
> to the server to move the invalid value out of the way based on
> the presence of a variable, and then a BrowserMatch directive to
> set the variable based on User-Agent pattern.  I believe you know
> how that works.
> 
>>>> A site can choose to do anything
>>>> it wants, including denying all service, provided that what it chooses
>>>> to do is consistent with other claims it has made to this user.
>> 
>> How does it communicate this to the user?
> 
> However it likes.  It is a server, after all.
> 
>>>> If the service has the ability to supply or overlay content on
>>>> the page, it might go further and render a piece of content that
>>>> informs the user that they are using a non-compliant browser,
>>>> along with a link to a hypertext page that describes an opt-out
>>>> mechanism that is not subject to browser bugs, along with pointers
>>>> to browsers that aren't so buggy.
>> 
>> You're not serious right? Your asking vendors to write code to determine
>> whether or not the browser has bugs, is sending a non compliant UA and
>> then asking them to add all of that into a page for the user to read. And
>> BTW you should download a browser that works?
> 
> It is all optional, and no I am not asking them to do it.  IE is.
> 
>> Exactly how does all of this work on mobile?
> 
> The same way HTTP works on mobile.
> 
>>>> All that is needed is a choice made by the user (not the OS
>>>> vendor, the browser vendor, nor the sysadmin installing the OS).
>>>> That's not a high bar.
>> 
>> Again how do you know? All the server sees is DNT=1 Are you now going to
>> ask them to run a quick check against all the known UA©ös for good
>> browsers. 
>> 
>>>> DNT is already defined as
>>>> an expression of the user's choice.  If a UA decides to send the
>>>> header field without a user choice, then it is lying to the server.
>> 
>> Your server just received DNT=1 How do you know if the header was sent
>> without the users choice?
> 
> It doesn't matter.  The site does not support that UA, period.
> Sites are under no obligation to support broken user agents.
> 
>> All Joe Public is going to do is go to his browser privacy setting, turn
>> on ©øTell Web Sites to Not Track Me©÷ and EXPECT them to comply. Can you
>> imagine his surprise when he finds out that nothing is further from the
>> truth, that his browser is broken, the site has decided not to honor DNT
>> and oh yes, his header never turned up there because it got stripped out
>> along the way.
> 
> I don't think the user will be surprised when a site tells them that
> their new user agent is not standards-compliant and will not be
> treated as such.
> 
> ....Roy
> 
> 
> 
Received on Monday, 11 June 2012 15:30:54 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC