Re: Initial feedback on the well-known URI Proposal from Aleecia M. McDonald on 2012-03-07 (public-tracking@w3.org from March 2012)

From: Aleecia M. McDonald <aleecia@aleecia.com>
Date: Tue, 6 Mar 2012 18:35:49 -0800
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <0F37E641-1AD8-4E54-BED3-BB13BFA1CE5B@aleecia.com>
Hi Shane,

Ok, we're talking about very different use cases here. I think you are talking less about generic small website owners and more about hosted sites -- an important market, but not the one I thought you were describing. Let's see if I can understand your use case, and other hosted scenarios like yours. 

Pretend I'm using Yahoo! Small Biz. From memory, with at least some Yahoo! business tools I inherit a P3P policy that may or may not match my actual privacy practices, and I probably inherit a human readable privacy policy too. I don't mean to pick on Yahoo! for this -- others didn't support P3P at all -- but I think with the benefit of hindsight, we might try to create a path where users can set their own DNT responses rather than have something set for them that might turn out to be untrue. (Actually, we look at saying some variety of Thou Shalt Not Send a DNT Signal Your Users Did Not Mean. Perhaps we want to examine something similar for hosted sites sending DNT on behalf of site owners that have no idea...)

So I go to http://smallbusiness.yahoo.com/. Keen, I can get a domain name. If I can arbitrarily upload *.html pages in any directory structure I like (can I?) then yes, having http://www.myhosteddomain.com/knownlocation/dnt.html works just fine for me. And here I agree with you: for a hosted environment, in a world where it's hard to get a shell account any more, it doesn't matter if I can copy & paste simple code. Unless I'm now missing something in the other direction, I'm going to want access to the server and that's going to fail. Unless, of course, the hosted solution does some very easy configuration to support DNT. But certainly that's one more thing that can hold up adoption.

How about Flickr? If I host photos there, what does it look like if I want to handle DNT for my photos? YouTube? Hulu? My first impression here is that a site that simply hosts content, not entire sites, is a different problem. 

Let's say instead I go to WordPress, which wikipedia tells me powers about 15% of the "top million" websites. I could still get my own domain and we're into the use case I was thinking about initially. Or, I could wind up with a hosted site, which seems to just have pages in the format of example.wordpress.com/year/month/day/title. Does anyone know WordPress well enough off-hand to know if I could create my own subdirectory and file name, or if it's only generated URLs in the hosted environments?    For that matter: hosted WordPress does analytics and comment spam blocking automagically. Depending on how they do that, it might not be possible for hosted WordPress customers to be DNT compliant, unless WordPress is willing to either change or at least disclose their practices. 

It's possible this is an edge case where the type of response doesn't actually matter that much -- the general bureaucracy from hosting will trump all else. Without spending much time on research, my quick reaction here is that no matter what we do, a non-trivial proportion of hosted sites will need active involvement of the hosting party to be able to support DNT. This seems like a good thing to think about while looking for early adopters.  

	Aleecia

On Mar 6, 2012, at 3:26 PM, Shane Wiley wrote:

> Aleecia,
>  
> This is probably a situation where less than 1% of web site owners have technical skills at your level or above.  Having worked with many small business owners via Yahoo! Small Biz, I’ve seen their reliance on pre-packaged products, the difficulties that have in even operating those, and I believe they would be COMPLETELY lost if asked to manage something more detailed from a response header coding perspective.  On the other hand, if they had to create a single page on their site (well-known URI) with a specific format of text, they could probably accomplish this.
>  
> - Shane
>  
> From: Aleecia M. McDonald [mailto:aleecia@aleecia.com] 
> Sent: Tuesday, March 06, 2012 5:44 PM
> To: public-tracking@w3.org (public-tracking@w3.org)
> Subject: Re: Initial feedback on the well-known URI Proposal
>  
>  
> On Mar 6, 2012, at 4:13 AM, Shane Wiley wrote:
> 
> 
> The one choice that does appear to be off the table at this point (unless someone strongly disagrees) is Response Headers in isolation as this would take years before medium to small web sites would be able to support DNT then (would require standard web server systems to come with off-the-shelf support for Response Headers).  Agreed?
> 
>  
> Not following, perhaps my mistake here. I should think that adding a response header to www.aleecia.com would be trivial for a competent developer, and that the code would be easy enough to have sample code for copy&paste cargo cult programming for the non-competent programmers (read: people like me.) It might take longer to get PHP installed, updated, and running… 
>  
> What am I missing? Where is this hard?
>  
>             Aleecia
Received on Wednesday, 7 March 2012 02:36:16 UTC