Re: Nice airport respects DNT (thank you) from Vincent on 2015-11-10 (public-privacy@w3.org from October to December 2015)

From: Vincent <v.toubiana@free.fr>
Date: Tue, 10 Nov 2015 18:00:04 +0100
To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>
Cc: Mike O'Neill <michael.oneill@baycloud.com>, singer@apple.com, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <56422294.20704@free.fr>

Hi Lukasz,

Normally the website should "negotiate" through the exception API, that 
would be the best solution.
I'll check that using the example provided by Mike and will also make 
the text clearer about the type of tracking that is disabled and also 
provide an option to block third party through CSP if consent has not 
been obtained (or if DNT is set).

Thanks for all these feedbacks, do not hesitate to send me suggestions 
or to post request on github.

Best regards,

Vincent

On 11/09/2015 08:20 PM, Lukasz Olejnik (W3C) wrote:
> Hi Vincent,
>
> Thanks for clarifications. Sounds good indeed!
>
> But this highlights one little thing: I'm wondering whether (IMO) 
> browsers shouldn't display/signify this somehow natively, i.e. 
> streamline it into UI - without any pop-ups.
>
> Best
> Lukasz
>
> 2015-11-06 13:39 GMT+00:00 <v.toubiana@free.fr 
> <mailto:v.toubiana@free.fr>>:
>
>     Hi
>
>     I think I can help here cause I wrote part of the script they use.
>
>     Nice's airport uses the script CNIL published to help websites
>     using "Google Analytics" to get consent before setting cookies.
>     When it gets a DNT:1 header, the script considers that the user
>     opposes to cookies and therefore blocks Google Analytics
>     (similarly if it gets DNT:0 it considers that the user opted-in).
>
>     Since this script is meant to be used by website using only GA,
>     the result is that the website stops tracking user who set DNT.
>     Nevertheless, this has no effect on the other cookies and Nice
>     Airport should obtain consent before setting the other cookies.
>
>     The purpose of the popup was to explain why there is no consent
>     banner, maybe I should clarify the language (do not hesitate to
>     provide suggestions).
>
>     The script is available on GitHub
>     (https://github.com/CNILlab/Cookie-consent_Google-Analytics/blob/master/Tag_google_analytics.js)
>     and on CNIL's
>     website(http://www.cnil.fr/vos-obligations/sites-web-cookies-et-autres-traceurs/outils-et-codes-sources/la-mesure-daudience/)
>
>     The airport website uses a modified version.
>
>     Vincent
>
>     ----- Mail original -----
>     De: "Mike O'Neill" <michael.oneill@baycloud.com
>     <mailto:michael.oneill@baycloud.com>>
>     À: singer@apple.com <mailto:singer@apple.com>, "public-privacy
>     (W3C mailing list)" <public-privacy@w3.org
>     <mailto:public-privacy@w3.org>>
>     Envoyé: Vendredi 6 Novembre 2015 08:10:06
>     Objet: RE: Nice airport respects DNT (thank you)
>
>
>
>
>     Well, there is no Tk header or TSR, their third-parties still
>     place persistent (2yr) cookies), and they put the same box up
>     whether it is DNT:0 or DNT:1, but I guess it’s the thought that
>     counts.
>
>
>
>
>
>
>
>
>
>     From: singer@apple.com <mailto:singer@apple.com>
>     [mailto:singer@apple.com <mailto:singer@apple.com>]
>     Sent: 05 November 2015 20:08
>     To: public-privacy (W3C mailing list) <public-privacy@w3.org
>     <mailto:public-privacy@w3.org>>
>     Subject: Nice airport respects DNT (thank you)
>
>
>
>     …or at least, this popped up when I visited the site:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>     David Singer
>     Manager, Software Standards, Apple Inc.
>
>
>

Received on Tuesday, 10 November 2015 18:00:43 UTC