Re: ISSUE-138, ACTION-319, exceptions without javascript

Bumping this, as it's on the agenda for tomorrow. Nick -- I still don't 
understand the purpose of this proposed text.

On 11/7/12 9:44 AM, David Wainberg wrote:
> On 11/7/12 1:48 AM, Nicholas Doty wrote:
>> Hi David,
>>> I'm not clear on what this is describing:
>>> * /A third-party could provide transparency about their own data 
>>> practices in order to persuade users to pre-emptively provide 
>>> user-granted exceptions. A third-party tracker might use a 
>>> machine-readable policy (for example, P3P) or some indication of 
>>> compliance with a self-regulatory program or auditing practice . 
>>> Users that care to might configure their user agents to grant 
>>> exceptions (and thus send DNT:0 signals) to trackers with such 
>>> practices./
>>> Is this a suggested implementation for UA's to grant exceptions 
>>> based on p3p or on participation in self-reg programs?
>> I was trying to get at the more general point that a user might 
>> configure their browser to send DNT:0 to a set of domains or 
>> resources based on some other signal besides a JavaScript-initiated 
>> exception request. This text isn't meant to recommend any particular 
>> UA implementation (this is non-normative text), but to note the 
>> possibility of UAs that granted exceptions based on the presence of a 
>> particular P3P policy, an indication of participation in an industry 
>> self-regulatory program, or some other insight into the relevant data 
>> handling practices.
>> Happy to accept a suggestion of clearer text on this point, or to 
>> explain further.
> It's confusing because it talks about what a third-party might do, but 
> in fact is alluding to possible UA implementations. Without UA 
> additional UA features, third-parties will be limited to the JS API 
> and UA exception storage, or out of band exceptions in a cookie or 
> something, right?

Received on Tuesday, 4 December 2012 23:22:20 UTC