- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Sun, 13 Nov 2016 19:25:41 -0000
- To: <public-tracking@w3.org>
- Message-ID: <159701d23de3$b9334060$2b99c120$@baycloud.com>
I had suggested letting the user agent signal back to a site when the user revoked consent, by including an optOut URI as a parameter to the API. I also included an optIn URI but after a discussion at TPAC with David and Matthias I agreed there is a potential security risk of this approach, and I have now removed both of these from Bouncer and from the issue I had created about the API on github https://github.com/w3c/dnt/issues. It is very useful for server implementations that they are informed when consent has been revoked, but a safer approach would be for the browser to signal revoked consent with a low entropy qualifier to the DNT:1 header e.g. DNT: 1R. I have put that on the repo as a new issue and edited the issue covering the API changes. Mike Mike O'Neill Technical Director Baycloud Systems Oxford Centre for Innovation New Road Oxford OX1 1BY michael.oneill@baycloud.com Skype: mikeoneill Mobile: +44 (0)7767 416567 Tel. +44 (0)1865 735619 Fax: +44 (0)1865 261401 To see all the cookies & third-parties on sites download https://baycloud.com/bouncerDownload
Received on Sunday, 13 November 2016 19:26:51 UTC