Re: ACTION-114 ISSUE-107 : Revised response header. from Sean Harvey on 2012-02-08 (public-tracking@w3.org from February 2012)

From: Sean Harvey <sharvey@google.com>
Date: Wed, 8 Feb 2012 10:22:46 +0000
To: Matthias Schunter <mts@zurich.ibm.com>, Nick Doty <npdoty@w3.org>, Heather West <heatherwest@google.com>
Cc: public-tracking@w3.org
Message-ID: <CAFy-vudm_HpG4WZR9-GW_HK5ukpbfsTFQafZEtSa5MU6MBcMmw@mail.gmail.com>

Thanks Matthias. just a quick double check without having to waste
everyone's time. The point here is that the server should not have to check
any cookies including opt out cookies to determine the user's default DNT
status. I assume we are not saying that currently there is no clear way for
the server to understand the user's default DNT state when a site-specific
exception is in place?




On Mon, Feb 6, 2012 at 9:28 PM, Matthias Schunter <mts@zurich.ibm.com>wrote:

> Hi Sean,
>
>
> thanks for reviewing the header proposal. I agree with Nick that this
> should largely work:
>
> 1. The user browses SITE and sends whatever DNT value (or none) that
> he prefers
> 2. The site discovers an opt-out cookie and interprets this as DNT;1
> 3. The site responds with a response header that signals its intended
> usage
>     (e.g., no tracking / third party)
>
> However, I believe that obtaining headers may be more reliable than
> using redundant information from cookies. Consider a case where:
>  a) The user prefers DNT;1 and sends this header everywhere
>       and has an opt-out cookie as well.
>  b) The site only interprets the cookie (ignoring the header)
>       and assumes DNT;0 if it receives no cookie
>  c) the user deletes all cookies while continuing to send DNT;1
>
> In this case, the site would assume DNT;0 while the user has sent DNT;1.
>
> Note that this is not a problem of the response headers. It is rather
> an issue how to keep the DNT header info in sync with other opt-out
> schemes. The challenge is to ensure that the cookies used by the site
> are always in sync with the DNT header sent by the user.
>
>
> Regards,
> matthias
>
>
>
>
> On 2/5/2012 11:15 PM, Sean Harvey wrote:
> > The concern is that some systems may wish to respect a DNT header
> > being on (in part) by setting an opt-out cookie. This opt-out cookie
> > would mean that site-specific exemptions will be ignored and the user
> > will be treated as DNT=on in all cases. This is practically easier in
> > some cases, and we would want this to at least be an option for a
> > server when faced with an array of DNT states.
> >
>
>
>


-- 
Sean Harvey
Business Product Manager
Google, Inc.
212-381-5330
sharvey@google.com

Received on Wednesday, 8 February 2012 10:27:12 UTC