W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: ACTION-211 Draft text on how user agents must obtain consent to turn on a DNT signal

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Thu, 14 Jun 2012 07:50:35 -0600
To: "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Rigo Wenning <rigo@w3.org>, Kevin Smith <kevsmith@adobe.com>
CC: "public-tracking@w3.org" <public-tracking@w3.org>, Shane Wiley <wileys@yahoo-inc.com>, Justin Brookman <justin@cdt.org>
Message-ID: <CBFF45DB.33E0%peter.cranstone@gmail.com>
Brooks,

>> IE10 could arguably be in compliance
>> if a user elects DNT:0 because this is the only time when it
>>communicates
>> user intent in a manner discernable to the server.

Then arguably it can be said that if the user turns the DNT flag back on 2
days later the browser is now in compliance.

There is one solution to this determination of intent problem and it's one
that everyone is going to hate. At the time the browser is installed, or a
plugin that activates DNT is installed there MUST be a default pop-up
window that asks the user if this is there intent?

The user then clicks Yes or No - at that point something else has to be
added to DNT:1 like DNT:1,IY (intent = yes). In other words you have to
extend it. (I'm not sure what to do about Proxy servers)


Of course I realize that this is now a stupid idea because the second I
decide to turn it back off I have to have another pop up window that asks
me if this is my intent? DNT:0.IY - this has about as much chance of
working as pigs flying. OEM's hate pop-ups - yet another chance to
completely confuse the user.
>> It seems to me that both well formed and acting on demonstrated intent
>>are>> what is required on both sides for compliance.

Yes. Without a mechanism to do this it fails.




Peter
___________________________________
Peter J. Cranstone
720.663.1752








On 6/14/12 8:39 AM, "Dobbs, Brooks" <brooks.dobbs@kbmg.com> wrote:

>Rigo,
>
>> 
>> trouble is that IE 10 is not non-compliant for all possible cases.
>> There are tools that are non-compliant for all possible cases.
>I am not sure I agree with that statement.  If IE10's compliance job is to
>communicate user preference in a manner that is discernable to a server,
>when does it achieve this end?  As has been pointed out, IE makes it
>impossible to discern between a DNT:1 that is or is not an expressed user
>preference.  
>
>So let me amend my earlier statement, IE10 could arguably be in compliance
>if a user elects DNT:0 because this is the only time when it communicates
>user intent in a manner discernable to the server.
>
>It seems to me that both well formed and acting on demonstrated intent are
>what is required on both sides for compliance.
>
>-Brooks
>
>On 6/13/12 5:24 PM, "Rigo Wenning" <rigo@w3.org> wrote:
>
>> Kevin, 
>> 
>> trouble is that IE 10 is not non-compliant for all possible cases.
>> There are tools that are non-compliant for all possible cases. This
>> is why I suggested to have a MUST requirement on the handling of
>> exceptions in ISSUE-152. As a server, you can test that by trying to
>> trigger an exception.
>> 
>> IE can handle exceptions and all the other fancy stuff. So as soon
>> as the user has done some act of will, all IE tokens are valid and
>> you still discriminate them. This is not "the token is not
>> compliant" but the message is "I don't like your browser". There is
>> a huge difference between both. Because it is not a response anymore
>> to the user, it is a response to Microsoft. So there is a big
>> industry fight going on to the detriment of the user.
>> 
>> Rigo
>> 
>> On Wednesday 13 June 2012 15:00:48 Kevin Smith wrote:
>>> Rigo,
>>> 
>>> It is the very fact that the server cannot know whether the
>>> setting was enabled by the user or the browser which makes the
>>> browser non-compliant.  As such, the server communicates its
>>> inability to respond appropriately to the header back to the user
>>> to let them know that if they did initiate the intent, it will
>>> not be acknowledged unless they use a supported compliant browser
>>> to convey the intent.
>>> 
>>> -kevin
>>> 
>>> 
>>> -----Original Message-----
>>> From: Rigo Wenning [mailto:rigo@w3.org]
>>> Sent: Wednesday, June 13, 2012 10:56 AM
>>> To: public-tracking@w3.org
>>> Cc: Shane Wiley; Peter Cranstone; Justin Brookman
>>> Subject: Re: ACTION-211 Draft text on how user agents must obtain
>>> consent to turn on a DNT signal
>>> On Wednesday 13 June 2012 07:58:02 Shane Wiley wrote:
>>>> The Server doesn't need to know - I believe that's the point
>>>> you're missing.  The user installed a non-compliant UA and
>>>> the Server will respond as such.  The user then has multiple
>>>> options to exercise their choice but continued use of that
>>>> specific UA to communicate DNT is NOT one of them.
>>> 
>>> Shane,
>>> 
>>> the user can't communicate back to the server that she has now
>>> looked into the preferences, made a real choice, but wants to
>>> continue to use IE10. This is the big bug in the suggestion for
>>> the discrimination of a user agent currently suggested by you,
>>> Ian and Roy. IE10 is not uncompliant in every situation. And the
>>> current suggestion can't change back to "I accept" as the user
>>> has no means to communicate back "I really really mean it". You
>>> just will reject all DNT traffic from IE10. This means you
>>> discriminate against valid traffic without any possibility to
>>> rectify.
>>> 
>>> And this is really something where I start to have some doubts.
>>> Browser sniffing is evil. Again: Browser sniffing is evil. Why
>>> don't we then start saying, we do not like traffic from AVG. We
>>> believe it is not compliant etc.. Where does that discrimination
>>> end? And again, the user can't revert that as it is hard coded
>>> into your servers.
>>> 
>>> There must be another way. Lets brainstorm about it. But browser
>>> sniffing is evil! The solution to ignore a signal based on some
>>> (possibly spoofed) vendor string in the HTTP chatter is
>>> definitely going the wrong way.
>>> 
>>> Rigo
>> 
>
>-- 
>
>Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
>Wunderman Network
>(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
>brooks.dobbs@kbmg.com
>
>
>
>This email  including attachments  may contain confidential information.
>If you are not the intended recipient,
> do not copy, distribute or act on it. Instead, notify the sender
>immediately and delete the message.
>
Received on Thursday, 14 June 2012 13:51:17 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC