W3C home > Mailing lists > Public > public-tracking@w3.org > August 2012

Re: action-231, issue-153 requirements on other software that sets DNT headers

From: イアンフェッティ <ifette@google.com>
Date: Tue, 21 Aug 2012 17:05:09 -0700
Message-ID: <CAF4kx8dxuk2+5ChnMPPt6Ma8Q3-Bisgy2ei4w2=M1zQebDxTGg@mail.gmail.com>
To: Shane Wiley <wileys@yahoo-inc.com>
Cc: Jeffrey Chester <jeff@democraticmedia.org>, John Simpson <john@consumerwatchdog.org>, Tamir Israel <tisrael@cippic.ca>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>, David Singer <singer@apple.com>, David Wainberg <david@networkadvertising.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>, Nicholas Doty <npdoty@w3.org>
Hypothetical situation here. Server gets a DNT:1 request from a browser.
Browser ships DNT:1 by default. Browser doesn't implement exceptions.
Browser may or may not block third party cookies by default. What exactly
is the server supposed to do in this case?

-Ian

On Tue, Aug 21, 2012 at 4:59 PM, Shane Wiley <wileys@yahoo-inc.com> wrote:

> Jeff,****
>
> ** **
>
> I disagree both on your philosophical position (compliant Servers must
> honor non-compliant UAs) but more importantly as part of the working group
> process.  Hopefully we can review this (again) at the next TPE weekly
> meeting.****
>
> ** **
>
> - Shane****
>
> ** **
>
> *From:* Jeffrey Chester [mailto:jeff@democraticmedia.org]
> *Sent:* Tuesday, August 21, 2012 4:56 PM
> *To:* Shane Wiley
> *Cc:* John Simpson; Tamir Israel; Dobbs, Brooks; David Singer; David
> Wainberg; public-tracking@w3.org (public-tracking@w3.org); Nicholas Doty
>
> *Subject:* Re: action-231, issue-153 requirements on other software that
> sets DNT headers****
>
> ** **
>
> Shane:  I don't believe we have said such flags are "invalid."  I agree
> with John, DNT:1 must be honored. We should not penalize privacy by design,
> a policy most stakeholders support.  ****
>
> Regards,****
>
> ** **
>
> Jeff****
>
> ** **
>
> ** **
>
> ** **
>
> On Aug 21, 2012, at 7:49 PM, Shane Wiley wrote:****
>
>
>
> ****
>
> John,****
>
>
> I thought we already agreed in the working group to remain silent on this
> situation and allow implementers to defend their actions with respect to
> sending invalid flags.  Correct?  I understand your personal views here but
> I wanted to reconfirm the working group end-point on this issue.****
>
>  ****
>
> Thank you,
> Shane****
>
>  ****
>
> *From:* John Simpson [mailto:john@consumerwatchdog.org<john@consumerwatchdog.org>
> ]
> *Sent:* Tuesday, August 21, 2012 4:46 PM
> *To:* Tamir Israel
> *Cc:* Dobbs, Brooks; David Singer; David Wainberg; public-tracking@w3.org
> (public-tracking@w3.org); Nicholas Doty; Shane Wiley
> *Subject:* Re: action-231, issue-153 requirements on other software that
> sets DNT headers****
>
>  ****
>
> For what it's worth I do not see how you can "blacklist" a UA that is
> supposedly noncompliant if it sends a valid DNT:1 You can write a letter to
> the vendor, you can call them out for being noncompliant, you can protest
> to regulatory authorities if they claim to be complaint when they are not.
> ****
>
>  ****
>
> However, if you get a DNT:1 signal, it needs to be honored.  ****
>
>  ****
>
> On Aug 21, 2012, at 2:58 PM, Tamir Israel wrote:****
>
>
>
>
> ****
>
> OK -- I am not advocating two headers! Although one for each personality
> would probably lead to more accurate profiling ; P
>
> I suppose my concern was a combination of a.) how far will a UA's
> obligation to check that alterations to its DNT are 'reflective of user
> input' be stretched and b.) whether this opens up the door to more UA
> blacklisting potential.
>
> Best,
> Tamir
>
> On 8/21/2012 5:13 PM, Dobbs, Brooks wrote:
>
>
> ****
>
> Tamir,****
>
>  ****
>
> You are making this too complicated.  UAs shouldn't be required to audit**
> **
>
> applications, plugins, etc - they should, per the spec, only ever send a**
> **
>
> signal which is consistent with a user preference.  If they don't feel****
>
> confident that what they are sending meets that requirement they shouldn't
> ****
>
> send anything.  Anything else completely undermines the spec.  If you send
> ****
>
> two DNT headers, you are by definition, non-compliant (schizophrenic users
> ****
>
> not withstanding).****
>
>  ****
>
> -Brooks****
>
>  ****
>
>  ****
>
>  ****
>
> ----------****
>
> John M. Simpson****
>
> Consumer Advocate****
>
> Consumer Watchdog****
>
> 1750 Ocean Park Blvd. ,Suite 200****
>
> Santa Monica, CA,90405****
>
> Tel: 310-392-7041****
>
> Cell: 310-292-1902****
>
> www.ConsumerWatchdog.org****
>
> john@consumerwatchdog.org****
>
>  ****
>
> ** **
>
> Jeffrey Chester****
>
> Center for Digital Democracy****
>
> 1621 Connecticut Ave, NW, Suite 550****
>
> Washington, DC 20009****
>
> www.democraticmedia.org****
>
> www.digitalads.org****
>
> 202-986-2220****
>
> ** **
>
Received on Wednesday, 22 August 2012 00:05:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:54 UTC