- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 28 Oct 2011 13:09:29 -0700
- To: Karl Dubost <karld@opera.com>
- Cc: Matthias Schunter <mts@zurich.ibm.com>, public-tracking@w3.org
On Oct 28, 2011, at 12:28 PM, Karl Dubost wrote: > well-known URIs do not work when example.com domain names host more than one web site. > > example.com/business1 > example.com/business2 > example.com/.well-known/dnt Yes they do work -- the format just needs to include sections for each one. Note, however, that such multi-business domain sharing is a thing of the past, and it is extremely unlikely that such businesses would engage in third-party tracking. > Exactly the same issue than robots.txt or favicon.ico. favicon.ico > has been partly solved by the creation of a link header in the HTML > document. But that doesn't work with non HTML document. I have not > tested favicon with an HTTP "Link:" > robots.txt is definitely useless in this context. It works just fine -- the domain owner collects the information automatically from the ./business/.robots.txt and simply rewrites the locations for the main site. In any case, people who host multiple businesses on a single domain are vulnerable to many different cross-site security attacks. Hence, the kind of sites that this protocol cares about protecting the user from do not share the same domain with unrelated sites. > Another issue is that it has a tendency to create useless HTTP > requests on the Web for each individual requests. > > I would be happier with a > > Link: <URI>;rel=[tobedefined] That was my original proposal in Cambridge. It would be true if we expected everyone to be browsing with DNT and verification on. We don't expect that. The response is only necessary for the very small percentage of DNT enabled browsers, which in turn is just a small percentage of overall browsers, that also want to see verification of tracking. In other words, the ultra-paranoid mode or the regulators checking for deployment/compliance. A user that just wants to enable DNT will just send the DNT request header. Hence, sending a link back on every single request is far more expensive than a few privacy-enabled browsers sending extra requests when they want to ensure their own preferences are being honored. ....Roy
Received on Friday, 28 October 2011 20:10:12 UTC