Re: Intermediaries interfering with DNT decision making from Jonathan Mayer on 2012-09-13 (public-tracking@w3.org from September 2012)

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Wed, 12 Sep 2012 18:22:37 -0700
To: rob@blaeu.com
Cc: public-tracking@w3.org
Message-ID: <C1220121849943BB8C4B4028FF109D26@gmail.com>

Rob,

I'd prefer to continue with the discussion on the Apache bug tracker.  The Apache community would greatly benefit from this group's input and correction of Roy's inaccurate claims.

Jonathan


On Tuesday, September 11, 2012 at 12:55 PM, Rob van Eijk wrote:

> For the workgroup members, the discussion in the apache forum is 
> happening right here:
> 
> https://issues.apache.org/bugzilla/show_bug.cgi?id=53845
> 
> In order to not decentralize the discussion, I propose to continue the 
> discussion right here on this forum.
> 
> > Roy T. Fielding 2012-09-09 21:54:35 UTC
> > Jonathan is incorrect. A dialog box presented to the user with a 
> > preselected option of "on" does not qualify as a default of "unset", 
> > nor do the > Express settings of IE10.0 qualify as a preference for 
> > privacy (read them and see). The working group is not a judicial branch 
> > -- it will not
> > sit around forever adjudicating whether a given implementation 
> > complies or not, and nobody has ever claimed that the standard requires 
> > servers
> > ignore invalid signals. Apache chose to do so because the signal is 
> > meaningless if it is set by default, and it is harmful to deployment of
> > DNT, to the Web, and to the open standards process if we allow such 
> > deliberate abuse to be propagated downstream.
> > 
> 
> 
> The timing of the patch is very poor and seriously undermines the 
> outcome of a above all, a meaningful standard. It forces the group to 
> accommodate disregarding of Non-Compliant Servers by third parties. The 
> consequence may very well be that a third party, operating an Apache 
> webserver can not claim W3C-DNT compliance if he drops a DNT signal.
> 
> I propose text in the TPE in chapter 3 that is clear enough, for 
> example:
> 
> "Implementations of HTTP that are not under control of the user, 
> including Web Servers, MUST not drop or modify a tracking preference".
> 
> If issues needs to be (re)opened to hash out DNT decision made on 
> servers, I ask the chairs to do so.
> 
> Rob
> 
> Rob van Eijk schreef op 2012-09-11 20:50:
> > Roy,
> > 
> > I guess if I change my User Agent to a default IE10 string while
> > surfing the web within Firefox, Apache drops that DNT as well. (for
> > instance with a useragent switching add-on).
> > 
> > Is that a correct observation?
> > 
> > Rob
> > 
> > Roy T. Fielding schreef op 2012-09-11 19:59:
> > > On Sep 10, 2012, at 11:06 AM, Joseph Lorenzo Hall wrote:
> > > 
> > > > I believe the "unset" operation in apached config doesn't change 
> > > > DNT from 1 to 0 but instead strips the DNT part of the header out 
> > > > entirely. Someone correct me if I'm wrong. best, Joe
> > > > 
> > > 
> > > 
> > > That is correct. It leaves the message in the same state it would 
> > > have
> > > been before IE tried (and failed) to implement DNT, and adds an
> > > environment variable for further processing if desired.
> > > 
> > > ....Roy

Received on Thursday, 13 September 2012 01:23:07 UTC