Re: action-231, issue-153 requirements on other software that sets DNT headers from Tamir Israel on 2012-08-22 (public-tracking@w3.org from August 2012)

From: Tamir Israel <tisrael@cippic.ca>
Date: Wed, 22 Aug 2012 09:27:36 -0400
To: ifette@google.com
CC: Shane Wiley <wileys@yahoo-inc.com>, Jeffrey Chester <jeff@democraticmedia.org>, John Simpson <john@consumerwatchdog.org>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>, David Singer <singer@apple.com>, David Wainberg <david@networkadvertising.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>, Nicholas Doty <npdoty@w3.org>
Message-ID: <5034DE48.5030006@cippic.ca>

Let's assume for the moment that a UA has not implemented the exceptions 
API, and is sending a DNT-1. I guess, in that context, you get a prompt 
from the website asking you to change your UA settings.

I imagine the user experience will likely be very similar to what 
happens when I tell my browser to 'ask me first' before accepting any 
cookies. This is not ideal, but still better than just having a server 
ignore the DNT-1 on that basis.

On 8/21/2012 8:05 PM, Ian Fette (イアンフェッティ) wrote:
> Hypothetical situation here. Server gets a DNT:1 request from a 
> browser. Browser ships DNT:1 by default. Browser doesn't implement 
> exceptions. Browser may or may not block third party cookies by 
> default. What exactly is the server supposed to do in this case?
>
> -Ian
>
> On Tue, Aug 21, 2012 at 4:59 PM, Shane Wiley <wileys@yahoo-inc.com 
> <mailto:wileys@yahoo-inc.com>> wrote:
>
>     Jeff,
>
>     I disagree both on your philosophical position (compliant Servers
>     must honor non-compliant UAs) but more importantly as part of the
>     working group process.  Hopefully we can review this (again) at
>     the next TPE weekly meeting.
>
>     - Shane
>
>     *From:*Jeffrey Chester [mailto:jeff@democraticmedia.org
>     <mailto:jeff@democraticmedia.org>]
>     *Sent:* Tuesday, August 21, 2012 4:56 PM
>     *To:* Shane Wiley
>     *Cc:* John Simpson; Tamir Israel; Dobbs, Brooks; David Singer;
>     David Wainberg; public-tracking@w3.org
>     <mailto:public-tracking@w3.org> (public-tracking@w3.org
>     <mailto:public-tracking@w3.org>); Nicholas Doty
>
>
>     *Subject:* Re: action-231, issue-153 requirements on other
>     software that sets DNT headers
>
>     Shane:  I don't believe we have said such flags are "invalid."  I
>     agree with John, DNT:1 must be honored. We should not penalize
>     privacy by design, a policy most stakeholders support.
>
>     Regards,
>
>     Jeff
>
>     On Aug 21, 2012, at 7:49 PM, Shane Wiley wrote:
>
>
>
>     John,
>
>
>     I thought we already agreed in the working group to remain silent
>     on this situation and allow implementers to defend their actions
>     with respect to sending invalid flags.  Correct?  I understand
>     your personal views here but I wanted to reconfirm the working
>     group end-point on this issue.
>
>     Thank you,
>     Shane
>
>     *From:*John Simpson [mailto:john@consumerwatchdog.org]
>     *Sent:*Tuesday, August 21, 2012 4:46 PM
>     *To:*Tamir Israel
>     *Cc:*Dobbs, Brooks; David Singer; David
>     Wainberg;public-tracking@w3.org
>     <mailto:public-tracking@w3.org>(public-tracking@w3.org
>     <mailto:public-tracking@w3.org>); Nicholas Doty; Shane Wiley
>     *Subject:*Re: action-231, issue-153 requirements on other software
>     that sets DNT headers
>
>     For what it's worth I do not see how you can "blacklist" a UA that
>     is supposedly noncompliant if it sends a valid DNT:1 You can write
>     a letter to the vendor, you can call them out for being
>     noncompliant, you can protest to regulatory authorities if they
>     claim to be complaint when they are not.
>
>     However, if you get a DNT:1 signal, it needs to be honored.
>
>     On Aug 21, 2012, at 2:58 PM, Tamir Israel wrote:
>
>
>
>
>     OK -- I am not advocating two headers! Although one for each
>     personality would probably lead to more accurate profiling ; P
>
>     I suppose my concern was a combination of a.) how far will a UA's
>     obligation to check that alterations to its DNT are 'reflective of
>     user input' be stretched and b.) whether this opens up the door to
>     more UA blacklisting potential.
>
>     Best,
>     Tamir
>
>     On 8/21/2012 5:13 PM, Dobbs, Brooks wrote:
>
>
>     Tamir,
>
>         You are making this too complicated.  UAs shouldn't be
>         required to audit
>
>         applications, plugins, etc - they should, per the spec, only
>         ever send a
>
>         signal which is consistent with a user preference.  If they
>         don't feel
>
>         confident that what they are sending meets that requirement
>         they shouldn't
>
>         send anything.  Anything else completely undermines the spec.
>          If you send
>
>         two DNT headers, you are by definition, non-compliant
>         (schizophrenic users
>
>         not withstanding).
>
>         -Brooks
>
>     ----------
>
>     John M. Simpson
>
>     Consumer Advocate
>
>     Consumer Watchdog
>
>     1750 Ocean Park Blvd. ,Suite 200
>
>     Santa Monica, CA,90405
>
>     Tel: 310-392-7041 <tel:310-392-7041>
>
>     Cell: 310-292-1902 <tel:310-292-1902>
>
>     www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
>
>     john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>
>     Jeffrey Chester
>
>     Center for Digital Democracy
>
>     1621 Connecticut Ave, NW, Suite 550
>
>     Washington, DC 20009
>
>     www.democraticmedia.org <http://www.democraticmedia.org>
>
>     www.digitalads.org <http://www.digitalads.org>
>
>     202-986-2220 <tel:202-986-2220>
>
>

Received on Wednesday, 22 August 2012 13:28:26 UTC