Re: spec review: ping attribute from Charles McCathieNevile on 2007-10-28 (public-html@w3.org from October 2007)

From: Charles McCathieNevile <chaals@opera.com>
Date: Sun, 28 Oct 2007 08:22:20 -0400
To: "Julian Reschke" <julian.reschke@gmx.de>, "Ian Hickson" <ian@hixie.ch>
Cc: "HTML WG" <public-html@w3.org>
Message-ID: <op.t0wpziurwxe0ny@widsith.local>

On Sat, 27 Oct 2007 04:52:18 -0400, Julian Reschke <julian.reschke@gmx.de>  
wrote:

> Ian Hickson wrote:
>> On Fri, 26 Oct 2007, Julian Reschke wrote:
>>> Ian Hickson wrote:

> In this scenario, there are three parties involved:
>
> A: the user
> B: the visited site
> C: the site being linked to
>
> If the link from B to C needs to be audited for the purpose of paying  
> ads, money will be exchanged between the owners of B and C. A is not  
> involved in that transaction.
>
> How the contract between B and C is implemented should be outside the  
> scope of the stuff sent to A.

Indeed. What we are being asked to implement is a platform for people to  
make money or to keep a closer watch than ever on users.

Fundamentally, the ping being sent is not a user request of any kind at  
all, it is a third-party request for information about what the user is  
doing. This is not a transaction between a server and a client in the  
sense that HTTP usually offers, it is a one-way message from the client to  
a third party. So we are just using HTTP as a transport method of  
convenience since it is there. This is probably reasonable in the  
circumstances, but I don't yet understand how it matters which method we  
decide to turn into a one-way message in the absence of a mechanism for  
such.

>>> BTW: I just checked, and the Google Ads on www.google.de work with GET  
>>> and a Redirect (302). Only safe methods from the user's point of view.  
>>> Are you saying this is a problem?
>>  Yes.
>
> Interesting -- good that I asked. It seems we'll not be able to make  
> progress on this unless we clarify this issue first.

Indeed. Ian, since you assert there is a problem, could you help us by  
clarifying what the problem is?

> I think we should use "must" for things that affect privacy.

Actually, much as I care about security and privacy, I think that in both  
these areas we ought to use "should" or similar language. If a browser  
decides to violate some policy, there is generally a reason for it (offer  
functionality to the user, or satisfy some corporate desire, implement  
something better, ...) and I don't think that *this* specification is the  
appropriate place to set security and privacy policy for all users for the  
web. HTML 5 might describe the behaviour that this ping should have. But  
browsers should be free to turn it off and on, or leave it off, or leave  
it on, or leave it up to the user...

cheers

Chaals

-- 
Charles McCathieNevile  Opera Software, Standards Group
     je parle français -- hablo español -- jeg lærer norsk
http://my.opera.com/chaals              Try the Kestrel - Opera 9.5 alpha

Received on Sunday, 28 October 2007 12:22:50 UTC