- From: Andy Zeigler <andyzei@microsoft.com>
- Date: Sat, 12 Nov 2011 00:28:00 +0000
- To: "Tracking Protection Working Group WG (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <0F7D108E1379EE45AE5867800F8DB18D93406471@TK5EX14MBXC122.redmond.corp.microsoft.>
So I volunteered for the action "Propose a user-agent managed site-specific exception". A few of us over here sat down and figured out a couple of ways of doing this, but I think that this approach is fundamentally flawed, and I think a website-based approach in Action 32 is better for a variety of reasons. Namely, it would be an awkward user experience if the user-agent injects itself into the opt-in process. This approach would essentially require a protocol that associates domains with business entities. I think that "what" a user opts-into and which resources on the page are included in that opt-in are much better managed by the sites that include them. There are other issues here: - For example, imagine that I belong to a social network, and I opt-in to tracking. The user-agent stores the domain name of network. Now I'm on a different website, and the same social network operates a "like" button on the page. Should the exception carry over? These types of issues are much better handled by the websites that have business relationships with tracking entities, and there are scenarios where this becomes very difficult to jam into a protocol without adding a lot of technical complexity. - The primary benefit of having a user-agent-managed list of exceptions would be for the user-agent to be able to "enforce" opt-ins by managing requests from tracking entities. I think this is basically wasted work - if a tracking service is not DNT-compliant, then they won't bother requesting that the user opt-in - they'll just track the user directly, rendering user-agent enforcements useless. Thanks, Andy
Received on Saturday, 12 November 2011 00:28:32 UTC