- From: David Singer <singer@apple.com>
- Date: Tue, 20 Dec 2011 20:29:51 -0800
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Dec 20, 2011, at 17:55 , Roy T. Fielding wrote: > On Dec 20, 2011, at 4:20 PM, David Singer wrote: >> On Dec 20, 2011, at 15:43 , Roy T. Fielding wrote: >>> Have I missed any? >> >> - detecting when an intermediary node has taken advantage of the 'may' alter outbound requests (but 'must not' alter responses) > > Hmm, hard to imagine why the intermediary wouldn't rewrite the > response as well, so this doesn't accomplish detection. > Accessing any site that echoes the request headers inside the > response content would provide more reliable detection. That > was a common test resource before XSS became a concern. True, but one of the more likely failure modes here is intermediates that strip response and/or request. In either case, the user will know that the response is wrong (doesn't match the stripped request) or missing (maybe the request was stripped, maybe the response) and life is Not Safe. >> The user doesn't choose the 3rd parties involved, doesn't know if they have even got around to implementing DNT, doesn't know whether they can or do claim an exception. Did I miss any other points? > > The user also doesn't know if the server's response is truthful. But if a service responds *in the transaction* "I promise I am not tracking you" and it later transpires it was, the existence of a lie is pretty much beyond dispute. Whereas if the policy says "we don't track except..except…" and the policy changes frequently, who is to say whether the tracking done was in accord with policy on that day? > > The user agent does know what sites it is going to make subrequests > for, can choose to check a well-known URI (or even a third-party > verification service) for compliance before doing so, and can pass > in the URI sufficient information to determine exactly what > exception would be claimed, if any. I think this may be a recommended probe. I will think about the costs some more… David Singer Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 21 December 2011 04:30:28 UTC