- From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
- Date: Thu, 09 Feb 2012 16:16:31 +0100
- To: (unknown charset) Sean Harvey <sharvey@google.com>
- CC: (unknown charset) "public-tracking@w3.org" <public-tracking@w3.org>
Hi Sean, We are discussing a Javascript API to obtain this information. But this is still open. >From the request alone, a site cannot distinguish between a user who has DNT; 0 as its global preference from a user that has DNT;1 as default and has a site-specific exception in place for this site. Both will send DNT;0. I think that this is not yet cast in stone: If we understand the usecase, we may be able to provide the information you need somehow (via header or javascript). Regards, matthias On 2/8/2012 11:22 AM, Sean Harvey wrote: > Thanks Matthias. just a quick double check without having to waste > everyone's time. The point here is that the server should not have to > check any cookies including opt out cookies to determine the user's > default DNT status. I assume we are not saying that currently there is > no clear way for the server to understand the user's default DNT state > when a site-specific exception is in place? > > > > > On Mon, Feb 6, 2012 at 9:28 PM, Matthias Schunter <mts@zurich.ibm.com > <mailto:mts@zurich.ibm.com>> wrote: > > Hi Sean, > > > thanks for reviewing the header proposal. I agree with Nick that this > should largely work: > > 1. The user browses SITE and sends whatever DNT value (or none) that > he prefers > 2. The site discovers an opt-out cookie and interprets this as DNT;1 > 3. The site responds with a response header that signals its intended > usage > (e.g., no tracking / third party) > > However, I believe that obtaining headers may be more reliable than > using redundant information from cookies. Consider a case where: > a) The user prefers DNT;1 and sends this header everywhere > and has an opt-out cookie as well. > b) The site only interprets the cookie (ignoring the header) > and assumes DNT;0 if it receives no cookie > c) the user deletes all cookies while continuing to send DNT;1 > > In this case, the site would assume DNT;0 while the user has sent > DNT;1. > > Note that this is not a problem of the response headers. It is rather > an issue how to keep the DNT header info in sync with other opt-out > schemes. The challenge is to ensure that the cookies used by the site > are always in sync with the DNT header sent by the user. > > > Regards, > matthias > > > > > On 2/5/2012 11:15 PM, Sean Harvey wrote: > > The concern is that some systems may wish to respect a DNT header > > being on (in part) by setting an opt-out cookie. This opt-out cookie > > would mean that site-specific exemptions will be ignored and the > user > > will be treated as DNT=on in all cases. This is practically > easier in > > some cases, and we would want this to at least be an option for a > > server when faced with an array of DNT states. > > > > > > > > -- > Sean Harvey > Business Product Manager > Google, Inc. > 212-381-5330 > sharvey@google.com <mailto:sharvey@google.com>
Received on Thursday, 9 February 2012 15:17:07 UTC