RE: FW: Issue-95: User Setting DNT Response (Draft)

Tom / Shane -- that text looks good to me and addresses my concerns about enterprise / manageability.

Many thanks,

Andy

-----Original Message-----
From: Tom Lowenthal [mailto:tom@mozilla.com] 
Sent: Wednesday, November 30, 2011 10:22 AM
To: public-tracking@w3.org
Subject: Re: FW: Issue-95: User Setting DNT Response (Draft)

Alternative text suggestion:

A decision to send a Do Not Track signal SHOULD be based on the affirmatively expressed preference of the user. In general the signal SHOULD only be sent by a user's agent, and SHOULD NOT be modified by any intermediary.

There are some situations where an entity other than the user wishes to express a Do Not Track preference on the user's behalf. Such situations may include those where the user has designated another person as their system's administrator, such as in a shared computing environment like an employer's network, or a public-use computer system like a library.
If a non-user wishes to express a Do Not Track preference on a user's behalf, this SHOULD be done by configuring the user's agent to send the desired signal.

Intermediaries to an HTTP(s) connection SHOULD NOT modify, add, or remove a DNT signal sent by a user's agent. There may be limited situations where an intermediary reasonably acts on a user's behalf. If an intermediary modifies or sends a Do Not Track signal on the user's behalf, and that modification or sending does not occur within the user-agent, the scope of such modification should be as limited as possible. Extreme care should be taken to ensure that any modification accurately and completely expresses the user's preference. In particular, the intermediary should take care to avoid disrupting user's site-specific preferences and exceptions, and not to cause undue impact to the user's browsing experience.

NOTE: it is understood that it is very difficult to technically verify or enforce these provisions regarding intermediaries. They are included to express what is and is not appropriate behavior for all participants in the web ecosystem.

On 11/30/2011 09:57 AM, Shane Wiley wrote:
> Here is a draft for Issue-95 (http://www.w3.org/2011/tracking-protection/track/issues/95):
> 
> "Generally, the setting and/or unsetting of a Do Not Track signal SHOULD only be established by a user proactively.  Intermediaries to an HTTP/S request SHOULD NOT attempt to modify the DNT signal in any way.  There are limited situations where it MAY be appropriate for an intermediary to modify a user's DNT settings on their behalf such as through employer networks or public networks (libraries, for example).  But, care should be taken even in these cases to limit the scope of modification as much as possible to decrease the possible impact to a user's web surfing experience as overriding DNT signals could disrupt content consumption through user granted site-specific exceptions.  NOTE - it is understood this particular compliance standard cannot be technically enforced but it should be clear to all web ecosystem participants what the standard baseline is in this matter."
> 

Received on Thursday, 1 December 2011 02:49:30 UTC