- From: Justin Brookman <jbrookman@cdt.org>
- Date: Thu, 23 Aug 2012 09:01:35 -0400
- To: public-tracking@w3.org
- Message-ID: <cfded6bd-639d-4bc7-9cb3-9f69064b1e31@blur>
It is inaccurate to say that IE10's implementation is inconsistent witht the spec, as the WG has not chosen an option to define explicit and informed consent. The Windows flow presents information about DNT along with several other options; as an opt-in flow, you could argue that DNT should be called out more prominently, but I have seen a lot worse. Please recall that the group previously rejected requiring consent to require distinct permission separate from other information, and you yourself wanted to leave open the possibility that consent could be obtained through a *privacy policy*. So it is certainly an open question whether IE10 meets the explicit and informed consent standard that the spec provides for. Sent via mobile, please excuse curtness and typos -----Original message----- From: "Roy T. Fielding" <fielding@gbiv.com> To: Justin Brookman <jbrookman@cdt.org> Cc: public-tracking@w3.org Sent: Thu, Aug 23, 2012 07:49:35 GMT+00:00 Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers On Aug 22, 2012, at 8:09 PM, Justin Brookman wrote: > It is simply not true that IE10's header has no meaning. According to their docs, it is not consistent with DNT as defined in our specs. It therefore has no meaning known to me. That is the nature of open standards. > At the end of the day, for implementers of this specification, IE10's DNT:1 header meaning is whatever this spec says it is. No, IE10's DNT is just a bug. A brain fart of epic proportions. IE has had many bugs over the years, they occasionally get fixed, and most people have learned to avoid the n.0 releases. > The problem comes if the spec says that any party gets to subjectively decide what IE10's header means. I have no desire for the spec to say that. I have a desire to tell the user that they have a buggy UA without messing with the site UI. If the WG doesn't want me to do that, then the user gets a little less transparency. Regardless, MSIE 10.0's DNT signal will be deleted before any application or downstream server sees it. > To forestall having the same exact argument with you for the nth time, I will reiterate my concession that it may be OK for parties to have different rules for responding to different UAs (including refusing to provide content). I'm just not sure a response header to the UA that "I refuse to honor this header" without requiring more is sufficiently transparent from the user's persepctive. Any server can deny access, regardless of DNT. Any server can
Received on Thursday, 23 August 2012 13:01:54 UTC