W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance]

From: Grimmelmann, James <James.Grimmelmann@nyls.edu>
Date: Thu, 21 Jun 2012 17:31:41 +0000
To: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <8642087D-607A-4C9E-9123-44E4906D1CD4@nyls.edu>
On Jun 21, 2012, at 1:12 PM, David Singer wrote:

> * We re-examine the response header and well-known resource.  At the moment it's easier to determine "is this a first or third party?" than the more important "am I being tracked?".  I would suggest that the signal be clearer:
> - I am not tracking (though I may be engaging in Permitted Uses);
> - I am or may be tracking you, and then optionally add:
> - because I didn't see any DNT header from you at all (it's also acceptable not to respond at all in this case)
> - because I am a first party
> - because I think I received inline exception from you (DNT:0)
> - because I think I have an out-of-band exception from you
> - for some other reason that is explained in more detail at the following URL
>  [so, for Ian and Rigo, it would then be technically possible to respond "I am or may be tracking you" with one of these 'be causes']

This last option is necessarily open-ended.  But the page at the URL should at least be required to state a _single_ reason.  I have in mind a case in which the server provides a URL to its 3000-word privacy policy, or to a page with a laundry list of twenty possible different reasons without indicating which one applies.

> We add a note saying "this recommendation does not state whether the last response (some other reason) is compliant, or the circumstances in which it may be used"
> * that we require what you say you are doing and what you do must match under all circumstances (even when faced with a non-compliant end-point, so this is one of the few places we'll talk about how to respond to non-compliant behavior).


While I disagree with the underlying assumptions about which user agents should be treated as compliant, this is an improvement in how servers should respond to those user agents that are not.


James Grimmelmann   	          Professor of Law
New York Law School                 (212) 431-2864
185 West Broadway       james.grimmelmann@nyls.edu
New York, NY 10013    http://james.grimmelmann.net
Received on Thursday, 21 June 2012 17:32:54 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:51 UTC