W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

RE: JS Exception API [ISSUE-111], [ISSUE-112]

From: Kevin Smith <kevsmith@adobe.com>
Date: Thu, 1 Mar 2012 15:36:15 -0800
To: Tom Lowenthal <tom@mozilla.com>, "public-tracking@w3.org" <public-tracking@w3.org>
CC: Andy Zeigler <andyzei@microsoft.com>, Nicholas Doty <npdoty@w3.org>
Message-ID: <6E120BECD1FFF142BC26B61F4D994CF3064CC1F9C1@nambx07.corp.adobe.com>
>ISSUE: Should the user agent send a different DNT value to a first party site if there exist site-specific exceptions for that first party? (e.g. DNT:2 implies "I have Do Not Track enabled but grant permissions to some third parties while browsing this domain")

>**Proposal** No, this API provides client-side means for sites to request that information. Sites may also employ cookies to recall a user's past response.

I do not believe client-side is adequate in this case because of the word 'some' in the example above.  If it is possible for a 1st party to have exceptions for some, but not all of the 3rd parties it employs (an issue I will respond to in more depth in a follow-up email), then that website has to determine how it will act.  Are the exceptions sufficient that it can adequately monetize the visitor and therefore allow the visitor full access to its services?  Or should it provide limited services, or route the user to a completely different experience.  The point is, the entire response may change, and therefore, it would be costly, both in bandwidth, response time for the visitor, and especially implementation if the 1st party was forced to control that decision client-side.

If however, it is impossible to get into a state where some but not all of the 3rd parties have exceptions, than I could live with just a client-side approach.



>ISSUE: Should a request for a tracking exception apply to all subdomains of the first party making the request? Or should a first party explicitly list the subdomains that it's asking for? Similarly, should third party subdomains be allowed (e.g. *.tracker.com)?

 >**Proposal** Exceptions are requested for fully-qualified domain names.

I understand and somewhat agree with the reasoning behind this.  However, this will greatly increase the number of exception request popups that user's experience.  I am concerned that this will make the experience so poor that it will actual drive users to turn off DNT.  More importantly - I suggest that we do not keep trying to reinvent our own wheels.  Whatever definition we come to for 1st parties (brand based, affiliation based etc) - let's use that here as well.  If we define two or more different ways to define a 1st party, we will confuse users even more.  




-----Original Message-----
From: Tom Lowenthal [mailto:tom@mozilla.com] 
Sent: Wednesday, February 29, 2012 11:19 AM
To: public-tracking@w3.org
Cc: Andy Zeigler; Nicholas Doty
Subject: JS Exception API

I know you've been waiting for this for a while: here's the JavaScript API that Andy, Nick and I have been working on for the last few weeks.
Enjoy!
Received on Thursday, 1 March 2012 23:36:45 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC