W3C home > Mailing lists > Public > public-tracking@w3.org > November 2012

Re: ISSUE-138, ACTION-319, exceptions without javascript

From: Nicholas Doty <npdoty@w3.org>
Date: Tue, 6 Nov 2012 22:48:32 -0800
Cc: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <83A28816-9B41-432F-8348-3AE5A601077F@w3.org>
To: David Wainberg <david@networkadvertising.org>
Hi David,

On Nov 5, 2012, at 9:47 AM, David Wainberg <david@networkadvertising.org> wrote:

> On 11/5/12 8:56 AM, Matthias Schunter (Intel Corporation) wrote:
>> ISSUE-138: Web-Wide Exception Well Known URI 
>> http://www.w3.org/2011/tracking-protection/track/issues/138 
>> 
>> Question was how a site without HTML can trigger exceptions (e.g. a tracking pixel). 
>> 
>> Nick has written non-normative text 
>>  https://www.w3.org/2011/tracking-protection/track/actions/319 
>> 
>> Please drop me a line if you do not agree with Nicks text.
> 
> I'm not clear on what this is describing:
> 
> * A third-party could provide transparency about their own data practices in order to persuade users to pre-emptively provide user-granted exceptions. A third-party tracker might use a machine-readable policy (for example, P3P) or some indication of compliance with a self-regulatory program or auditing practice . Users that care to might configure their user agents to grant exceptions (and thus send DNT:0 signals) to trackers with such practices.
> 
> Is this a suggested implementation for UA's to grant exceptions based on p3p or on participation in self-reg programs?

I was trying to get at the more general point that a user might configure their browser to send DNT:0 to a set of domains or resources based on some other signal besides a JavaScript-initiated exception request. This text isn't meant to recommend any particular UA implementation (this is non-normative text), but to note the possibility of UAs that granted exceptions based on the presence of a particular P3P policy, an indication of participation in an industry self-regulatory program, or some other insight into the relevant data handling practices.

Happy to accept a suggestion of clearer text on this point, or to explain further.
Thanks,
Nick
Received on Wednesday, 7 November 2012 06:48:37 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:38 UTC