W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: tracking-ISSUE-183 (Tk E ): Additional Tk header status value for EU [Tracking Preference Expression (DNT)]

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 23 Oct 2012 17:11:07 -0700
Cc: "ifette@google.com" <ifette@google.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-Id: <A8477135-F4E0-47DB-ABA9-5A259E622BBE@gbiv.com>
To: Fred Andrews <fredandw@live.com>
On Oct 23, 2012, at 4:34 PM, Fred Andrews wrote:

> 'Yes, I support DNT' is not a clear answer as currently defined.
> 
> Does this mean 'Yes, I support DNT and conform to the 1st party requirements'
> or does it mean 'Yes, I support DNT and conform to the 3rd party requirements'?
> 
> User agents do have a real need for a specific answer so they can defend the
> users tracking preference.

No, they don't need a specific answer on an after-the-fact
response header field.  Either the server is telling the truth,
(there is nothing to defend) or the server is lying (there
is nothing that the protocol can add to be more truthful).

This would not prevent a user agent interested in more details
from obtaining that information via the tracking status resource.

As I said, if we are defining first party in terms of
user expectations then it is impossible for the user agent
to know whether the response should be 1st or 3rd party, and
even if it were possible to identify the first party by the
first origin server identified in a hypertext reference
(it is not), the UA would then have to automatically identify
the shared domain ownerships and contractual relationships
that determine how wide the scope of first party might be.

+1 to Ian's comments about simplifying the header response.

>   Mike has also mentioned concern about EU requirements.

The EU requirements are not satisfied by automating incorrect
answers.

....Roy
Received on Wednesday, 24 October 2012 00:11:22 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:36 UTC