- From: Justin Brookman <jbrookman@cdt.org>
- Date: Wed, 22 Aug 2012 23:09:48 -0400
- To: public-tracking@w3.org
- Message-ID: <acde2e1d-c8bb-4a9e-a277-0f3004bb724d@blur>
It is simply not true that IE10's header has no meaning. At the end of the day, for implementers of this specification, IE10's DNT:1 header meaning is whatever this spec says it is. The problem comes if the spec says that any party gets to subjectively decide what IE10's header means. To forestall having the same exact argument with you for the nth time, I will reiterate my concession that it may be OK for parties to have different rules for responding to different UAs (including refusing to provide content). I'm just not sure a response header to the UA that "I refuse to honor this header" without requiring more is sufficiently transparent from the user's persepctive. Sent via mobile, please excuse curtness and typos -----Original message----- From: "Roy T. Fielding" <fielding@gbiv.com> To: Justin Brookman <jbrookman@cdt.org> Cc: public-tracking@w3.org Sent: Thu, Aug 23, 2012 02:47:38 GMT+00:00 Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers On Aug 22, 2012, at 5:57 PM, Justin Brookman wrote: > As Shane has said, the key is transparency: you can't just receive a DNT:1 signal and go about your tracking business. That simply isn't true. DNT sent from MSIE 10.0 has no meaning. It is equivalent to not sending DNT, as far as "tracking business" is concerned, whatever we might mean by tracking. > You have to get permission to track, Only in certain jurisdictions. > or tell the user you refuse to deliver them content while DNT:1 is on, That's certainly an option. > or refuse to provide service to the user agent at all. No, the user agent sent a request. The site will respond as requested and do whatever applicable regional laws allow with the data collected. > I saw a news story recently that Wired is already doing this for just IE10 users --- grant permission to track, or we'll just serve you snippets. They don't claim that IE10 isn't compliant---rather they presume the validity of the signal---they just say "here are your choices." Of course, this may not be compliant with European law, but I believe the group had decided that sites could degrade users' experiences who don't grant exceptions. Removing the DNT signal does not, in any way, impact compliance with EU laws. > I had been uncomfortable with sites or third parties saying "come back with a different browser" due to allegations of noncompliance, but it helps to consider that they could do it anyway---as long as it's transpa
Received on Thursday, 23 August 2012 03:10:03 UTC