W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: ACTION-211 Draft text on how user agents must obtain consent to turn on a DNT signal

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Wed, 13 Jun 2012 09:03:52 -0600
To: Shane Wiley <wileys@yahoo-inc.com>, Justin Brookman <justin@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <CBFE06F2.319A%peter.cranstone@gmail.com>
Shane,

The server does need to know because it's about to reject it. MSIE is non
compliant in only ONE aspect ­ it sets the flag by default. In EVERY other
aspect it is COMPLIANT because the user can change that preference.

So in essence you're saying that if you see a UA of MSIE 10 you're going to
reject it immediately and send back a 400 message. Get ready to start
writing lots of scripts or modules (your preference)
 

Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  Shane Wiley <wileys@yahoo-inc.com>
Date:  Wednesday, June 13, 2012 8:58 AM
To:  Peter Cranstone <peter.cranstone@gmail.com>, Justin Brookman
<justin@cdt.org>, W3 Tracking <public-tracking@w3.org>
Subject:  RE: ACTION-211 Draft text on how user agents must obtain consent
to   turn  on a DNT signal

> Peter,
>  
> The Server doesnıt need to know ­ I believe thatıs the point youıre missing.
> The user installed a non-compliant UA and the Server will respond as such.
> The user then has multiple options to exercise their choice but continued use
> of that specific UA to communicate DNT is NOT one of them.
>  
> - Shane
>  
> 
> From: Peter Cranstone [mailto:peter.cranstone@gmail.com]
> Sent: Wednesday, June 13, 2012 10:46 AM
> To: Justin Brookman; public-tracking@w3.org
> Subject: Re: ACTION-211 Draft text on how user agents must obtain consent to
> turn on a DNT signal
>  
> 
> I know what the spec says.
> 
>  
> 
> What I'm asking you to define is how the server knows WHO set the DNT flag.
> Nobody has been able to answer that question yet.
> 
>  
> 
> 
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752
> 
>  
> 
> From: Justin Brookman <justin@cdt.org>
> Date: Wednesday, June 13, 2012 8:41 AM
> To: W3 Tracking <public-tracking@w3.org>
> Subject: Re: ACTION-211 Draft text on how user agents must obtain consent to
> turn on a DNT signal
> Resent-From: W3 Tracking <public-tracking@w3.org>
> Resent-Date: Wed, 13 Jun 2012 14:41:56 +0000
> 
>  
>> 
>> On 6/13/2012 10:35 AM, Peter Cranstone wrote:
>> 
>>>> >> We do not specify how tracking preference choices are offered to the
>>>> user or how the preference is enabled:
>> 
>>  
>> 
>> & 
>> 
>>  
>> 
>>>> >> Implementations of HTTP that are not under control of the user must not
>>>> express a tracking preference on their behalf.
>> 
>>  
>> 
>> Which means that MSIE 10 is compliant, because it's under the control of the
>> user.
>> This alone does not mean that IE10 is compliant, as there is separate text
>> saying that "A user agent MUST NOT express a tracking preference for a user
>> unless the user has interacted with the user agent in such a way as to
>> indicate a tracking preference."
>> 
>>  
>> 
>>>> >> Implementations of HTTP that are not under control of the user must not
>>>> express a tracking preference on their behalf.
>> 
>>  
>> 
>> How do you know? All a proxy server has to do is add DNT:1 ­ take Abine for
>> example. A 3rd party plugin that adds DNT:1 to the outbound header. You have
>> no idea who set it because there's no code to determine who did it. Me or the
>> add on.
>> I agree that third parties should not be second guessing DNT:1 signals for
>> all the reasons that I and others have expressed over the list in the last
>> two weeks.
>> 
>> 
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752
>> 
>>  
>> 
>> From: Justin Brookman <justin@cdt.org>
>> Date: Wednesday, June 13, 2012 8:26 AM
>> To: W3 Tracking <public-tracking@w3.org>
>> Subject: ACTION-211 Draft text on how user agents must obtain consent to turn
>> on a DNT signal
>> Resent-From: W3 Tracking <public-tracking@w3.org>
>> Resent-Date: Wed, 13 Jun 2012 14:27:17 +0000
>> 
>>  
>>> 
>>> Hello, here is draft language for the compliance document on user agent
>>> requirements.  The first paragraph is new, the second two are
>>> copied-and-pasted from Section 3 of the current TPE spec.
>>> 
>>> Replace 4.2 Intermediary Compliance (empty) with this new section:
>>> 
>>> 4.2 User Agent Compliance
>>> 
>>> A user agent MAY offer a control to express a tracking preference to third
>>> parties.  The control MUST communicate the user's preference in accordance
>>> with the [[Tracking Preference Expression (DNT)]] recommendation and
>>> otherwise comply with that recommendation.  A user agent MUST NOT express a
>>> tracking preference for a user unless the user has interacted with the user
>>> agent in such a way as to indicate a tracking preference.
>>> We do not specify how tracking preference choices are offered to the user or
>>> how the preference is enabled: each implementation is responsible for
>>> determining the user experience by which a tracking preference is enabled.
>>> For example, a user might select a check-box in their user agent's
>>> configuration, install an extension or add-on that is specifically designed
>>> to add a tracking preference expression, or make a choice for privacy that
>>> then implicitly includes a tracking preference (e.g., Privacy settings:
>>> high). Likewise, a user might install or configure a proxy to add the
>>> expression to their own outgoing requests.
>>> 
>>> Although some controlled network environments, such as public access
>>> terminals or managed corporate intranets, might impose restrictions on the
>>> use or configuration of installed user agents, such that a user might only
>>> have access to user agents with a predetermined preference enabled, the user
>>> is at least able to choose whether to make use of those user agents. In
>>> contrast, if a user brings their own Web-enabled device to a library or cafe
>>> with wireless Internet access, the expectation will be that their chosen
>>> user agent and personal preferences regarding Web site behavior will not be
>>> altered by the network environment, aside from blanket limitations on what
>>> resources can or cannot be accessed through that network. Implementations of
>>> HTTP that are not under control of the user must not express a tracking
>>> preference on their behalf.
>>> -- 
>>> Justin Brookman
>>> Director, Consumer Privacy
>>> Center for Democracy & Technology
>>> 1634 I Street NW, Suite 1100
>>> Washington, DC 20006
>>> tel 202.407.8812
>>> fax 202.637.0969
>>> justin@cdt.orghttp://www.cdt.org
>>> @CenDemTech
>>> @JustinBrookman
Received on Wednesday, 13 June 2012 15:04:36 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC