W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

(unknown charset) Re: JS Exception API [ISSUE-111], [ISSUE-112]

From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
Date: Tue, 06 Mar 2012 19:30:54 +0100
Message-ID: <4F5657DE.1060305@zurich.ibm.com>
To: (unknown charset) public-tracking@w3.org
Hi!

I believe that it important to separate the API from the GUI.
E.g., while the API may be rich and provide a lot of information to
the user, I agree that the GUI should be kept as simple as possible.

E.g., if the API provides all info (e.g., a list of names), the GUI
may find other ways to display this. E.g., 'this site wants to get
exception for [##] third parties [Click here for full list]'.

Regards,
matthias


On 3/2/2012 12:36 AM, Kevin Smith wrote:
>> ISSUE: Should the user agent send a different DNT value to a first party site if there exist site-specific exceptions for that first party? (e.g. DNT:2 implies "I have Do Not Track enabled but grant permissions to some third parties while browsing this domain")
> 
>> **Proposal** No, this API provides client-side means for sites to request that information. Sites may also employ cookies to recall a user's past response.
> 
> I do not believe client-side is adequate in this case because of the word 'some' in the example above.  If it is possible for a 1st party to have exceptions for some, but not all of the 3rd parties it employs (an issue I will respond to in more depth in a follow-up email), then that website has to determine how it will act.  Are the exceptions sufficient that it can adequately monetize the visitor and therefore allow the visitor full access to its services?  Or should it provide limited services, or route the user to a completely different experience.  The point is, the entire response may change, and therefore, it would be costly, both in bandwidth, response time for the visitor, and especially implementation if the 1st party was forced to control that decision client-side.
> 
> If however, it is impossible to get into a state where some but not all of the 3rd parties have exceptions, than I could live with just a client-side approach.
> 
> 
> 
>> ISSUE: Should a request for a tracking exception apply to all subdomains of the first party making the request? Or should a first party explicitly list the subdomains that it's asking for? Similarly, should third party subdomains be allowed (e.g. *.tracker.com)?
> 
>  >**Proposal** Exceptions are requested for fully-qualified domain names.
> 
> I understand and somewhat agree with the reasoning behind this.  However, this will greatly increase the number of exception request popups that user's experience.  I am concerned that this will make the experience so poor that it will actual drive users to turn off DNT.  More importantly - I suggest that we do not keep trying to reinvent our own wheels.  Whatever definition we come to for 1st parties (brand based, affiliation based etc) - let's use that here as well.  If we define two or more different ways to define a 1st party, we will confuse users even more.  
> 
> 
> 
> 
> -----Original Message-----
> From: Tom Lowenthal [mailto:tom@mozilla.com] 
> Sent: Wednesday, February 29, 2012 11:19 AM
> To: public-tracking@w3.org
> Cc: Andy Zeigler; Nicholas Doty
> Subject: JS Exception API
> 
> I know you've been waiting for this for a while: here's the JavaScript API that Andy, Nick and I have been working on for the last few weeks.
> Enjoy!
> 
> 
> 
> 
Received on Tuesday, 6 March 2012 18:31:31 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC