Re: Sitecom adds Do Not Track to its routers

There are two questions here:

(1) Whether the working group owes anything to router makers or other parties that implement DNT-related functions  before the spec is finalized.  The answer here is no.  These parties have no legitimate reliance interests in how the spec comes out; they act at the risk that it will be finalized in a different way than they expect.

(2) Whether the group should think about the consequences of spec decisions for specific technologies, such as routers, that might implement DNT-related functions.  The answer here is yes.  Every time a Sitecom or a Microsoft or an ITIF experiments with DNT, it provides the group with useful test cases to think about.

My comments are directed towards (2).  I just wanted to be sure of the point that the proposed text for ACTION-284 would modify the draft to make these routers noncompliant.  This is a choice that ought to be made deliberately; thanks for clarifying that it is.

James

--------------------------------------------------
James Grimmelmann              Professor of Law
New York Law School                 (212) 431-2864
185 West Broadway       james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu>
New York, NY 10013    http://james.grimmelmann.net


On 2012-12-02, at 12:03 AM, Ian Fette (イアンフェッティ) <ifette@google.com<mailto:ifette@google.com>> wrote:


Hardly. We should design dnt in a way that meets our objectives as a group and defined in the charter. someone who decides to implement before even LC should not determine the direction simply for fear of breaking existing early implementations.

As for whether we want implementations incapable of exceptions and creating conflicting signals, I have already said no and I believe a number of people have said they would not implement such.

On Dec 1, 2012 8:23 PM, "Grimmelmann, James" <James.Grimmelmann@nyls.edu<mailto:James.Grimmelmann@nyls.edu>> wrote:
Okay, thanks.  So, if I have this right, you have proposed text (at http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0507.html), which is currently pending review,
that would define the Sitecom routers as noncompliant.

I ask because these routers appear to be devices that when used as designed and documented, result in the sending of a DNT header that accurately reflects an informed explicit user preference.  So there is a choice here for the group: should these and similar devices be part of the DNT ecosystem, and if so, how?  The consideration of that question ought to drive the consideration of the proposed text, not the other way around.

James

--------------------------------------------------
James Grimmelmann              Professor of Law
New York Law School                 (212) 431-2864<tel:%28212%29%20431-2864>
185 West Broadway       james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu><mailto:james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu>>
New York, NY 10013    http://james.grimmelmann.net<http://james.grimmelmann.net/>

On 2012-12-01, at 10:32 PM, Ian Fette (イアンフェッティ) <ifette@google.com<mailto:ifette@google.com><mailto:ifette@google.com<mailto:ifette@google.com>>> wrote:


See my text on action-284

On Dec 1, 2012 6:02 PM, "Grimmelmann, James" <James.Grimmelmann@nyls.edu<mailto:James.Grimmelmann@nyls.edu><mailto:James.Grimmelmann@nyls.edu<mailto:James.Grimmelmann@nyls.edu>>> wrote:
Ian, what language in the draft would the router be noncompliant with?  For example, the requirement that there be a doNotTrack DOM attribute is expressed as a MUST only for user agents.  Am I missing something else that would impose a requirement on the router?

Thanks,
James

--------------------------------------------------
James Grimmelmann              Professor of Law
New York Law School                 (212) 431-2864<tel:%28212%29%20431-2864><tel:%28212%29%20431-2864>
185 West Broadway       james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu><mailto:james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu>><mailto:james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu><mailto:james.grimmelmann@nyls.edu<mailto:james.grimmelmann@nyls.edu>>>
New York, NY 10013    http://james.grimmelmann.net<http://james.grimmelmann.net/><http://james.grimmelmann.net/>

On 2012-12-01, at 8:43 PM, Ian Fette (イアンフェッティ)
 <ifette@google.com<mailto:ifette@google.com><mailto:ifette@google.com<mailto:ifette@google.com>><mailto:ifette@google.com<mailto:ifette@google.com><mailto:ifette@google.com<mailto:ifette@google.com>>>>
 wrote:


David, when you say compliant I assume you mean with respect to the overall setting being representative of an explicit user choice? I'm not sure how something with no provisions for exceptions, or consistency between header and DOM values could be considered compliant...

On Dec 1, 2012 3:43 PM, "David Singer" <singer@apple.com<mailto:singer@apple.com><mailto:singer@apple.com<mailto:singer@apple.com>><mailto:singer@apple.com<mailto:singer@apple.com><mailto:singer@apple.com<mailto:singer@apple.com>>>> wrote:

On Nov 30, 2012, at 14:56 , Craig Spiezle <craigs@otalliance.org<mailto:craigs@otalliance.org><mailto:craigs@otalliance.org<mailto:craigs@otalliance.org>><mailto:craigs@otalliance.org<mailto:craigs@otalliance.org><mailto:craigs@otalliance.org<mailto:craigs@otalliance.org>>>> wrote:

As JC and i also confirmed this is an opt in device are you suggesting it would be non-compliant?

My read of their product literature is that the device is intended for individual sale, so in that case, it's probably compliant.  It is someone being enabled to have single central control of DNT for all their devices on their own network.

My read may be wrong, of course.


As more sw and hw solutions come to market specially designed to block ads, enhance privacy or third party calls I believe the intent of the user will be met through the user's purchase. That said I would hope there is a user string detectable so the site can detect such usage and determine what content / services are made available


Sent from my phone

On Nov 30, 2012, at 5:13 PM, Brendan Riordan-Butterworth <Brendan@iab.net<mailto:Brendan@iab.net><mailto:Brendan@iab.net<mailto:Brendan@iab.net>><mailto:Brendan@iab.net<mailto:Brendan@iab.net><mailto:Brendan@iab.net<mailto:Brendan@iab.net>>>> wrote:

http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dnt-header-field


“An HTTP intermediary must not add, delete, or modify the DNT header field in requests forwarded through that intermediary unless that intermediary has been specifically installed or configured to do so by the user making the requests. For example, an Internet Service Provider must not inject DNT: 1 on behalf of all of their users who have not expressed a preference.”

If the router has a single point to configure the DNT header field for all outbound traffic, and the LAN it is in front of has more than one user making HTTP requests, then the Sitecom functionality is not compliant with the requirements on intermediaries as defined in section 4.2 of the TPE document.

/brendan.

From: JC Cannon [mailto:jccannon@microsoft.com<mailto:jccannon@microsoft.com><mailto:jccannon@microsoft.com<mailto:jccannon@microsoft.com>>]
Sent: Thursday, November 29, 2012 1:14 PM
To: W3C DNT Working Group Mailing List
Subject: Sitecom adds Do Not Track to its routers

“The Do Not Track functionality is disabled by default, and requires the user to visit the router's configuration page to enable it. Sitecom has confirmed that, in addition to launching the software on third-generation X-Series routers, it will bring the Do Not Track option to existing devices with Sitecom Cloud Security through a free firmware update.”

http://www.bit-tech.net/news/hardware/2012/11/29/sitecom-do-not-track/1


JC

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Sunday, 2 December 2012 05:40:10 UTC