- From: Nicholas Doty <npdoty@w3.org>
- Date: Tue, 6 Mar 2012 16:52:42 -0800
- To: Kevin Smith <kevsmith@adobe.com>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Mar 1, 2012, at 3:36 PM, Kevin Smith wrote: >> ISSUE: Should a request for a tracking exception apply to all subdomains of the first party making the request? Or should a first party explicitly list the subdomains that it's asking for? Similarly, should third party subdomains be allowed (e.g. *.tracker.com)? > >> **Proposal** Exceptions are requested for fully-qualified domain names. > > I understand and somewhat agree with the reasoning behind this. However, this will greatly increase the number of exception request popups that user's experience. I am concerned that this will make the experience so poor that it will actual drive users to turn off DNT. More importantly - I suggest that we do not keep trying to reinvent our own wheels. Whatever definition we come to for 1st parties (brand based, affiliation based etc) - let's use that here as well. If we define two or more different ways to define a 1st party, we will confuse users even more. I understand the motivation for not duplicating definitions. But however we define the extent of a party in the compliance doc, user-agent-managed site-specific exceptions will need to maintain lists of domain name pairs to which a DNT:0 header should be sent and there's no guarantee that branding/affiliation/user expectation will have a deterministic mapping to domain names. I agree with Matthias that good user agent UI can intelligently collapse long lists of exceptions. The user agent could also provide the option (even a default) to persist this permission for all subdomains of the current domain in order to decrease the number of questions the user is explicitly asked. It's even been suggested that the dnt-sites.txt list (or other implementations of that list) could be used to intelligently persist exceptions. Thanks, Nick
Received on Wednesday, 7 March 2012 00:52:51 UTC