- From: Rob van Eijk <rob@blaeu.com>
- Date: Tue, 29 Aug 2017 19:14:22 +0000
- To: Mike O'Neill <michael.oneill@baycloud.com>, singer@apple.com <singer@apple.com>, 'Roy T. Fielding' <fielding@gbiv.com>
- Cc: public-tracking@w3.org <public-tracking@w3.org>
- Message-ID: <0102015e2f6a7ed1-32adaa7c-0841-4f92-a676-ab5c62410993-000000@eu-west-1.amazonse>
The parameter may work for both use cases in the same API: (1) the NAI/DAA style call (parameter not in dictionary means everyone) and (2) the European ePR style call ( parameter present but set to the empty array means no-one else). Rob -----Original message----- From: David (Standards) Singer Sent: Tuesday, August 29 2017, 2:53 am To: Mike O'Neill Cc: public-tracking@w3.org Subject: Re: site-specific with no targets (...) I assume we can have it that — parameter missing (not in dictionary) means everyone, and parameter present but set to the empty array means no-one else. David Singer Manager, Software Standards, Apple Inc. -----Original message----- From: Mike O'Neill Sent: Tuesday, August 29 2017, 7:29 pm To: singer@apple.com; 'Roy T. Fielding' Cc: public-tracking@w3.org Subject: RE: site-specific with no targets David, Yes, you should not need to remember consent in a cookie if you can set DNT to 0, and both ends know what it means, as well as regulators, researchers etc. Also It would be less confusing to developers if the empty array just meant "no (subresource) targets", we can signal "any and all subresources" with targets==undefined (absent) or null. And yes Roy, I mean the domain that the script can get from its version of document.domain. Mike -----Original Message----- From: singer@apple.com <mailto:singer@apple.com> [mailto:singer@apple.com <mailto:singer@apple.com> ] Sent: 29 August 2017 01:52 To: Mike O'Neill <michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com> > Cc: public-tracking@w3.org <mailto:public-tracking@w3.org> Subject: Re: site-specific with no targets > On Aug 28, 2017, at 14:15 , Mike O'Neill <michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com> > wrote: > > The text says that an empty array is same as null or undefined for > site-specific targets. It would be better if an empty array just meant there > were no targets so only the script-origin (or a subdomain of it) received > DNT:0 > > Otherwise, if only wanted to register consent for the script origin and not > any subresources, you would have to set targets to contain a non-existent > subresource, or the script-origin domain., which is weird. > > If you have consent from the user, and you want DNT:0 to come back only to you, and not be sent to anyone else, you really don’t need the DNT signal. Its greatest value is in sending DNT:0 to third parties with whom it is otherwise very hard to communicate. You *could* remember “I have consent” in any way you like. But, it would be tidier to use DNT. I’ll check, but I assume we can have it that — parameter missing (not in dictionary) means everyone, and parameter present but set to the empty array means no-one else. David Singer Manager, Software Standards, Apple Inc.
Received on Tuesday, 29 August 2017 19:14:46 UTC