Status of ISSUE-143 from Justin Brookman on 2014-02-19 (public-tracking@w3.org from February 2014)

From: Justin Brookman <jbrookman@cdt.org>
Date: Wed, 19 Feb 2014 18:09:37 -0500
To: W3C DNT Working Group Mailing List <public-tracking@w3.org>
Message-Id: <63DE3A96-6937-4145-B883-128A012845B6@cdt.org>

On the working group call on January 29th, Shane Wiley asked whether we were planning to address ISSUE-143 before proceeding to last call on TPE. On the following week's call, the Chairs responded that discussion on this issue had been closed after the Sunnyvale face-to-face; however Shane was traveling and missed the discussion. Last week, Shane expressed disagreement with the decision not to reopen ISSUE-143 prior to Last Call, and asked me to send out an email documenting our decision.

So a brief summary of the issue: Shane had originally raised this issue in 2012 to propose that user agents that send a DNT header should also include a data element in the header identifying what software purports to have the user's consent to send the signal. The proposal was predicated upon concern that a diverse and unaccountable ecosystem of intermediaries could be setting DNT signals without a user's permission. As Shane stated:

This way [under this proposal], if industry feels a party is inappropriately setting a tracking preference, we can take steps to discover which headers are coming from this party and take steps to request the party move to an "explicit, informed" consent model prior to honoring the DNT headers coming from the implementation of their tool.

Nick went back and dug up the history on this issue. It was merged with ISSUE-194 in mid-April 2013, and Matthias collected proposals (examples here and here) to be discussed at the Sunnyvale face-to-face meeting in May.

At the Sunnyvale meeting the group decided not to pursue this approach. There was general agreement that adding extra bytes to the signal wouldn't solve the problem, and so we decided (after polling the room) against changing the signal. This decision was confirmed on the subsequent May 22nd conference call. Instead, the group agreed to focus on other ways to ensure that servers don't send DNT signals without the (educated) consent of the user.

At this point, we don't have new information to justify reopening this ISSUE and discussion before proceeding to Last Call. However, implementation experience may augur for revisiting this (or a related) idea in the future, as the working group was agreed that the potential for the proliferation of signals not reflecting user intent was a considerable concern that we should work to address.

Received on Wednesday, 19 February 2014 23:10:05 UTC