Re: action-231, issue-153 requirements on other software that sets DNT headers

Hi Roy,

On 8/23/2012 7:46 PM, Roy T. Fielding wrote:
> To obtain explicit and informed prior consent, we have to do something
> out of band that obtains explicit and informed consent.  I don't
> know exactly what that is, but I am sure it doesn't include giving
> a pre-selected option in a dialog during initial installation/use
> of an operating system default UA.

Is this obligation (that out of band consent mechanisms must reflect 
explicit and informed user consent) in the TPE? I could not find it in 
there anywhere. Closest I could find was:


        /5.4.3 Indicating an Interactive Status Change/

//

/We anticipate that interactive mechanisms might be used, beyond the 
scope of this specification, that have the effect of asking for and 
obtaining prior consent for tracking, or for modifying prior indications 
of consent. For example, the tracking status resource's status-object 
defines a |control 
<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-control>| 
member that can refer to such a mechanism. Although such out-of-band 
mechanisms are not defined by this specification, their presence might 
influence the tracking status object's response value. /

//

/When an origin server provides a mechanism via HTTP for establishing or 
modifying out-of-band tracking preferences, the origin server /must/ 
indicate within the mechanism's response when a state-changing request 
has resulted in a change to the tracking status for that server. This 
indication of an interactive status change is accomplished by sending a 
Tk 
<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-tk> 
header field in the response with a tracking status value of |U 
<http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-u>| 
(updated). /

Far from ensuring out of band consent is 'express', this states that 
such "mechanisms are not defined by this specification".