RE: ACTION-211 Draft text on how user agents must obtain consent to turn on a DNT signal from Shane Wiley on 2012-06-13 (public-tracking@w3.org from June 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 13 Jun 2012 10:01:39 -0700
To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
CC: Justin Brookman <justin@cdt.org>
Message-ID: <63294A1959410048A33AEE161379C8023D18786519@SP2-EX07VS02.ds.corp.yahoo.com>

Rigo,

Understanding which UA a page request is coming from is not evil - and is often needed to render a website correctly.  

And yes, a UA should be able to be marked as invalid as long as it remains non-compliant.  This will create a self-correcting mechanism in the marketplace.  For users who really want their DNT signal honored, they'll move to a valid UA.  If non-compliant UAs care about the loss of users, they will become compliant.

- Shane

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: Wednesday, June 13, 2012 12:56 PM
To: public-tracking@w3.org
Cc: Shane Wiley; Peter Cranstone; Justin Brookman
Subject: Re: ACTION-211 Draft text on how user agents must obtain consent to turn on a DNT signal

On Wednesday 13 June 2012 07:58:02 Shane Wiley wrote:
> The Server doesn't need to know - I believe that's the point
> you're missing.  The user installed a non-compliant UA and the
> Server will respond as such.  The user then has multiple options
> to exercise their choice but continued use of that specific UA to
> communicate DNT is NOT one of them.

Shane, 

the user can't communicate back to the server that she has now 
looked into the preferences, made a real choice, but wants to 
continue to use IE10. This is the big bug in the suggestion for the 
discrimination of a user agent currently suggested by you, Ian and 
Roy. IE10 is not uncompliant in every situation. And the current 
suggestion can't change back to "I accept" as the user has no means 
to communicate back "I really really mean it". You just will reject 
all DNT traffic from IE10. This means you discriminate against valid 
traffic without any possibility to rectify.

And this is really something where I start to have some doubts. 
Browser sniffing is evil. Again: Browser sniffing is evil. Why don't 
we then start saying, we do not like traffic from AVG. We believe it 
is not compliant etc.. Where does that discrimination end? And 
again, the user can't revert that as it is hard coded into your 
servers.

There must be another way. Lets brainstorm about it. But browser 
sniffing is evil! The solution to ignore a signal based on some 
(possibly spoofed) vendor string in the HTTP chatter is definitely 
going the wrong way. 

Rigo

Received on Wednesday, 13 June 2012 17:02:56 UTC