Re: Today's call: summary on user agent compliance

The server knows two things.

The server knows what the default setting was ("none" "on" "off") and what
setting it's seeing now.  If the setting is different than the default, it
knows that the setting has been changed, presumably by the user but
admittedly a third party (intermediary or software) could also change it.
Such is life.

In the case of "setting == default" then the server has strictly less
information than in the previous scenario -- it has NO way of knowing, the
"default" has obscured the user's ability to make a preference, and thus
the server can conclude that the UA doesn't offer the user a complaint
mechanism.

On Wed, Jun 13, 2012 at 7:40 AM, Peter Cranstone
<peter.cranstone@gmail.com>wrote:

> Nope. Still fails your test.
>
> You have no idea who made the decision. So using your logic every copy of
> MSIE is non compliant because Microsoft shipped it by default. If I get a
> copy of windows 8, turn it off and then turn it on BEFORE I send a request
> to a server how do you know?
>
> The server only knows one thing – DNT:1 that's it. It has NO idea who set
> it, you, the OEM or a 3rd party add on.
>
>
>
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752
>
>
> From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
> Reply-To: <ifette@google.com>
> Date: Wednesday, June 13, 2012 8:36 AM
>
> To: Peter Cranstone <peter.cranstone@gmail.com>
> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
> Subject: Re: Today's call: summary on user agent compliance
>
> The point is that with IE your decision is masked by MSFT's default. If
> you turn it off, I know that you've made a decision, but if you turn it
> back on again I have no way of knowing if you're a user that made a
> decision or not.
>
> With FF it is __NOT__ proposed to be "off" by default. It is proposed to
> be unset by default. You turn it on I know you made an explicit decision.
> You set it to off and I know you made an explicit decision.
>
> -Ian
>
> On Wed, Jun 13, 2012 at 7:27 AM, Peter Cranstone <
> peter.cranstone@gmail.com> wrote:
>
>> Nope.
>>
>> I install MSIE and it's on by default. So I turn it off. 2 days later I
>> decide I want to turn it on again.
>>
>> I install FF and it's off by default. So I turn it on. 2 days later I
>> decide I want to turn it off again.
>>
>> There's no functional difference between those two statements. The spec
>> cannot determine "who" turned it on or off.
>>
>>
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752
>>
>>
>> From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
>> Reply-To: <ifette@google.com>
>> Date: Wednesday, June 13, 2012 8:24 AM
>> To: Peter Cranstone <peter.cranstone@gmail.com>
>> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
>> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
>>
>> Subject: Re: Today's call: summary on user agent compliance
>>
>> The difference is that with IE you can't tell, and with FF you can tell.
>>
>> As for being set by intermediary, we prohibited that in the spec as well,
>> but there's not a great way to tell this. Presumably you might see
>> something like "100% of users coming from this ASN are using DNT" if you
>> cared to look, but it is a much harder question.
>>
>> -Ian
>>
>> On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone <
>> peter.cranstone@gmail.com> wrote:
>>
>>> Nick,
>>>
>>> Question: How do you know if this is 'truly the preference of the user'?
>>>
>>> For example
>>>
>>>    1. I install Windows 8 and MSIE sends the DNT:1 header by default.
>>>    2. I install Firefox 12 or 13 and then turn on DNT:1
>>>
>>> What's the difference that you can determine with server code?
>>>
>>> Second question: How do you know it's been set by a vendor or
>>> intermediary?
>>>
>>>    - Proxy server adds DNT:1 to all outgoing HTTP requests.
>>>    - Server sees DNT:1 on the incoming request ­ there's been NO other
>>>    change to the UA
>>>
>>>
>>>
>>> Peter
>>> ___________________________________
>>> Peter J. Cranstone
>>> 720.663.1752
>>>
>>>
>>> From: Nicholas Doty <npdoty@w3.org>
>>> Date: Wednesday, June 13, 2012 12:26 AM
>>> To: "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
>>> Cc: Justin Brookman <jbrookman@cdt.org>, W3 Tracking <
>>> public-tracking@w3.org>
>>>
>>> Subject: Re: Today's call: summary on user agent compliance
>>> Resent-From: W3 Tracking <public-tracking@w3.org>
>>> Resent-Date: Wed, 13 Jun 2012 06:27:03 +0000
>>>
>>> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
>>>
>>> I think the problem is that compliance is based on both sides ability to
>>> honor user preference.  If one side forges user preference, and the other
>>> side can correctly only be compliant by acting on actual user preference,
>>> there is an untenable situation.  Where a UA sends a well formed header
>>> absent having obtained a preference from the user, the recipient server
>>> will always be forced into non-compliance, no matter which action it takes.
>>>
>>> Two cases come to mind:
>>>
>>>    1. If a UA sends a DNT:1 by default, AND this is truly the
>>>    preference of the user, if the server fails to respond accordingly to DNT:1
>>>     then arguably compliance has not been achieved.
>>>    2. If, conversely, a server honors a well formed DNT:1 set by a
>>>    vendor or intermediary, absent such being the actual preference of the the
>>>    user, again preference has not been honored and compliance not maintained.
>>>
>>> For the second case: I'm not aware of anything in draft specifications
>>> that would make a server non-compliant if it treated a user that hadn't
>>> expressed a DNT:1 preference as if it had. For example, we don't have any
>>> requirements that a user who arrives with DNT:0 must be tracked. You might
>>> confuse a user if you provide a very different experience under DNT:1 and
>>> it was inserted by an intermediary unbeknownst to the user, but I don't see
>>> any issues with compliance with this group's specifications.
>>>
>>> Thanks,
>>> Nick
>>>
>>>
>>
>

Received on Wednesday, 13 June 2012 14:49:15 UTC