- From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
- Date: Mon, 06 Feb 2012 22:28:39 +0100
- To: (unknown charset) public-tracking@w3.org
Hi Sean,
thanks for reviewing the header proposal. I agree with Nick that this
should largely work:
1. The user browses SITE and sends whatever DNT value (or none) that
he prefers
2. The site discovers an opt-out cookie and interprets this as DNT;1
3. The site responds with a response header that signals its intended
usage
(e.g., no tracking / third party)
However, I believe that obtaining headers may be more reliable than
using redundant information from cookies. Consider a case where:
a) The user prefers DNT;1 and sends this header everywhere
and has an opt-out cookie as well.
b) The site only interprets the cookie (ignoring the header)
and assumes DNT;0 if it receives no cookie
c) the user deletes all cookies while continuing to send DNT;1
In this case, the site would assume DNT;0 while the user has sent DNT;1.
Note that this is not a problem of the response headers. It is rather
an issue how to keep the DNT header info in sync with other opt-out
schemes. The challenge is to ensure that the cookies used by the site
are always in sync with the DNT header sent by the user.
Regards,
matthias
On 2/5/2012 11:15 PM, Sean Harvey wrote:
> The concern is that some systems may wish to respect a DNT header
> being on (in part) by setting an opt-out cookie. This opt-out cookie
> would mean that site-specific exemptions will be ignored and the user
> will be treated as DNT=on in all cases. This is practically easier in
> some cases, and we would want this to at least be an option for a
> server when faced with an array of DNT states.
>
Received on Monday, 6 February 2012 21:34:14 UTC