- From: Walter van Holst <walter@vanholst.com>
- Date: Tue, 20 Dec 2016 11:43:44 +0100
- To: public-tracking@w3.org
On 2016-12-20 10:39, Mike O'Neill wrote: > One thing to consider is who a compliance spec is directed at. Of > course there should be requirements on server (i.e. web application) > implementations but the "elephant in the room" is how user agents > should react to DNT. It is not only a signal to applications, browsers > can react to it also, as they must do for a host of other signals, > e.g. cache headers. It may be a bit unusual for us to disagree, but I don't see any place for a compliance spec that puts specific requirements on user agents. A compliance spec that would demand User Agents to shorten cookie lifespans makes no sense at all. Any server that would chose such a compliance spec can already shorten the cookie lifespan to a privacy-friendly period without asking the UA to do so. Conversely, a User Agent can already do so, regardless of how the server feels about DNT. Regards, Walter
Received on Tuesday, 20 December 2016 10:44:19 UTC