Re: Comments on tracking-compliance.html from Karl Dubost on 2011-10-28 (public-tracking@w3.org from October 2011)

From: Karl Dubost <karld@opera.com>
Date: Fri, 28 Oct 2011 14:52:07 -0400
To: Justin Brookman <justin@cdt.org>
Cc: public-tracking@w3.org
Message-Id: <B1C2CA99-404C-48DA-BC30-C7EDC4AD4759@opera.com>

Le 26 oct. 2011 à 10:43, Justin Brookman a écrit :
> If a user today sets her browser to "block third party cookies," a third party cannot evade that control by putting in a license agreement "you consent to our placing third party cookies despite any browser settings."

The case is simple here. The user just blocks at the client
level the possibility for the Web site to save something on
his hard drive. There is no issue at all. The same thing can
happen with "blocking URI/content APIs". It gives control to
users.

> Similarly, if a user sets her browser to "Do Not Track" (or whatever her browser calls the setting), Acme shouldn't be able to ignore that instruction by reserving the right to ignore that instruction in a place the user is unlikely to notice.

Acme is able to ignore anything. It just means that they are
not compliant. But as long as the user is sending which is
identifiable, the other party may use it. It is exactly for
the same reason that robots.txt are not useful to block search
engines, spam robots, etc. Some like Google respects robots.txt
but nothing technically forces them to do so.

As an example, my own site is publicly accessible, but I block [1]
the indexing by search engines. I have also an atom feed. Some
readers were using Google Reader for reading the content of my
Web site. My surprise was that my content was indexed in Google
search engine. Google reader was feeding the search engine
through their back-end without checking robots.txt. My only way
to block it was a mechanism on my side in Apache configuration
file to block any requests from Google Reader (identified with
the user agent string.) Since Google fixed the issue after the
help of Ian Fette.

That said is that you can give mechanisms to achieve things but
as soon as you share information on the wire there is no technical
way to avoid it will not be used inappropriately.

[1]: http://www.la-grange.net/robots.txt

--
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software

Received on Friday, 28 October 2011 18:52:55 UTC