W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: [ISSUE-81, ACTION-13] Response Header Format

From: David Singer <singer@apple.com>
Date: Mon, 31 Oct 2011 10:00:39 -0700
Message-id: <E4D4B08D-C9E5-4B7A-9625-60292EC79D56@apple.com>
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>

On Oct 30, 2011, at 2:09 , Roy T. Fielding wrote:

> On Oct 28, 2011, at 7:17 PM, Nicholas Doty wrote:
>> On Oct 28, 2011, at 1:09 PM, Roy T. Fielding wrote:
>>> The response is only necessary for the very small percentage of DNT enabled
>>> browsers, which in turn is just a small percentage of overall browsers, that
>>> also want to see verification of tracking.  In other words, the ultra-paranoid
>>> mode or the regulators checking for deployment/compliance.  A user that just
>>> wants to enable DNT will just send the DNT request header.
>> Do we think only "ultra-paranoid" users will have any interest in the response from the server? One of the goals we identified was to add visibility to the case of opting back in. This seems like a potentially very common situation, given the interest we've heard from advertisers and content providers in having a negotiation with users.
> It isn't ultra-paranoid users -- it is a certain mode of browsing where the user
> wants to be made aware of things like "this image came from a site that might be
> tracking you".  It is one of those features that sounds okay at first, but ends
> up being a visual nightmare for anyone other than a privacy researcher.

I completely disagree.  Sending off DNT into the void, and just hoping, is unacceptable.  Say that by some magic you worked out what third party sites are involved (maybe your browser said "before you visit this site, you should be aware it pulls in 4 new third parties you've not met before"), and that the browser then presents the privacy policies of those sites.  They all promise faithfully to respect DNT, so you go ahead and visit them, sending DNT.  But unknown to you, an intervening proxy is stripping all headers it doesn't recognize, including DNT.  The server is not getting your DNT, your privacy is not respected, and in the absence of a reply, you are none the wiser.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Monday, 31 October 2011 17:01:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:26 UTC