W3C home > Mailing lists > Public > public-tracking@w3.org > January 2012

Re: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft

From: Sid Stamm <sid@mozilla.com>
Date: Fri, 06 Jan 2012 16:54:20 -0800 (PST)
To: Nicholas Doty <npdoty@w3.org>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <cd5aa2e1-2c0e-4e4e-a3cd-e471ab7cbd7a@zimbra1.shared.sjc1.mozilla.com>
Hey Nick,

Here are some comments I've got after taking a first cursory look at the addition.

5.7.3.2: "User agents MUST provide a user interface prompting the user to choose whether to provide site-specific exceptions to Do Not Track for the requested origins, or, if pre-configured to accept or reject these permissions, respond with the user’s previously configured preference."
-> This sounds like "User agents MUST do X, or not."  This is weak and doesn't seem to be normative as intended.  I think this would be better as "User agents SHOULD do X, or Y, or something equivalent."  Getting too detailed here is at risk of violating "Questions of user interface specifics — for granting, configuring, storing, syncing and revoking exceptions — are left open to implementers" in the first part of the section.

5.7.3.2: "a third party may query this property to determine whether Do Not Track applies to its domain." It isn't clear how the third party realizes they're a third party.  Should they know?  This is precisely the conflict between HTTP-request based context and JS-runtime context.

5.7.3.3: "The user agent MUST store granted site-specific exceptions in the form of a pair (document origin of the top-level document, site-specific-exception document-origin)." This violates the top part that says storage design is up to the UA.  We could define what the exception is (first+third party origins) and say the UA MUST store both or neither, but saying in what form they must be stored is thorny.

I'm still reading through, so I might follow up with a few more thoughts.

-Sid

----- Original Message -----
> From: "Nicholas Doty" <npdoty@w3.org>
> To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
> Cc: "Roy T. Fielding" <fielding@gbiv.com>, "Shane Wiley" <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA"
> <Vincent.Toubiana@alcatel-lucent.com>, "Sid Stamm" <sid@mozilla.com>
> Sent: Thursday, January 5, 2012 7:18:02 PM
> Subject: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft
> 
> I've added the user-agent-managed site-specific exceptions proposal
> that we discussed on December 21 to the Editor's Draft:
> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#exceptions
> 
> 
> This is completion of ACTION-43.
> 
> 
> This text includes inline references to the open issues we had around
> this proposal (including those raised during the call), hence the
> flood of new issue notifications that just hit all of your inboxes.
> 
> 
> If there are other issues not included in that list, please raise
> them! And we would love any more feedback on this proposal now that
> you can see it in place in the Editor's Draft. Email discussion
> would be welcome, but I suggest that we could also add this to the
> agenda for the next call.
> 
> 
> Thanks,
> Nick
Received on Saturday, 7 January 2012 00:54:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:30 UTC