Re: Multiple DNT Headers (ACTION-283, ISSUE-150)

Shane,

I agree that DNT should express the user's intent.  Here we have a case where that intent is muddled.  Like a physician, whose first charge is, "First, do no harm," I am suggesting that the server follow the same course.  Act as if DNT:1 has been sent; tell the UA it's misconfigured and wait for the user to confirm his/her intent.  How does acting responsibly disadvantage the server?

I think a similar solution works with IE 10.  By the way, as I understand it, it is not shipping with DNT:1 as the default, though I've not seen the UI. I believe it now asks the user on installation or first use if she wants to go with express settings which include DNT enabled or custom settings which do not. So there is choice, as I understand it

Seems to me the responsible action for a server that gets a DNT:1 from an IE 10 browser and doubts it is the user's intent, is to tell the UA it doesn't know if the signal represents user intent and then ask what the intent is.  Then there is no doubt and user's respect for the server is increased because it asked what was intended. Mutual respect, questions leading tom clarification are always a good thing.

Cheers,
John

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org

On Oct 10, 2012, at 3:41 PM, Shane Wiley wrote:

> John,
>  
> I respectfully disagree.  Servers should not be placed at an automatic disadvantage if they receive conflicting signals.  Unless there is asingular, consumer driven signal, then no signal should be considered to have been received.  Its disingenuous (in my opinion) for consumer advocates to on one hand agree that users should have to expressly activate DNT and then on the other hand suggest that non-compliant or conflicting signals must be honored.  You’re either on one side or the other – straddling the fence in this manner is not helpful.
>  
> - Shane
>  
> From: John Simpson [mailto:john@consumerwatchdog.org] 
> Sent: Wednesday, October 10, 2012 3:22 PM
> To: Shane Wiley
> Cc: Jonathan Mayer; public-tracking@w3.org
> Subject: Re: Multiple DNT Headers (ACTION-283, ISSUE-150)
>  
> Shane,
>  
> What would be the reason for acting as if no DNT header had been received if they conflict?  I'd think if there were a conflict, the consumer/privacy friendly approach would be to assume the user meant to send DNT:1 and somehow misconfigured the UA.  In other words, proceed with caution until you clearly determine what the user intended.  That's why the best practice would be to inform the  user of a possible problem.
>  
> Best,
> John
>  
>  
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 2701 Ocean Park Blvd., Suite 112
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org
> john@consumerwatchdog.org
>  
> On Oct 10, 2012, at 2:59 PM, Shane Wiley wrote:
> 
> 
> Alternate Text for Conflicting Headers:
>  
> If a server receives conflicting DNT headers, it MAY choose to treat the transaction as if no DNT header had been received.  The Server MAY choose to alert the user about possible user agent configuration issues causing multiple, conflicting DNT header signals to be received.
>  
> From: Jonathan Mayer [mailto:jmayer@stanford.edu] 
> Sent: Wednesday, October 10, 2012 2:46 PM
> To: public-tracking@w3.org
> Subject: Multiple DNT Headers (ACTION-283, ISSUE-150)
>  
> Proposed text on duplicate headers:
>  
> If a server receives duplicate DNT headers, it MUST act as if it had received a single DNT header.
>  
> Proposed text on conflicting headers:
>  
> If a server receives conflicting DNT headers, it MUST act as if it had received a single DNT: 1 header. It is a best practice for the server to alert the user about possible user agent misconfiguration.
>  
>