- From: Sid Stamm <sid@mozilla.com>
- Date: Fri, 06 Jan 2012 16:54:20 -0800 (PST)
- To: Nicholas Doty <npdoty@w3.org>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Hey Nick, Here are some comments I've got after taking a first cursory look at the addition. 5.7.3.2: "User agents MUST provide a user interface prompting the user to choose whether to provide site-specific exceptions to Do Not Track for the requested origins, or, if pre-configured to accept or reject these permissions, respond with the user’s previously configured preference." -> This sounds like "User agents MUST do X, or not." This is weak and doesn't seem to be normative as intended. I think this would be better as "User agents SHOULD do X, or Y, or something equivalent." Getting too detailed here is at risk of violating "Questions of user interface specifics — for granting, configuring, storing, syncing and revoking exceptions — are left open to implementers" in the first part of the section. 5.7.3.2: "a third party may query this property to determine whether Do Not Track applies to its domain." It isn't clear how the third party realizes they're a third party. Should they know? This is precisely the conflict between HTTP-request based context and JS-runtime context. 5.7.3.3: "The user agent MUST store granted site-specific exceptions in the form of a pair (document origin of the top-level document, site-specific-exception document-origin)." This violates the top part that says storage design is up to the UA. We could define what the exception is (first+third party origins) and say the UA MUST store both or neither, but saying in what form they must be stored is thorny. I'm still reading through, so I might follow up with a few more thoughts. -Sid ----- Original Message ----- > From: "Nicholas Doty" <npdoty@w3.org> > To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org> > Cc: "Roy T. Fielding" <fielding@gbiv.com>, "Shane Wiley" <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" > <Vincent.Toubiana@alcatel-lucent.com>, "Sid Stamm" <sid@mozilla.com> > Sent: Thursday, January 5, 2012 7:18:02 PM > Subject: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft > > I've added the user-agent-managed site-specific exceptions proposal > that we discussed on December 21 to the Editor's Draft: > http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#exceptions > > > This is completion of ACTION-43. > > > This text includes inline references to the open issues we had around > this proposal (including those raised during the call), hence the > flood of new issue notifications that just hit all of your inboxes. > > > If there are other issues not included in that list, please raise > them! And we would love any more feedback on this proposal now that > you can see it in place in the Editor's Draft. Email discussion > would be welcome, but I suggest that we could also add this to the > agenda for the next call. > > > Thanks, > Nick
Received on Saturday, 7 January 2012 00:54:49 UTC