TPE Document S3

Pursuant to my F2F comment on the TPE document, section 3. The current
text reads:

> The goal of this protocol is to allow a user to express their
> personal preference regarding cross-site tracking to each server and
> web application that they communicate with via HTTP, thereby allowing
> each server to either adjust their behavior to meet the user's
> expectations or reach a separate agreement with the user to satisfy
> both parties. Key to that notion of expression is that it must
> reflect the user's choice, not the choice of some institutional or
> network-imposed mechanism outside the user's control.
>
> The remainder of this specification defines the protocol in terms of
> whether the user has enabled or not enabled DNT. We do not specify
> how that preference is configured: the user agent is responsible for
> determining the user experience by which the user's tracking
> preference is set.
>
> For example, a user might configure their own user agent to tell
> servers "do not track me cross-site", install a plug-in or extension
> that is specifically designed to add that expression, or make a
> choice for privacy that then implicitly includes a tracking
> preference (e.g., "Privacy settings: high"). For each of these cases,
> we say that the user has enabled DNT.

I think that this is somewhat ambiguous about the permissibility of
high-level privacy tools in browsers, such as the "privacy slider"
previously discussed. I'd like to allow browsers to provide simple
interfaces for users to select their privacy preferences without having
to know the low-level details of what browsers do to express those
preferences. Accordingly, I propose the following revision with
modifications in **bold** markdown syntax.

> The goal of this protocol is to allow a user to express their
> personal preference regarding cross-site tracking to each server and
> web application that they communicate with via HTTP, thereby allowing
> each server to either adjust their behavior to meet the user's
> expectations or reach a separate agreement with the user to satisfy
> both parties. Key to that notion of expression is that it must
> reflect the user's **preference**, not the **preference** of some
> institutional or network-imposed mechanism outside the user's control.
>
> The remainder of this specification defines the protocol in terms of
> whether **or not DNT is enabled.** We do not specify how that
> preference is configured: the user agent is responsible for
> determining the user experience by which **this preference**
> preference is set.
>
> For example, a user might configure their own user agent to tell
> servers "do not track me cross-site", install a plug-in or extension
> that is specifically designed to add that expression, or make a
> choice for privacy that then implicitly includes a tracking
> preference (e.g., "Privacy settings: high"). For each of these cases,
> we say that **DNT is enabled**.

In addition, I suggest that the passive voice be used elsewhere in the
document (i.e. "DNT is enabled", rather than "the user has enabled
DNT"). This allows for situations where the browser might adjust DNT
status based on a user's apparent preference and needs, without forcing
a user to visit the settings dialog. This suggestion is particularly
pertinent in second paragraph of S4.1.

Received on Monday, 31 October 2011 17:15:38 UTC