- From: Rigo Wenning <rigo@w3.org>
- Date: Sun, 01 Apr 2012 20:44:41 +0200
- To: public-tracking@w3.org
- Cc: JC Cannon <jccannon@microsoft.com>, Shane Wiley <wileys@yahoo-inc.com>, David Singer <singer@apple.com>
JC, On Wednesday 28 March 2012 15:30:20 JC Cannon wrote: > I'm more inclined to agree with Shane here. I always want to vote on the > side of greater flexibility for the consumer. unfortunately, our agreement from 3 weeks ago is gone. I think what David Singer and I are saying is that if some spurious "out of band agreement", for whatever that means, trumps the DNT header totally and without distinction, then we are mainly back to blocking tools, private mode, cookie deletion etc as the only meaningful defense. Shane's text does not define "out of band agreement" This can mean whatever, especially in a common law context. You've sent me a get request earlier. By sending, you agreed to our general conditions that contain a tracking agreement in clause 143. I gave a use case in http://lists.w3.org/Archives/Public/public-tracking/2012Mar/0052.html Shane's text simply ignores that attacking scenario. I find this a bit weak. I found your idea good I can understand that Shane doesn't want to implement yet another distinction. I am convinced that we must address this scenario to prevent a higher degree of blocking tools. If any weak "out-of-band" kills the efficiency of DNT, than DNT itself gets too weak. I don't think even Shane wants that to happen. One possibility is to define "logged-in" in a much more narrow way. E.g. there is a lot of parallel to location based services here. And there, the Directive 2002/58EC requires that the terminal MUST show if the location system is active. Being logged in is something similar here, I think.. Best, Rigo
Received on Sunday, 1 April 2012 18:45:11 UTC