- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 31 Oct 2011 22:34:40 -0700
- To: "public-tracking@w3.org WG" <public-tracking@w3.org>
I have switched from using "opt-back-in" to "site-specific exemption". ....Roy Index: tracking-dnt.html =================================================================== RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- tracking-dnt.html 1 Nov 2011 04:58:17 -0000 1.33 +++ tracking-dnt.html 1 Nov 2011 05:31:26 -0000 1.34 @@ -40,9 +40,8 @@ honor this preference, both in the form of a machine-readable policy at a well-known location for first-party sites and a <q>Tracking<q> response header field for third-party resources that engage in - cross-site tracking, and a mechanism for allowing the user to - selectively opt-back-in for specific sites that require such - data collection. + cross-site tracking, and a mechanism for allowing the user to approve + site-specific exemptions to DNT as desired. </section> <section id="sotd"> @@ -154,8 +153,7 @@ obtained from targeted advertising and unwilling (or unable) to permit use of their content without cross-site data collection, we need a mechanism for sites to alert the user to those requirements - and allow the user to <q>opt-back-in</q> to tracking for specific - sites. + and allow the user to configure an exemption to DNT for specific sites. </p> <p> This specification defines the HTTP request header field <a>DNT</a> for @@ -418,9 +416,9 @@ <p> This section defines how a server communicates its compliance with tracking preferences, including whether it will honor the user's - preference, require some form of opt-back-in, or believes that it - already has the user's permission via some other agreement (e.g., - a subscription or account agreement). Optionally, links can be + preference, require some form of site-specific exemption, or indicate + that it already has the user's permission via some other agreement + (e.g., a subscription or account agreement). Optionally, links can be provided to human-readable information regarding the site's tracking policies or where to go to opt-in, opt-out, or edit their personal information. @@ -441,7 +439,7 @@ <li>allow user awareness of DNT status per-site/element</li> <li>indicate what elements on page have ack'd/honored DNT</li> </ul> - <li>Help users opt-back-in</li> + <li>Guidance for site-specific exemptions</li> </ol> </section> @@ -480,9 +478,10 @@ and also some combinations of the above. For example, we might define that compliant servers provide a machine-readable site-wide policy that indicates how they honor DNT, what sites are considered - the same brand, and links to resources for opt-back-in and editing - collected tracking data, and then only provide a dynamic header - field response for third-party resources that engage in tracking. + the same brand, and links to resources for providing site-specific + exemptions to DNT or editing collected tracking data. We could + then limit use of a tracking response header field to only those + dynamic responses for third-party resources that engage in tracking. </p> <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/81">ISSUE-81</a>: Do we need a response at all from server?<br /> <strong>[PENDING REVIEW]</strong> @@ -524,13 +523,11 @@ <li>sent only on dynamic/tracking responses?</li> <li>different on dynamic vs static responses? E.g, static headers for elements that never track (like <q>i am neutral</q>) and dynamic headers when <q>I am a tracking element and I accept your choice to not be tracked</q></li> - <li>[tl: If sites are doing any sort of opt-back-in behavior, - they should be giving that user information about how they - are treating that user, so that the user can react - appropriately. ... + <li>does it indicate when a site believes it has an exemption from DNT, + such that the user can react appropriately if it isn't true. ... The header could say <q>I see that you say DNT, but i am - tracking you for the following reasons.</q>] - <li>[dsinger: it is sometimes contextual whether you are tracking or not.] + tracking you for the following reasons.</q> + <li>it is sometimes contextual whether you are tracking or not. </ul> <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/76">ISSUE-76</a>: Should a server echo the DNT header to confirm receipt?</p> <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/48">ISSUE-48</a>: Response from the server could both acknowledge receipt of a value and (separately) whether the server will honor it</p> @@ -542,12 +539,12 @@ <p>An HTTP error response status code might be useful for indicating that the site refuses service unless the user either logs into a - subscription account or agrees to opt-back-in to tracking for this + subscription account or agrees to an exemption to DNT for this site and its contracted third-party sites. </section> - <section id='opting-in'> - <h2>Selective Opt-back-in</h2> + <section id='exemptions'> + <h2>Site-specific Exemptions</h2> <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/43">ISSUE-43</a>: Sites should be able to let the user know their options when they arrive with Do Not Track</p> <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/27">ISSUE-27</a>: How should the "opt back in" mechanism be designed?</p> <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/46">ISSUE-46</a>: Enable users to do more granular blocking based on whether the site responds honoring Do Not Track</p> @@ -581,25 +578,25 @@ <section id='use-cases'> <h3>Use Cases</h3> - <section id='permanent-opt-back-in'> - <h3>Opt-back-in should be persisted</h3> + <section id='permanent-exemptions'> + <h3>Site-specific exemptions should be persisted</h3> <p>It would annoy users of DNT if they are presented with an - opt-back-in dialog each time they visit a site.</p> + exemption dialog each time they visit a site.</p> <ol> <li>User turns on DNT and visits Example.com</li> <li>Example.com does not receive a signal it's on the - exceptions list</li> - <li>Example.com requests exception from user to access + exemption list</li> + <li>Example.com requests exemption to DNT from user to access content for free</li> - <li>User grants exception to Example.com (and perhaps + <li>User grants exemption to Example.com (and perhaps listed parties)</li> <li>User views content</li> <li>User returns to Example.com a week later</li> <li>DNT signal is still turned on but Example.com is sent an exemption flag (or else doesn't send a DNT signal at all) <li>In either case, it'll be important that Example.com know - to not trigger the exception request for this + to not trigger the exemption request for this user/web browser/device</li> </ol> </section>
Received on Tuesday, 1 November 2011 05:35:22 UTC