- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 02 Apr 2012 21:39:29 +0200
- To: public-tracking@w3.org
- Cc: David Singer <singer@apple.com>, Shane Wiley <wileys@yahoo-inc.com>
On Monday 02 April 2012 11:30:15 David Singer wrote: > But we are left with the question of defining what the user needs to give > consent to, and how much consent may reasonably be bundled. That's a > description of our protocol. And that's why I believe the YAY of Shane was a bit early. And this exactly what JC was suggesting. David, the lack of precision of "give consent" is creating a pseudo consensus IMHO. We have to be more concrete. Shane said, the service would declare if it honors DNT even though the user is logged-in. This hints to the fact that we have to agree on the response headers. So if a service tracks because it believes it has an agreement (I heard Shane telling that story in Brussels) it can either say: DNT is off, you're logged-in/consented Or the service can say: We accept your DNT=1 and the compliance spec would specify what JC suggested for that case. But at least, there is no misunderstanding that people believe DNT=1 while Services send DNT=ack and track anyway because of some privacy policy meaning in section 178. It would also solve my use case with the forgotten login-cookie as the browser would recognize the tracking in the response header. So I think this is a viable way out. Shane? Rigo
Received on Monday, 2 April 2012 19:39:59 UTC