W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Defaults and compliance

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Wed, 20 Jun 2012 07:48:08 -0600
To: "Grimmelmann, James" <James.Grimmelmann@nyls.edu>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <CC072E5B.3CFF%peter.cranstone@gmail.com>

I agree in general. However what about a modification?

>> "But once websites have an excuse to look beyond the header they
>>receive, Do
>> Not Track is dead as a practical matter

Note quite. Websites can look beyond the header - what they cannot do is
NOT respond with a reason why they've made a particular choice. The way
the current spec reads you're right. The server MAY "chose" not to respond.

How about we change that MAY to a MUST. Now all of a sudden it works. The
server looks, decides and then communicates back to the user. The user
says "this was my intent" so please honor my DNT setting. Server sets a
cookie and goes about it's business.

>> Being able to>> question whether a user really meant her Do Not Track
>>header is a license to
>> ignore what she does mean.

See above. It's all about the ability to communicate intent. It's a two
way street. The spec just needs to be tweaked to change some MAY's to a
MUST. Of course the work load on the server, the bandwidth consumed (think
mobile) and the UI that the user sees all become the next reason why the
spec will not be followed.

It makes all the sense in the world to simply accept the incoming DNT flag
as the users choice, because the alternatives will not be followed without
regulations and fines.

Peter J. Cranstone

-----Original Message-----
From: "Grimmelmann, James" <James.Grimmelmann@nyls.edu>
Date: Tuesday, June 19, 2012 11:05 PM
To: W3 Tracking <public-tracking@w3.org>
Subject: Defaults and compliance
Resent-From: W3 Tracking <public-tracking@w3.org>
Resent-Date: Wed, 20 Jun 2012 08:24:57 +0000

>I've been following with concern the discussions on the list about the
>threshold of user consent required for a user agent to set a DNT: 1
>In particular, I'm worried by suggestions that the standard might invite
>websites receiving the header to second-guess the process by which it was
>set.  I've written up a blog post explaining my concerns:
>Here is the core of the argument:
>"But once websites have an excuse to look beyond the header they receive,
>Not Track is dead as a practical matter. A DNT:1 header is binary: it is
>present or it is not. But second-guessing interface decisions is a
>completely open-ended question. Was the check box to enable Do Not Track
>worded clearly? Was it bundled with some other user preference? Might the
>header have been set by a corporate network rather than the user? These
>the kind of process questions that can be lawyered to death. Being able to
>question whether a user really meant her Do Not Track header is a license
>ignore what she does mean.
>Return to my point above about tools. I run a browser with multiple
>plugins.. At the end of the day, these pieces of software collaborate to
>a Do Not Track header, or not. This setting is under my control: I can
>install or uninstall any of the software that was responsible for it. The
>choice of header is strictly between me and my user agent. As far as the
>Not Track specification is concerned, websites should adhere to a
>presumption of user competence: whatever value the header has, it has with
>the tacit or explicit consent of the user."
>James Grimmelmann   	          Professor of Law
>New York Law School                 (212) 431-2864
>185 West Broadway       james.grimmelmann@nyls.edu
>New York, NY 10013    http://james.grimmelmann.net
Received on Wednesday, 20 June 2012 13:48:51 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:51 UTC