RE: ISSUE-115: was ACTION-141 from JC Cannon on 2012-03-07 (public-tracking@w3.org from March 2012)

From: JC Cannon <jccannon@microsoft.com>
Date: Wed, 7 Mar 2012 16:58:49 +0000
To: Rigo Wenning <rigo@w3.org>
CC: "public-tracking@w3.org" <public-tracking@w3.org>, Shane Wiley <wileys@yahoo-inc.com>
Message-ID: <DB4282D9ADFE2A4EA9D1C0FB54BC3BD76E5233C8@TK5EX14MBXC139.redmond.corp.microsoft.>

Yes, contracts should overrule a general signal such as DNT. Yes, DNT should exist and apply to third parties. Private Browsing should apply to first parties as long as the user does not login to a site, thus reinstating a contract with that company.

The second issue goes against our position that DNT does not apply to first parties. If a user wants to browse a medical site anonymously I would suggest using Private Browsing, block first party cookies or use a computer in a library. DNT shouldn't be used to cover that scenario.

JC

-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: Wednesday, March 07, 2012 7:51 AM
To: JC Cannon
Cc: public-tracking@w3.org; Shane Wiley
Subject: Re: ISSUE-115: was ACTION-141

JC, 

On Wednesday 07 March 2012 15:16:50 JC Cannon wrote:
> The scenario you describe is something can be easily be handled by 
> Private browsing modes. Using this scenarios pulls first-party sites 
> back into the discussion and I thought we all agreed that DNT would 
> apply to third-party interactions.

I said DNT vs blocking tools. Private browsing is this mode. You know, when we made P3P people said, you don't need it, you could just block all cookies. 
Here you could make the same argument that you could just use private browsing mode for everything. That means we don't need DNT. 

We still haven't resolved that disagreement: You say out-of-band (and not subject to any compliance requirements) agreements will always top the DNT header expression. I have some doubts about the "always" and have some concerns that it could lead to a misleading communication. 

If the service believes that an out-of-band agreement exists, the service must at least indicate that by sending the tracking flag that is MISSING in the response headers. 

I think that could be a field of compromise. What do you think?
> 
> On the other point I feel we will continue to disagree.

Does this affect a possible consensus on ISSUE115? We have to get to closure on issues!

Best, 

Rigo

Received on Wednesday, 7 March 2012 16:59:27 UTC