Re: Today's call: summary on user agent compliance

Not really strange at all. Microsoft just figure out one of the flaws in the
DNT protocol design.

Try this on for size.
* I download Firefox ­ the first thing I do is set the DNT flag to 1 BEFORE
I surf the Web
* I download Firefox ­ the first thing I do is install the Abine plugin ­ it
sets the DNT flag to on by DEFAULT
* I download MSIE 10 ­ the flag is set by DEFAULT
* I use a Proxy server that ADDs a DNT header to all outgoing HTTP Requests
How do you, either via the protocol or via the server, determine WHO set the
flag in each of the cases above?

I've already had the debate with Ian that blacklists etc are not going to
fly. Rigo is already looking for ways around browser sniffing ­ and yet here
we all collectively sit and the ONLY way you know that the DNT flag was set
to 1 by default is because Microsoft made a Press release.

You can have the debate all day long but until you can determine WHO set the
header via the protocol there is no reasonable excuse to single out
Microsoft for breaking the spirit of the Do Not Track standard ­ simply
because there is NO alternative either for them or anyone else who sets the
flag to ON before sending a request.


Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  Mike Zaneis <mike@iab.net>
Date:  Wednesday, June 13, 2012 9:25 PM
To:  Jonathan Mayer <jmayer@stanford.edu>
Cc:  Shane Wiley <wileys@yahoo-inc.com>, Rigo Wenning <rigo@w3.org>, W3
Tracking <public-tracking@w3.org>, "Roy T. Fielding" <fielding@gbiv.com>,
Tamir Israel <tisrael@cippic.ca>
Subject:  Re: Today's call: summary on user agent compliance
Resent-From:  W3 Tracking <public-tracking@w3.org>
Resent-Date:  Thu, 14 Jun 2012 03:26:25 +0000

> Strange subject given the fact that this working group, advocates and industry
> alike, agreed in Boston last September that browser flags were not to be
> turned on by default. This collective decision as memorialized in an open and
> immediately closed issue a couple of weeks following that meeting. This fact
> is not up for debate.
> 
> If people would now like to reverse their positions then they are free to do
> so and ask to open a new issue on the subject. No problem there, but let's not
> play games and act like we did not agree to one position at the very outset of
> the working group.
> 
> Can we please get some guidance from the W3C staff or Co-chairs on the proper
> procedure here so we can all be spared the selective amnesia from certain
> parties?
> 
> Mike Zaneis 
> SVP & General Counsel, IAB
> (202) 253-1466
> 
> On Jun 13, 2012, at 10:17 PM, "Jonathan Mayer" <jmayer@stanford.edu> wrote:
> 
>> Shane, 
>> 
>> The online advertising industry participants in the working group have not
>> spoken with one voice on the issue of browser defaults.  AdTruth and
>> Microsoft appear willing to honor Do Not Track by default.  Representatives
>> from Adobe, Google, and Yahoo have indicated that they'd prefer not to.  It
>> certainly would be helpful to hear the perspectives of other working group
>> members who operate advertising businesses.
>> 
>> Best,
>> Jonathan
>> On Wednesday, June 13, 2012 at 7:46 PM, Shane Wiley wrote:
>>> 
>>> Jonathan,
>>> 
>>>  
>>> 
>>> Are you referring to the one ad targeting company that relies on digital
>>> fingerprinting and desperately needs DNT to provide some level of user
>>> control over their current business practices?  There may be a few outliers
>>> but please understand they represent less than 1% of traffic on the
>>> Internet.  If that¹s your goal, so be it.
>>> 
>>>  
>>> 
>>> - Shane
>>> 
>>>  
>>> 
>>> From: Jonathan Mayer [ <mailto:jmayer@stanford.edu>
>>> mailto:jmayer@stanford.edu]
>>> Sent: Wednesday, June 13, 2012 10:11 PM
>>> To: Shane Wiley
>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org> public-tracking@w3.org;
>>> Roy T. Fielding; Tamir Israel
>>> Subject: Re: Today's call: summary on user agent compliance
>>> 
>>>  
>>> 
>>> Shane,
>>> 
>>>  
>>> 
>>> I'm not quite sure what you mean by "a standard no one in industry will
>>> implement."  Earlier today a working group member from an ad targeting
>>> company suggested they would implement the W3C Do Not Track standard if it
>>> included honoring Internet Explorer's default implementation.
>>> 
>>>  
>>> 
>>> Jonathan
>>> 
>>> On Wednesday, June 13, 2012 at 5:51 PM, Shane Wiley wrote:
>>>> 
>>>> We already are by discussing elements of a standard no one in industry will
>>>> implement. You're taking us down that road again...
>>>> 
>>>>  
>>>> 
>>>> - Shane
>>>> 
>>>>  
>>>> 
>>>> -----Original Message-----
>>>> 
>>>> From: Rigo Wenning [ <mailto:rigo@w3.org> mailto:rigo@w3.org]
>>>> 
>>>> Sent: Wednesday, June 13, 2012 7:59 PM
>>>> 
>>>> To:  <mailto:public-tracking@w3.org> public-tracking@w3.org
>>>> 
>>>> Cc: Roy T. Fielding; Tamir Israel
>>>> 
>>>> Subject: Re: Today's call: summary on user agent compliance
>>>> 
>>>>  
>>>> 
>>>> On Tuesday 12 June 2012 16:30:21 Roy T. Fielding wrote:
>>>>> 
>>>>> DNT is not the only consent mechanism. Right now it doesn't
>>>>> 
>>>>> even qualify as one. Inside the tracking status resource you
>>>>> 
>>>>> will see a link to a control resource. That resource is a
>>>>> 
>>>>> consent mechanism. It doesn't depend on DNT. It doesn't
>>>>> 
>>>>> disappear even if the DNT field is ignored. And that's just
>>>>> 
>>>>> one of many possible consent mechanisms other than DNT that
>>>>> 
>>>>> a site might use in order to comply with regional laws.
>>>> 
>>>>  
>>>> 
>>>> You could implement P3P that had already that opt-out URI 10 years
>>>> 
>>>> ago... Roy, are you suggesting we repeat history?
>>>> 
>>>>  
>>>> 
>>>> Rigo
>>> 
>>>  
>> 
>>