Re: June Change Proposal: Partial Compliance

Hmmm.

Question:

  *   What is a syntactically invalid DNT:1 header – I mean how wrong can a header be that says DNT:1

Maybe you're referring to the IE10 issue where the header was turned on by default. Well Microsoft fixed that problem, and it's now part of a choice mechanism when the user first installs the operating system. If a browser sends a DNT:1 or 0 header then unless the server has some other way of determining who set that header which currently it cannot, then there is no such thing as a syntactically invalid header.

If you insist that it is possible to send a syntactically invalid header then the server MUST generate a response to the user and ask for an exception – Microsoft is now well ahead of everyone in this respect.

If you don't generate a response back to the user you're in violation of your own standard because by definition you cannot agree to honor something without informing the user that you've now decided to not honor based on the browser that the user is using versus the signal it's sending which was set by the user.



Peter
_________________________
Peter J. Cranstone
CEO.  3PMobile
Boulder, CO  USA

[cid:310D11FB-92FE-4939-9A72-87D3B5F73B33]
Improving the Mobile Web Experience

Cell: 720.663.1752
Web site: www.3pmobile.com<http://www.3pmobile.com/>

CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain information that is confidential or legally privileged. Any unauthorized review, use, disclosure or distribution of such information is prohibited. If you are not the intended recipient, please notify the sender by telephone or return e-mail and delete the original transmission and its attachments and destroy any copies thereof. Thank you.



I completely agree with Roy and Amy: We cannot mandate any sort of compliance, partial or otherwise.  This is a voluntary standard.

We can, however, define what it means to be in compliance with the standard.  That definition has various implications, including under Section 5 of the Federal Trade Commission Act.

Let me give an example: Suppose we establish a standard that says a website cannot ignore a syntactically valid "DNT: 1" header.  Suppose a website claims "We honor Do Not Track!" but nevertheless disregards Internet Explorer 10 headers.  This proposal would better equip the FTC to bring an enforcement action against that website.  Put differently, the website is not mandated to honor Internet Explorer 10 headers.  But it would have to be open about its practices, e.g. "We honor Do Not Track (but not from Internet Explorer 10 users)!"

I'm surprised that this proposal is at all controversial.  Our shared aim has been to develop a consensus standard for web privacy.  All this proposal attempts to do is enhance transparency from websites that deviate from the standard.

Jonathan


On Monday, July 1, 2013 at 10:11 AM, Roy T. Fielding wrote:

> This is tracking-ISSUE-213
>
> *sigh*
>
> On Jul 1, 2013, at 10:09 AM, Roy T. Fielding wrote:
> > On Jun 30, 2013, at 3:02 PM, Thomas Roessler wrote:
> > > Thanks, noted here:
> > > http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Partial_Compliance
> > >
> > >
> >
> >
> > It is hopelessly impotent to require "not partial compliance", since
> > the first requirement that a partially compliant implementation
> > won't implement is that requirement.
> >
> > The right way to require this is to create distinct communication
> > about full compliance or partial compliance or non-compliance,
> > each of which communicates a strict set of complied requirements.
> > It might be the case that we define a protocol that has no way to
> > communicate partial or non-compliance, which is a sensible design
> > point that this WG can reach agreement on (if we ever bother to
> > make a call for consensus).
> >
> > Requiring full compliance, OTOH, is just senseless grandstanding.
> > We don't need to change the protocol to support a fear of
> > perception of compliance when we are a long way from convincing
> > anyone to comply at all.  We need to encourage people to implement.
> >
> > ....Roy

Received on Sunday, 7 July 2013 21:23:51 UTC