Re: action-231, issue-153 requirements on other software that sets DNT headers from David Wainberg on 2012-08-22 (public-tracking@w3.org from August 2012)

From: David Wainberg <david@networkadvertising.org>
Date: Tue, 21 Aug 2012 23:06:02 -0400
To: Tamir Israel <tisrael@cippic.ca>
CC: ifette@google.com, Shane Wiley <wileys@yahoo-inc.com>, Jeffrey Chester <jeff@democraticmedia.org>, John Simpson <john@consumerwatchdog.org>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>, David Singer <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>, Nicholas Doty <npdoty@w3.org>
Message-ID: <50344C9A.90503@networkadvertising.org>

This is a great question. Is such a UA compliant with the spec? I think 
we've agreed that DNT set by default does not represent a user's 
deliberate choice, and for that reason is invalid. But what about 
signals from UAs that violate the spec in other material ways, such as 
not providing for exceptions?

On 8/21/12 8:12 PM, Tamir Israel wrote:
> What does a server do when it gets a DNT-1 that is /not /a UA default, 
> but with no implementation for exceptions?
>
> I think the exceptions are important....
>
> On 8/21/2012 8:05 PM, Ian Fette (イアンフェッティ) wrote:
>> Hypothetical situation here. Server gets a DNT:1 request from a 
>> browser. Browser ships DNT:1 by default. Browser doesn't implement 
>> exceptions. Browser may or may not block third party cookies by 
>> default. What exactly is the server supposed to do in this case?
>>
>> -Ian
>>
>> On Tue, Aug 21, 2012 at 4:59 PM, Shane Wiley <wileys@yahoo-inc.com 
>> <mailto:wileys@yahoo-inc.com>> wrote:
>>
>>     Jeff,
>>
>>     I disagree both on your philosophical position (compliant Servers
>>     must honor non-compliant UAs) but more importantly as part of the
>>     working group process.  Hopefully we can review this (again) at
>>     the next TPE weekly meeting.
>>
>>     - Shane
>>
>>     *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org
>>     <mailto:jeff@democraticmedia.org>]
>>     *Sent:* Tuesday, August 21, 2012 4:56 PM
>>     *To:* Shane Wiley
>>     *Cc:* John Simpson; Tamir Israel; Dobbs, Brooks; David Singer;
>>     David Wainberg; public-tracking@w3.org
>>     <mailto:public-tracking@w3.org> (public-tracking@w3.org
>>     <mailto:public-tracking@w3.org>); Nicholas Doty
>>
>>
>>     *Subject:* Re: action-231, issue-153 requirements on other
>>     software that sets DNT headers
>>
>>     Shane:  I don't believe we have said such flags are "invalid."  I
>>     agree with John, DNT:1 must be honored. We should not penalize
>>     privacy by design, a policy most stakeholders support.
>>
>>     Regards,
>>
>>     Jeff
>>
>>     On Aug 21, 2012, at 7:49 PM, Shane Wiley wrote:
>>
>>
>>
>>     John,
>>
>>
>>     I thought we already agreed in the working group to remain silent
>>     on this situation and allow implementers to defend their actions
>>     with respect to sending invalid flags. Correct?  I understand
>>     your personal views here but I wanted to reconfirm the working
>>     group end-point on this issue.
>>
>>     Thank you,
>>     Shane
>>
>>     *From:*John Simpson [mailto:john@consumerwatchdog.org]
>>     *Sent:*Tuesday, August 21, 2012 4:46 PM
>>     *To:*Tamir Israel
>>     *Cc:*Dobbs, Brooks; David Singer; David
>>     Wainberg;public-tracking@w3.org
>>     <mailto:public-tracking@w3.org>(public-tracking@w3.org
>>     <mailto:public-tracking@w3.org>); Nicholas Doty; Shane Wiley
>>     *Subject:*Re: action-231, issue-153 requirements on other
>>     software that sets DNT headers
>>
>>     For what it's worth I do not see how you can "blacklist" a UA
>>     that is supposedly noncompliant if it sends a valid DNT:1 You can
>>     write a letter to the vendor, you can call them out for being
>>     noncompliant, you can protest to regulatory authorities if they
>>     claim to be complaint when they are not.
>>
>>     However, if you get a DNT:1 signal, it needs to be honored.
>>
>>     On Aug 21, 2012, at 2:58 PM, Tamir Israel wrote:
>>
>>
>>
>>
>>     OK -- I am not advocating two headers! Although one for each
>>     personality would probably lead to more accurate profiling ; P
>>
>>     I suppose my concern was a combination of a.) how far will a UA's
>>     obligation to check that alterations to its DNT are 'reflective
>>     of user input' be stretched and b.) whether this opens up the
>>     door to more UA blacklisting potential.
>>
>>     Best,
>>     Tamir
>>
>>     On 8/21/2012 5:13 PM, Dobbs, Brooks wrote:
>>
>>
>>     Tamir,
>>
>>         You are making this too complicated.  UAs shouldn't be
>>         required to audit
>>
>>         applications, plugins, etc - they should, per the spec, only
>>         ever send a
>>
>>         signal which is consistent with a user preference.  If they
>>         don't feel
>>
>>         confident that what they are sending meets that requirement
>>         they shouldn't
>>
>>         send anything.  Anything else completely undermines the spec.
>>          If you send
>>
>>         two DNT headers, you are by definition, non-compliant
>>         (schizophrenic users
>>
>>         not withstanding).
>>
>>         -Brooks
>>
>>     ----------
>>
>>     John M. Simpson
>>
>>     Consumer Advocate
>>
>>     Consumer Watchdog
>>
>>     1750 Ocean Park Blvd. ,Suite 200
>>
>>     Santa Monica, CA,90405
>>
>>     Tel: 310-392-7041 <tel:310-392-7041>
>>
>>     Cell: 310-292-1902 <tel:310-292-1902>
>>
>>     www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
>>
>>     john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>>
>>     Jeffrey Chester
>>
>>     Center for Digital Democracy
>>
>>     1621 Connecticut Ave, NW, Suite 550
>>
>>     Washington, DC 20009
>>
>>     www.democraticmedia.org <http://www.democraticmedia.org>
>>
>>     www.digitalads.org <http://www.digitalads.org>
>>
>>     202-986-2220 <tel:202-986-2220>
>>
>>

Received on Wednesday, 22 August 2012 03:06:34 UTC