W3C home > Mailing lists > Public > public-tracking@w3.org > September 2012

Re: Intermediaries interfering with DNT decision making

From: Grimmelmann, James <James.Grimmelmann@nyls.edu>
Date: Tue, 11 Sep 2012 02:51:06 +0000
To: Tamir Israel <tisrael@cippic.ca>
CC: "public-tracking@w3.org protection wg" <public-tracking@w3.org>
Message-ID: <682484C6-91D1-4235-AAD7-1CC3654B7533@nyls.edu>
Apache isn't some "downstream intermediary" from a server's perspective.  It's part and parcel of the server itself, as far as the standard is concerned.  Imposing these requirements would be like saying that if a video driver conflicts with TPE because it occasionally overwrites random pieces of memory and could set an unintentional DNT:1 header, it's incumbent on UAs to avoid that video driver.

It's incumbent on servers to send syntactically valid DNT messages and to make their tracking conform to the representations they give in those messages.  Whether they're built on top of Apache or James's Discount Web Server shouldn't matter, as long as they're intelligible and honest from a UA's perspective.

James

On Sep 10, 2012, at 9:33 PM, Tamir Israel <tisrael@cippic.ca<mailto:tisrael@cippic.ca>> wrote:

James,

Not long ago, some were suggesting that a UA claiming compliance would be responsible for ensuring the purity of its signals are not improperly muddied by downstream intermediaries.

I don't think compliance obligations should extend this far but, if they do, it should apply server-side as well. So, for example, if Apache decides to do something that conflicts with the TPE (purge incoming signals by default) than is it incumbent on compliant servers to avoid Apache?

On 9/10/2012 9:25 PM, James Grimmelmann wrote:
This is not an issue on which the Working Group should have a position.  Apache in the abstract is neither compliant nor noncompliant with the standard.  What matters is only what servers receiving and responding to DNT requests actually _do_.

Server software is not an "intermediary."  It is under the control of the server operator, who takes responsibility for its actions.

That said, this change is harmful to the adoption process for Do Not Track, because it:
(1) Treats the text of the TPE spec as unambiguous on an issue where it is highly ambiguous;
(2) Creates an obstacle to DNT adoption on the part of servers; and
(3) May cause serious regulatory trouble for server operators who do not realize their installation of Apache deliberately ignores IE 10.

James

On Sep 10, 2012, at 2:02 PM, Tamir Israel <tisrael@cippic.ca<mailto:tisrael@cippic.ca>> wrote:

I'm wondering to what extent we think it is ok for what is essentially an intermediary (in this case, server software) to impose default  responses to DNT signals onto servers?

http://news.cnet.com/8301-1023_3-57508351-93/apache-web-software-overrides-ie10-do-not-track-setting/

Best,
Tamir

--

Tamir Israel
Staff Lawyer

Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic
University of Ottawa, Faculty of Law, CML Section
57 Louis Pasteur Street
Ottawa, ON, K1N 6N5
Tel: (613) 562-5800 ext. 2914
Fax: (613) 562-5417

<jbbdeiac.png>     Do you really need to print this email? / Est-ce nécessaire d’imprimer ce courriel?
Received on Tuesday, 11 September 2012 02:52:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:33 UTC