- From: CVS User rfieldin <cvsmail@w3.org>
- Date: Wed, 26 Mar 2014 02:56:30 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv2909
Modified Files:
tracking-dnt.html
Log Message:
Cleanup on aisle 3. Move requirements on not altering the user preference
to section 3. Rephrase the paragraphs to lead with the most important
sentence. Replace circular requirements on non-UA software and extensions
with adherence to UA or intermediary requirements already defined.
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2014/03/25 19:12:54 1.246
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2014/03/26 02:56:30 1.247
@@ -288,19 +288,18 @@
The goal of this protocol is to allow a user to express their
personal preference regarding tracking to each server and
web application that they communicate with via HTTP, thereby allowing
- each service to either adjust their behavior to meet the user's
- expectations or reach a separate agreement with the user to satisfy
- all parties.
+ recipients of that preference to adjust tracking behavior accordingly
+ or to reach a separate agreement with the user that satisfies all
+ parties.
</p>
<p>
- Key to that notion of expression is that the signal sent MUST reflect the user's
- preference, not the choice of some vendor, institution, site, or any
- network-imposed mechanism outside the user's control; this applies
- equally to both the general preference and exceptions. The basic
- principle is that a tracking preference expression is only
- transmitted when it reflects a deliberate choice by the user.
- In the absence of user choice, there is no tracking preference
- expressed.
+ Key to that notion of expression is that the signal sent MUST reflect
+ the user's preference, not the choice of some vendor, institution,
+ site, or network-imposed mechanism outside the user's control;
+ this applies equally to both the general preference and exceptions.
+ The basic principle is that a tracking preference expression is only
+ transmitted when it reflects a deliberate choice by the user. In the
+ absence of user choice, there is no tracking preference expressed.
</p>
<p>
A user agent MUST offer users a minimum of two alternative choices
@@ -316,52 +315,76 @@
<p>
A user agent MUST have a default tracking preference of
<code>unset</code> (not enabled) unless a specific tracking preference
- is implied by the decision to use that agent. For example, use of a
- general-purpose browser would not imply a tracking preference when
- invoked normally as <q>SuperFred</q>, but might imply a preference if
- invoked as <q>SuperDoNotTrack</q> or <q>UltraPrivacyFred</q>.
- Likewise, a user agent extension or add-on MUST NOT alter the tracking
- preference unless the act of installing and enabling that extension or
- add-on is an explicit choice by the user for that tracking preference.
- </p>
- <p>
- A user agent extension or add-on MUST NOT alter the user's tracking
- preference setting unless it complies with the requirements in this document,
- including but not limited to this section (Determining a User Preference).
- Software outside of the user agent that causes a DNT header to be sent (or
- causes existing headers to be modified) MUST NOT do so without ensuring that
- the requirements of this section are met; such software also MUST ensure the
- transmitted preference reflects the individual user's preference.
- </p>
- <p>
- We do not specify how tracking preference choices are offered to the
- user or how the preference is enabled: each implementation is
- responsible for determining the user experience by which a tracking
- preference is <a>enabled</a>.
- For example, a user might select a check-box in their user agent's
- configuration, install an extension or add-on that is specifically
- designed to add a tracking preference expression,
- or make a choice for privacy that then implicitly includes a
- tracking preference (e.g., <q>Privacy settings: high</q>).
- The user agent might ask the user for their preference during startup,
- perhaps on first use or after an update adds the tracking protection
- feature. Likewise, a user might install or configure a proxy to add
- the expression to their own outgoing requests.
+ is implied by the user's decision to use that agent. For example, use
+ of a general-purpose browser would not imply a tracking preference
+ when invoked normally as <q>SuperFred</q>, but might imply a
+ preference if invoked as <q>SuperDoNotTrack</q> or
+ <q>UltraPrivacyFred</q>.
</p>
<p>
- Although some controlled network environments, such as public access
+ Implementations of HTTP that are not under control of the user
+ MUST NOT add, delete, or modify a tracking preference.
+ Some controlled network environments, such as public access
terminals or managed corporate intranets, might impose restrictions
on the use or configuration of installed user agents, such that a
user might only have access to user agents with a predetermined
- preference enabled, the user is at least able to choose whether to
- make use of those user agents. In contrast, if a user brings their
+ preference enabled. However, if a user brings their
own Web-enabled device to a library or cafe with wireless Internet
access, the expectation will be that their chosen user agent and
personal preferences regarding Web site behavior will not be
- altered by the network environment, aside from blanket limitations
- on what resources can or cannot be accessed through that network.
- Implementations of HTTP that are not under control of the user
- MUST NOT generate or modify a tracking preference.
+ altered by the network environment (aside from blanket limitations
+ on what resources can or cannot be accessed through that network).
+ </p>
+ <p>
+ An HTTP intermediary MUST NOT add, delete, or modify a tracking
+ preference expression in a request forwarded through that intermediary
+ unless the intermediary has been specifically installed or configured
+ to do so by the user making the request. For example, an Internet
+ Service Provider MUST NOT inject <code>DNT:1</code> on behalf of all
+ users who have not expressed a preference.
+ </p>
+ <p>
+ User agents often include user-installable <dfn>extensions</dfn>, also
+ known as <dfn>add-ons</dfn> or <dfn>plug-ins</dfn>, that are
+ capable of modifying configurations and making network requests. From
+ the user's perspective, these components are considered part of the
+ user agent and ought to respect the user's configuration of a tracking
+ preference. However, there is no single standard for extension
+ interfaces. A user agent that allows extensions to directly make or
+ modify HTTP requests MUST provide a corresponding API to those
+ extensions for determining the user's tracking preference.
+ </p>
+ <p>
+ A user agent extension MUST NOT alter the tracking preference
+ expression or its associated configuration unless the act of
+ installing and enabling that extension is an explicit choice by the
+ user for that tracking preference, or the extension itself complies
+ with all of the requirements this protocol places on a user agent.
+ </p>
+ <p>
+ Likewise, software outside of the user agent might filter network
+ traffic or cause a user agent's configuration to be changed.
+ Software that alters a user agent configuration MUST adhere to the
+ above requirements on a user agent extension. Software that filters
+ network traffic MUST adhere to the above requirements on an HTTP
+ intermediary.
+ </p>
+ <p>
+ Aside from the above requirements, we do not specify how the tracking
+ preference choices are offered to the user or how the preference is
+ enabled: each implementation is responsible for determining the user
+ experience by which a tracking preference is <a>enabled</a>.
+ </p>
+ <p>
+ For example, a user might select a check-box in their user agent's
+ configuration, install an extension that is specifically
+ designed to add a tracking preference expression,
+ or make a choice for privacy that then implicitly includes a
+ tracking preference (e.g., <q>Privacy settings: high</q>).
+ A user agent might ask the user for their preference during startup,
+ perhaps on first use or after an update adds the tracking protection
+ feature. Likewise, a user might install or configure a proxy to add
+ the expression to their own outgoing requests.
</p>
</section>
@@ -373,10 +396,7 @@
<p>
When a user has <a>enabled</a> a tracking preference, that
preference needs to be expressed to all mechanisms that might perform
- or initiate tracking by third parties, including sites that the user
- agent communicates with via HTTP, scripts that can extend behavior on
- pages, and plug-ins or extensions that might be installed and
- activated for various media types.
+ or initiate <a>tracking</a>.
</p>
<p>
When <a>enabled</a>, a tracking preference is expressed as either:
@@ -457,14 +477,6 @@
</pre>
<p>
- An HTTP intermediary MUST NOT add, delete, or modify the DNT header
- field in requests forwarded through that intermediary unless that
- intermediary has been specifically installed or configured to do so
- by the user making the requests. For example, an Internet Service
- Provider MUST NOT inject <q>DNT: 1</q> on behalf of all of their
- users who have not expressed a preference.
- </p>
- <p>
The remainder of the DNT field-value after the initial character is
reserved for future extensions. User agents that do not implement
such extensions MUST NOT send DNT-extension characters in the DNT
@@ -519,25 +531,6 @@
</dl>
</section>
- <section id='plug-ins'>
- <h3>Plug-In APIs</h3>
-
- <p>
- User agents often include user-installable component parts,
- commonly known as <dfn>plug-ins</dfn> or
- <dfn>browser extensions</dfn>, that are capable of making their own
- network requests. From the user's perspective, these components
- are considered part of the user agent and thus ought to respect the
- user's configuration of a tracking preference. However, plug-ins
- do not normally have read access to the browser configuration.
- </p>
- <p class="note">
- It is unclear whether we need to standardize the plug-in APIs
- or if we should rely on it being defined per user agent based
- on general advice here. No plug-in APIs have been proposed yet.
- </p>
- </section>
-
<section id='other-protocols'>
<h3>Tracking Preference Expressed in Other Protocols</h3>
Received on Wednesday, 26 March 2014 02:56:33 UTC