(unknown charset) Re: ACTION-114 ISSUE-107 : Revised response header. from (unknown charset) Matthias Schunter on 2012-02-09 (public-tracking@w3.org from February 2012)

From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
Date: Thu, 09 Feb 2012 16:16:31 +0100
To: (unknown charset) Sean Harvey <sharvey@google.com>
CC: (unknown charset) "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <4F33E34F.4010902@zurich.ibm.com>

Hi Sean,

We are discussing a Javascript API to obtain this information. But
this is still open.

>From the request alone, a site cannot distinguish between a user who
has DNT; 0 as its global preference from a user that has DNT;1 as
default and has a site-specific exception in place for this site. Both
will send DNT;0.

I think that this is not yet cast in stone: If we understand the
usecase, we may be able to provide the information you need somehow
(via header or javascript).

Regards,
matthias




On 2/8/2012 11:22 AM, Sean Harvey wrote:
> Thanks Matthias. just a quick double check without having to waste
> everyone's time. The point here is that the server should not have to
> check any cookies including opt out cookies to determine the user's
> default DNT status.I assume we are not saying that currently there is
> no clear way for the server to understand the user's default DNT state
> when a site-specific exception is in place?
> 
> 
> 
> 
> On Mon, Feb 6, 2012 at 9:28 PM, Matthias Schunter <mts@zurich.ibm.com
> <mailto:mts@zurich.ibm.com>> wrote:
> 
>     Hi Sean,
> 
> 
>     thanks for reviewing the header proposal. I agree with Nick that this
>     should largely work:
> 
>     1. The user browses SITE and sends whatever DNT value (or none) that
>     he prefers
>     2. The site discovers an opt-out cookie and interprets this as DNT;1
>     3. The site responds with a response header that signals its intended
>     usage
>       (e.g., no tracking / third party)
> 
>     However, I believe that obtaining headers may be more reliable than
>     using redundant information from cookies. Consider a case where:
>     a) The user prefers DNT;1 and sends this header everywhere
>        and has an opt-out cookie as well.
>     b) The site only interprets the cookie (ignoring the header)
>        and assumes DNT;0 if it receives no cookie
>     c) the user deletes all cookies while continuing to send DNT;1
> 
>     In this case, the site would assume DNT;0 while the user has sent
>     DNT;1.
> 
>     Note that this is not a problem of the response headers. It is rather
>     an issue how to keep the DNT header info in sync with other opt-out
>     schemes. The challenge is to ensure that the cookies used by the site
>     are always in sync with the DNT header sent by the user.
> 
> 
>     Regards,
>     matthias
> 
> 
> 
> 
>     On 2/5/2012 11:15 PM, Sean Harvey wrote:
>     > The concern is that some systems may wish to respect a DNT header
>     > being on (in part) by setting an opt-out cookie. This opt-out cookie
>     > would mean that site-specific exemptions will be ignored and the
>     user
>     > will be treated as DNT=on in all cases. This is practically
>     easier in
>     > some cases, and we would want this to at least be an option for a
>     > server when faced with an array of DNT states.
>     >
> 
> 
> 
> 
> 
> -- 
> Sean Harvey
> Business Product Manager
> Google, Inc.
> 212-381-5330
> sharvey@google.com <mailto:sharvey@google.com>

Received on Thursday, 9 February 2012 15:17:07 UTC