TPE latest from Mike O'Neill on 2017-08-30 (public-tracking@w3.org from August 2017)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Wed, 30 Aug 2017 14:32:39 +0100
To: "'Roy T. Fielding'" <fielding@gbiv.com>, "'Matthias Schunter'" <mts-std@schunter.org>
Cc: <public-tracking@w3.org>
Message-ID: <13f701d32194$73ccbbb0$5b663310$@baycloud.com>
Roy,

 

This is very good, I am happy with it except for the following nits:

 

6.3 para 4

 

A first party site's page (the top-level browsing context) might be used to
obtain site-specific consent for multiple parties; e.g., using multiple
iframe elements containing scripts that can convey information about each
party's policies and obtain specific consent for each party. In this case,
the effective script origin might be different from the site for which
consent is being granted.

 

It can be also web-wide also now, and consent is always being granted for
the script origin, or a subdomain of it (or site-specific consent for a
subresource of it). Suggested change:

 

A first party site's page (the top-level browsing context) might be used to
obtain site-specific or web-wide consent for multiple parties; e.g., using
multiple iframe elements containing scripts that can convey information
about each party's policies and obtain specific consent for each party. In
this case, consent is being obtained for the effective script origin of the
iframe's responsible document, which could be different from that of the
top-level browsing context.

 

 

6.3 para 6

 

A site can request an exception be stored even when the user's general
preference is not enabled. This permits the sending of DNT only for target
resources for which an expressed preference is desired. Stored exceptions
could affect which preference is transmitted if a user later chooses to
configure a general tracking preference.

 

This is a bit unclear, especially the meaning of the last sentence. We
should say this is only about DNT:0, and remove the last sentence which does
not really add anything. It is a MAY anyway, so best leave it to the browser
provider. Suggested change:

 

A site can request an exception be stored even when the user's general
preference is not enabled. This permits the sending of DNT:0 only for target
resources for which the expressed preference is desired. 

 

6.6.1, 6.6.2, 6.6.3 description of “targets” property.

 

targets

An array of target domains for which the exception applies:

*	If
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dom-trackingexdata-targe
ts> targets is undefined or null, the user-granted exception to be stored is
[site, *], meaning that the exception applies to all domains referenced by
the site.
*	If
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dom-trackingexdata-targe
ts> targets is an empty array, the user-granted exception to be stored is
[site, script domain], meaning that the exception applies only to resources
that share the same domain as the
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dfn-effective-script-ori
gin> effective script origin.
*	Otherwise, for each domain string in the
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dom-trackingexdata-targe
ts> targets array, a user-granted exception to be stored is the duplet
[site, domain].

 

It is unclear if the script origin always receives  an exception, which was
the case before. A “domain referenced by the site” implicitly includes the
script origin, and the empty array case specifically includes it, so it
would make sense to cover this also for the non-empty targets case.
Suggested change:

 

 

 

targets

An array of target domains for which the exception applies:

*	If
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dom-trackingexdata-targe
ts> targets is undefined or null, the user-granted exception to be stored is
[site, *], meaning that the exception applies to all domains referenced by
the site.
*	If
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dom-trackingexdata-targe
ts> targets is an array, the user-granted exception to be stored is at least
[site, script domain], meaning that the exception applies to resources that
share the same domain as the
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dfn-effective-script-ori
gin> effective script origin.
*	Additionally, for each domain string in the
<https://w3c.github.io/dnt/drafts/tracking-dnt.html#dom-trackingexdata-targe
ts> targets array, a user-granted exception is stored for the the duplet
[site, domain].

 

Mike
Received on Wednesday, 30 August 2017 13:33:40 UTC