- From: Roy Fielding via cvs-syncmail <cvsmail@w3.org>
- Date: Mon, 04 Jun 2012 08:27:03 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts In directory hutz:/tmp/cvs-serv19513 Modified Files: tracking-dnt.html Log Message: ISSUE-4: Using Aleecia's email [1] as a base, clarify the text so that the WG decision is more clearly presented as applicable to user agents. I muddied that previously by splitting the original description upon which the decison was based into three parts in order to separate determining a preference from the multiple mechanisms for expressing it. The original was simpler because it only talked about the header field values, as opposed to the expression in general, and had specific requirements on UAs. [1] http://lists.w3.org/Archives/Public/public-tracking/2011Oct/0255.html (later modfied by the WG to include unset as a separate choice state). Index: tracking-dnt.html =================================================================== RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v retrieving revision 1.118 retrieving revision 1.119 diff -u -d -r1.118 -r1.119 --- tracking-dnt.html 29 May 2012 23:14:12 -0000 1.118 +++ tracking-dnt.html 4 Jun 2012 08:27:01 -0000 1.119 @@ -219,37 +219,60 @@ </p> <p> Key to that notion of expression is that it MUST reflect the user's - preference, not the preference of some institutional or - network-imposed mechanism outside the user's control. - Although some controlled network environments, such as public access - terminals or managed corporate intranets, might impose restrictions - on the use or configuration of installed user agents, such that a - user might only have access to user agents with a predetermined - preference enabled, the user is at least able to choose whether to - make use of those user agents. In contrast, if a user brings their - own Web-enabled device to a library or cafe with wireless Internet - access, the expectation will be that their chosen user agent and - personal preferences regarding Web site behavior will not be - altered by the network environment, aside from blanket limitations - on what sites can or cannot be accessed through that network. + choice, not the choice of some vendor, institution, or + network-imposed mechanism outside the user's control. The basic + principle is that a tracking preference expression is only + transmitted when it reflects a deliberate choice by the user. + In the absence of user choice, there is no tracking preference + expressed. </p> <p> - The remainder of this specification defines the protocol in terms - of whether a tracking preference is <dfn>enabled</dfn> or - <dfn>not enabled</dfn>. We do not specify how that preference is - enabled: each implementation is responsible for determining the - user experience by which this preference is enabled. + A user agent MUST offer users a minimum of two alternative choices + for a <q>Do Not Track</q> preference: <code>unset</code> or + <code>on</code>. + A user agent MAY offer a third alternative choice: <code>off</code>. + If the user's choice is <code>on</code> or <code>off</code>, the + tracking preference is <dfn>enabled</dfn>; otherwise, the + tracking preference is <dfn>not enabled</dfn>. </p> <p> + A user agent MUST have a default tracking preference of + <code>unset</code> (not enabled) unless a specific tracking preference + is implied by the decision to use that agent. For example, use of a + general-purpose browser would not imply a tracking preference when + invoked normally as <q>SuperFred</q>, but might imply a preference if + invoked as <q>SuperDoNotTrack</q> or <q>UltraPrivacyFred</q>. + Likewise, a user agent extension or add-on MUST NOT alter the tracking + preference unless the act of installing and enabling that extension or + add-on is an explicit choice by the user for that tracking preference. + </p> + <p> + We do not specify how tracking preference choices are offered to the + user or how the preference is enabled: each implementation is + responsible for determining the user experience by which a tracking + preference is <a>enabled</a>. For example, a user might select a check-box in their user agent's - configuration, install a plug-in or extension that is specifically + configuration, install an extension or add-on that is specifically designed to add a tracking preference expression, or make a choice for privacy that then implicitly includes a tracking preference (e.g., <q>Privacy settings: high</q>). Likewise, a user might install or configure a proxy to add the expression to their own outgoing requests. - For each of these cases, we say that a tracking preference - is <a>enabled</a>. + </p> + <p> + Although some controlled network environments, such as public access + terminals or managed corporate intranets, might impose restrictions + on the use or configuration of installed user agents, such that a + user might only have access to user agents with a predetermined + preference enabled, the user is at least able to choose whether to + make use of those user agents. In contrast, if a user brings their + own Web-enabled device to a library or cafe with wireless Internet + access, the expectation will be that their chosen user agent and + personal preferences regarding Web site behavior will not be + altered by the network environment, aside from blanket limitations + on what resources can or cannot be accessed through that network. + Implementations of HTTP that are not under control of the user + MUST NOT express a tracking preference on their behalf. </p> </section> @@ -284,9 +307,13 @@ preference is expressed by this protocol. This means that no expression is sent for each of the following cases: <ul> - <li>the user agent does not implement this protocol; or</li> - <li>the user agent does implement the protocol, but the user does not wish to indicate a preference at this time.</li> + <li>the user agent does not implement this protocol;</li> + <li>the user has not yet made a choice for a specific preference; + or,</li> + <li>the user has chosen not to indicate a preference.</li> </ul> + </p> + <p> In the absence of regulatory, legal, or other requirements, servers MAY interpret the lack of an expressed tracking preference as they find most appropriate for the given user, particularly when
Received on Monday, 4 June 2012 08:27:06 UTC