Re: Today's call: summary on user agent compliance

You don't.

You seem to be saying "You can't detect every possible case where the
setting was set by something other than the user." That's true. But there
are cases you can detect where the setting was, more likely than not, NOT
set by the user. The former does not preclude the latter.

-Ian

On Wed, Jun 13, 2012 at 7:52 AM, Peter Cranstone
<peter.cranstone@gmail.com>wrote:

> Can you tell me (the forum) how you think the server knows that the
> default was set by the OEM?
>
> What do I look for in the header that tells me that?
>
>
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752
>
>
> From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
> Reply-To: <ifette@google.com>
> Date: Wednesday, June 13, 2012 8:48 AM
>
> To: Peter Cranstone <peter.cranstone@gmail.com>
> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
> Subject: Re: Today's call: summary on user agent compliance
> Resent-From: W3 Tracking <public-tracking@w3.org>
> Resent-Date: Wed, 13 Jun 2012 14:49:18 +0000
>
> The server knows two things.
>
> The server knows what the default setting was ("none" "on" "off") and what
> setting it's seeing now.  If the setting is different than the default, it
> knows that the setting has been changed, presumably by the user but
> admittedly a third party (intermediary or software) could also change it.
> Such is life.
>
> In the case of "setting == default" then the server has strictly less
> information than in the previous scenario -- it has NO way of knowing, the
> "default" has obscured the user's ability to make a preference, and thus
> the server can conclude that the UA doesn't offer the user a complaint
> mechanism.
>
> On Wed, Jun 13, 2012 at 7:40 AM, Peter Cranstone <
> peter.cranstone@gmail.com> wrote:
>
>> Nope. Still fails your test.
>>
>> You have no idea who made the decision. So using your logic every copy of
>> MSIE is non compliant because Microsoft shipped it by default. If I get a
>> copy of windows 8, turn it off and then turn it on BEFORE I send a request
>> to a server how do you know?
>>
>> The server only knows one thing – DNT:1 that's it. It has NO idea who set
>> it, you, the OEM or a 3rd party add on.
>>
>>
>>
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752
>>
>>
>> From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
>> Reply-To: <ifette@google.com>
>> Date: Wednesday, June 13, 2012 8:36 AM
>>
>> To: Peter Cranstone <peter.cranstone@gmail.com>
>> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
>> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
>> Subject: Re: Today's call: summary on user agent compliance
>>
>> The point is that with IE your decision is masked by MSFT's default. If
>> you turn it off, I know that you've made a decision, but if you turn it
>> back on again I have no way of knowing if you're a user that made a
>> decision or not.
>>
>> With FF it is __NOT__ proposed to be "off" by default. It is proposed to
>> be unset by default. You turn it on I know you made an explicit decision.
>> You set it to off and I know you made an explicit decision.
>>
>> -Ian
>>
>> On Wed, Jun 13, 2012 at 7:27 AM, Peter Cranstone <
>> peter.cranstone@gmail.com> wrote:
>>
>>> Nope.
>>>
>>> I install MSIE and it's on by default. So I turn it off. 2 days later I
>>> decide I want to turn it on again.
>>>
>>> I install FF and it's off by default. So I turn it on. 2 days later I
>>> decide I want to turn it off again.
>>>
>>> There's no functional difference between those two statements. The spec
>>> cannot determine "who" turned it on or off.
>>>
>>>
>>> Peter
>>> ___________________________________
>>> Peter J. Cranstone
>>> 720.663.1752
>>>
>>>
>>> From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
>>> Reply-To: <ifette@google.com>
>>> Date: Wednesday, June 13, 2012 8:24 AM
>>> To: Peter Cranstone <peter.cranstone@gmail.com>
>>> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <
>>> brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, W3
>>> Tracking <public-tracking@w3.org>
>>>
>>> Subject: Re: Today's call: summary on user agent compliance
>>>
>>> The difference is that with IE you can't tell, and with FF you can tell.
>>>
>>> As for being set by intermediary, we prohibited that in the spec as
>>> well, but there's not a great way to tell this. Presumably you might see
>>> something like "100% of users coming from this ASN are using DNT" if you
>>> cared to look, but it is a much harder question.
>>>
>>> -Ian
>>>
>>> On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone <
>>> peter.cranstone@gmail.com> wrote:
>>>
>>>> Nick,
>>>>
>>>> Question: How do you know if this is 'truly the preference of the user'?
>>>>
>>>> For example
>>>>
>>>>    1. I install Windows 8 and MSIE sends the DNT:1 header by default.
>>>>    2. I install Firefox 12 or 13 and then turn on DNT:1
>>>>
>>>> What's the difference that you can determine with server code?
>>>>
>>>> Second question: How do you know it's been set by a vendor or
>>>> intermediary?
>>>>
>>>>    - Proxy server adds DNT:1 to all outgoing HTTP requests.
>>>>    - Server sees DNT:1 on the incoming request ­ there's been NO other
>>>>    change to the UA
>>>>
>>>>
>>>>
>>>> Peter
>>>> ___________________________________
>>>> Peter J. Cranstone
>>>> 720.663.1752
>>>>
>>>>
>>>> From: Nicholas Doty <npdoty@w3.org>
>>>> Date: Wednesday, June 13, 2012 12:26 AM
>>>> To: "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
>>>> Cc: Justin Brookman <jbrookman@cdt.org>, W3 Tracking <
>>>> public-tracking@w3.org>
>>>>
>>>> Subject: Re: Today's call: summary on user agent compliance
>>>> Resent-From: W3 Tracking <public-tracking@w3.org>
>>>> Resent-Date: Wed, 13 Jun 2012 06:27:03 +0000
>>>>
>>>> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
>>>>
>>>> I think the problem is that compliance is based on both sides ability
>>>> to honor user preference.  If one side forges user preference, and the
>>>> other side can correctly only be compliant by acting on actual user
>>>> preference, there is an untenable situation.  Where a UA sends a well
>>>> formed header absent having obtained a preference from the user, the
>>>> recipient server will always be forced into non-compliance, no matter which
>>>> action it takes.
>>>>
>>>> Two cases come to mind:
>>>>
>>>>    1. If a UA sends a DNT:1 by default, AND this is truly the
>>>>    preference of the user, if the server fails to respond accordingly to DNT:1
>>>>     then arguably compliance has not been achieved.
>>>>    2. If, conversely, a server honors a well formed DNT:1 set by a
>>>>    vendor or intermediary, absent such being the actual preference of the the
>>>>    user, again preference has not been honored and compliance not maintained.
>>>>
>>>> For the second case: I'm not aware of anything in draft specifications
>>>> that would make a server non-compliant if it treated a user that hadn't
>>>> expressed a DNT:1 preference as if it had. For example, we don't have any
>>>> requirements that a user who arrives with DNT:0 must be tracked. You might
>>>> confuse a user if you provide a very different experience under DNT:1 and
>>>> it was inserted by an intermediary unbeknownst to the user, but I don't see
>>>> any issues with compliance with this group's specifications.
>>>>
>>>> Thanks,
>>>> Nick
>>>>
>>>>
>>>
>>
>