Re: action-231, issue-153 requirements on other software that sets DNT headers

Tamir, the compliance spec requres express and informed consent for user-granted exceptions at 6.3.

Roy, thank you for clarifying that you don't think thr MSFT flow would be sufficient for explicit and informed consent for getting a user-granted exception.  That wasn't clear to me before so forgive me for misstating your position.  Unfortunately, I'm not sure all actors (or courts) would agree with that, and I still feel uncomfortable privatizing that determination to a range of conflicted third parties.  Still, I guess third parties that reject IE's DNT signals out of hand would have to have at least as strong or better opt-in for their own UGEs.  Not sure that alleviates the core transparency issue though.

Sent via mobile, please excuse curtness and typos

-----Original message-----
From: "Roy T. Fielding" <fielding@gbiv.com>
To: Tamir Israel <tisrael@cippic.ca>
Cc: Justin Brookman <jbrookman@cdt.org>, public-tracking@w3.org
Sent: Fri, Aug 24, 2012 00:19:09 GMT+00:00
Subject: Re: action-231, issue-153 requirements on other software that sets   DNT  headers

On Aug 23, 2012, at 4:58 PM, Tamir Israel wrote:

> Hi Roy,
> 
> On 8/23/2012 7:46 PM, Roy T. Fielding wrote:
>> 
>> To obtain explicit and informed prior consent, we have to do something
>> out of band that obtains explicit and informed consent.  I don't
>> know exactly what that is, but I am sure it doesn't include giving
>> a pre-selected option in a dialog during initial installation/use
>> of an operating system default UA.
> 
> Is this obligation (that out of band consent mechanisms must reflect explicit and informed user consent) in the TPE?

No, they are out of band mechanisms for the *purpose* of obtaining
explicit and informed prior consent.  If the mechanisms don't work,
that's not our problem to solve [no implied permissions are given
just for trying].

....Roy