Re: ISSUE-151 Re: Change proposal: new general principle for permitted uses

Rigo, I'm just leaving for the weekend and won't have ready access to Internet until Monday-- I just wanted to let you know that I'll give your message a good read and provide a thoughtful reply upon my return.

Thanks,

Chris


Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group | Interactive Advertising Bureau - IAB | chris.mejia@iab.net 


----- Original Message -----
From: Rigo Wenning [mailto:rigo@w3.org]
Sent: Saturday, July 27, 2013 06:02 PM Eastern Standard Time
To: Chris Mejia
Cc: Shane Wiley <wileys@yahoo-inc.com>; public-tracking@w3.org <public-tracking@w3.org>
Subject: Re: ISSUE-151 Re: Change proposal: new general principle for permitted uses

On Friday 26 July 2013 21:40:32 Chris Mejia wrote:
> Yes, W3C is responsible, it's your spec.  See "DNT user agent vetting
> registry service" (above) for next steps on cleaning up the
> marketplace mess that's been created.

A registry is certainly another valid way forward. But many people still 
do not understand what claiming conformity really means in DNT. And that 
is part of a discussion we still have to have. 

> 
> You wrote "If you can't distinguish between a browser and a router, I
> wonder about the quality of all that tracking anyway."
> 
> Rigo, this is why you are a lawyer, and not a technologist.
> Technically speaking, we are not talking about distinguishing between
> browsers and routers, we are are talking about distinguishing between
> validly set DNT signals and ones that aren't.  You'd need to
> understand how HTTP header injection works to fully appreciate the
> technical problem. The best technologists on both sides of this
> debate have not been able to reconcile this issue. Neither have the
> lawyers.

The lawyers will tell you that you need a rule: "You shall not inject 
false headers or transport false or injected headers". That doesn't buy 
you anything either. I suggested to require the presence of the UGE 
testing bit. In fact you can test already whether you have an exception. 
That test can be used to determine whether the signal is valid. 
> 
> You wrote "I do not believe, given the dynamics of the Web and the
> Internet, that we can predict the percentage of DNT headers for the
> next 3 years; let alone the percentage of valid DNT headers."
> 

[...]
> Please stop
> asserting that our technical and business concerns are trivial or ill
> informed-- they are not.  Most of your replies below are not helping
> us get closer to a workable DNT solution-- you are only further
> exacerbating our concerns.

Chris, re-read my reply to Shane. He is having a creative semantics 
party by claiming an "opt-in regime"  I would rather be interested on a 
less distorted technical discussion. Shane is only mildly reflecting the 
solutions that the browser makers have considered viable, especially the 
UGE testing bit. And even I earned a lot of criticism by insisting on a 
"D" signal that allows you to say that you do not accept a signal. The 
elements are there...

You're a technician, what would be your answer? A registry is not bad. 
But most web-geeks hate registries. I suggested the UGE verification 
bit. Perhaps not perfect, but viable. Is there a better solution? Shane 
suggested that we could make the DNT-signal signed. This could be a 
fixed set of elements so that you don't need a key to verify the 
signature but just the same elements. 

 --Rigo

Received on Saturday, 27 July 2013 22:24:17 UTC