Re: [ISSUE-81, ACTION-13] Response Header Format

On Oct 20, 2011, at 11:17 AM, David Singer wrote:
> I think you are allowing your pessimism to run too far. Strictly, logging out means I can't do anything I'd need to log in to do; it doesn't strictly mean 'forget me'.  But if a site responds "I am not tracking you in this transaction" and it later transpires that it was, that's pretty useful.

DNT does not mean "forget me".  If the server responds positively to DNT,
it means that it won't track the user beyond its own branded sites
(and presumably won't share the internal data collection with third
parties unless the user requested it for some other reason, like by
purchasing something with a credit card).  Please do not confuse DNT
with private browsing mode.  Whatever a server might say in response,
it won't be understandable without a full policy description.

And the response is not just a few bytes.  It is a few bytes for every
single resource for which we indicate a response is needed, every time
those resources are accessed.  A typical site embeds dozens of such
requests per page.

In contrast, a well-known location can represent exactly how the
site as a whole tracks, provide information specific to that user
(such as a link to where they can see and edit the data collected),
only needs to be requested once per site, and only by those
browsers specifically configured to do so.  It thus has no performance
impact whatsoever and does not require any modification to the
existing code that implements all of today's operating websites.

....Roy

Received on Friday, 21 October 2011 00:25:32 UTC