Re: Intermediaries interfering with DNT decision making from Rob van Eijk on 2012-09-11 (public-tracking@w3.org from September 2012)

From: Rob van Eijk <rob@blaeu.com>
Date: Tue, 11 Sep 2012 21:55:01 +0200
To: <public-tracking@w3.org>
Message-ID: <baeb604f885875aad2f1a761c9bb3e88@xs4all.nl>

For the workgroup members, the discussion in the apache forum is 
happening right here:

https://issues.apache.org/bugzilla/show_bug.cgi?id=53845

In order to not decentralize the discussion, I propose to continue the 
discussion right here on this forum.

> Roy T. Fielding 2012-09-09 21:54:35 UTC
> Jonathan is incorrect. A dialog box presented to the user with a 
> preselected option of "on" does not qualify as a default of "unset", 
> nor do the > Express settings of IE10.0 qualify as a preference for 
> privacy (read them and see). The working group is not a judicial branch 
> -- it will not
> sit around forever adjudicating whether a given implementation 
> complies or not, and nobody has ever claimed that the standard requires 
> servers
> ignore invalid signals.  Apache chose to do so because the signal is 
> meaningless if it is set by default, and it is harmful to deployment of
> DNT, to the Web, and to the open standards process if we allow such 
> deliberate abuse to be propagated downstream.

The timing of the patch is very poor and seriously undermines the 
outcome of a above all, a meaningful standard. It forces the group to 
accommodate disregarding of Non-Compliant Servers by third parties. The 
consequence may very well be that a third party, operating an Apache 
webserver can not claim W3C-DNT compliance if he drops a DNT signal.

I propose text in the TPE in chapter 3 that is clear enough, for 
example:

"Implementations of HTTP that are not under control of the user, 
including Web Servers, MUST not drop or modify a tracking preference".

If issues needs to be (re)opened to hash out DNT decision made on 
servers, I ask the chairs to do so.

Rob

Rob van Eijk schreef op 2012-09-11 20:50:
> Roy,
>
> I guess if I change my User Agent to a default IE10 string while
> surfing the web within Firefox, Apache drops that DNT as well. (for
> instance with a useragent switching add-on).
>
> Is that a correct observation?
>
> Rob
>
> Roy T. Fielding schreef op 2012-09-11 19:59:
>> On Sep 10, 2012, at 11:06 AM, Joseph Lorenzo Hall wrote:
>>
>>> I believe the "unset" operation in apached config doesn't change 
>>> DNT from 1 to 0 but instead strips the DNT part of the header out 
>>> entirely. Someone correct me if I'm wrong. best, Joe
>>
>> That is correct.  It leaves the message in the same state it would 
>> have
>> been before IE tried (and failed) to implement DNT, and adds an
>> environment variable for further processing if desired.
>>
>> ....Roy

Received on Tuesday, 11 September 2012 19:55:35 UTC