W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

RE: [ISSUE-81, ACTION-13] Response Header Format

From: JC Cannon <jccannon@microsoft.com>
Date: Tue, 18 Oct 2011 22:41:38 +0000
To: David Singer <singer@apple.com>, Shane Wiley <wileys@yahoo-inc.com>
CC: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <DB4282D9ADFE2A4EA9D1C0FB54BC3BD768166E1D@TK5EX14MBXC135.redmond.corp.microsoft.com>
This is starting to sound like P3P again, where websites are doing a lot of work to send responses that aren't really used. If it is not for the consumer and user-agent processing is optional then how do we justify asking sites to do the work?


From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of David Singer
Sent: Tuesday, October 18, 2011 3:36 PM
To: Shane Wiley
Cc: public-tracking@w3.org
Subject: Re: [ISSUE-81, ACTION-13] Response Header Format

On Oct 18, 2011, at 15:26 , Shane Wiley wrote:

My concern with deep response layers is that explaining this to the average consumer becomes problematic and undermines to a degree the goal of consumers understanding what DNT means and how it impacts their online experiences.

The response doesn't go to the average consumer, it goes to their user agent. How well (or even whether) the user-agent processes the response and explains it to the consumer is firmly out of our scope. Our job is to make a clear protocol between two pieces of software, not manage the relationships and explanations at either end beyond the scope of the protocol.

That's why I think that if the protocol enables the two ends to be clear, we enable further clarity.

- Shane

From: public-tracking-request@w3.org<mailto:public-tracking-request@w3.org> [mailto:public-tracking-request@w3.org] On Behalf Of David Singer
Sent: Tuesday, October 18, 2011 3:23 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Re: [ISSUE-81, ACTION-13] Response Header Format

I think the idea of a 'nuanced' answer is good.  I fear the number of times that a 'simple' answer unambiguously applies might be quite small.

The responses in the 100-range below are the 'exception' ones ("I am tracking you"), and I'd suggest that 100-series is probably more logically the 'success' (your request not to be tracked is being more-or-less honored).  I like the idea that the existence of these responses allows web sites to say what they are doing even without a request, that's cool.

100 = I see your DNT and respect it completely (same as currently suggested 1)
101 = You have an opt-out cookie, and I am therefore not tracking you
102 = I never track anyone anyway

200 = You asked for DNT but I will not respect it (same as currently suggested 0) [[ should this be a 400-series?? ]]
201 = Will not respect because I am a 1st party
202 = Will not respect because you have explicitly opted in to my tracking
203 = I claim I am Allowed to track because it's for research (possibly)
205 - I am tracking you to the extent required by law
206 - I am still tracking you for some other/unspecified reason for which there is no distinct response code

300 = I don't know (could be the default, and probably means the same thing as no response)

4xx - error situations? (like?)

From: JC Cannon [mailto:jccannon@microsoft.com]
Sent: Saturday, October 15, 2011 2:01 PM
To: Kevin Smith; public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: RE: [ISSUE-81, ACTION-13] Response Header Format

First parties should not have to return a response.

I think it's really helpful, especially if the user and the site disagree about what a first party is. It provides excellent feedback.

David Singer
Multimedia and Software Standards, Apple Inc.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Tuesday, 18 October 2011 22:42:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:26 UTC