Re: Value returned by navigator.doNotTrack

Forwarding this to public-tracking where the DNT stuff is being discussed.

-Sid

----- Original Message -----
> From: "Justin Lebar" <jlebar@mozilla.com>
> To: public-privacy@w3.org, "Sid Stamm" <sid@mozilla.com>, "Jonas Sicking" <jonas@sicking.cc>
> Sent: Wednesday, December 21, 2011 11:00:51 AM
> Subject: Value returned by navigator.doNotTrack
> In Firefox, we implemented navigator.doNotTrack to return either
> 
> "unspecified", if the user has not opted in to DNT, or
> "yes", if the user has opted in to DNT.
> 
> The proposed DNT spec has us return "1" if the user has opted in to
> DNT and doesn't seem to specify what we should return otherwise.
> 
> I propose the spec be modified to explicitly state what UAs should
> return if the user has not opted in to DNT, and to use unspecified/yes
> instead of ??/1.
> 
> DNT is a tri-state, not a boolean. The DNT http header may be 1, 0,
> or not present. 0 indicates that the user has explicitly opted in to
> tracking. Although Firefox doesn't support this option at the moment,
> we'd like to spec DNT in such a way as to allow users to explicitly
> opt in to tracking. We propose that navigator.doNotTrack == "no"
> correspond to DNT: 0.
> 
> It's confusing that navigator.doNotTrack's value doesn't correspond to
> the value of the HTTP header, but we did this because we wanted to
> protect against buggy JS which assumes navigator.doNotTrack is a
> boolean. If we were to use navigator.doNotTrack == '' for users who
> have neither oped in nor out of DNT, then sites could do |if
> (navigator.doNotTrack) { // don't track me }|. This would make it
> difficult for us to introduce navigator.doNotTrack = "no" in the
> future, because "no" resolves to the boolean |true|.
> 
> I've filed a webkit bug on this issue [1].
> 
> [1] https://bugs.webkit.org/show_bug.cgi?id=75008

Received on Wednesday, 21 December 2011 19:06:32 UTC