- From: Tom Lowenthal <tom@mozilla.com>
- Date: Fri, 13 Jan 2012 11:22:15 -0800
- To: public-tracking@w3.org
- Message-ID: <4F108467.4070600@mozilla.com>
I completely agree with you that we should define the meaning of the DNT:1/DNT:0 in the compliance document not the expression document. I would much rather not have any normative explanation of what behavior is associated with on/off/not-sent in the TPE doc. But, if there is a short blurb, I'd prefer if it were accurate rather than inaccurate. I think that we've made some good progress on defining the "who" when we introduced the first/third party definition Jonathan and I worked on, the group responded positively, and gave some really specific, constructive suggestions. I hope to be able to incorporate the suggestions by Monday. What do you think of our progress so far? Would folks be opposed to cutting the compliance-related summary from the TPE spec all together? On 01/13/2012 01:28 AM, Rigo Wenning wrote: > Tom, > > while I like your definitions of DNT:1 and DNT:0, I maintain that the DNT > Specification should say that DNT is enabled/disabled/unset. And not saying > anything about "First parties not sharing information". > > The difficult part is IMHO then the definition of scope of the user's DNT- > declaration. You say "who receives it" This was my initial take to scope it, > namely simply by the GET request. People thought that this wouldn't be > sufficient. Then we talked about "origins" and first and third parties. > > So one of the weaknesses of the DNT - definitions is still the exact circle of > addressees. We have tried corporation law rules (affiliate), social rules (first, > third parties), browser habits (origins), user expectations (theoretic > horizon). But as in the real world, if one speaks out, it is difficult to > determine for all others what she really meant and to whom he was really > talking to. At some point the choice ends up having something arbitrary that > best fits the needs and integrates into web architecture. Because once this > technology is out, it will create the user expectations we are trying to > anticipate. But it may be hard to anticipate the non-existing. > > IMHO we haven't yet really found a good addressee (or multitude thereof) and > should discuss this further. Once we have the addressee, we can discuss about > how the preference expression is perceived and what it is supposed to mean. > "Supposed to mean" is a topic for the compliance specification IMHO. > > Best, > > Rigo > > > On Thursday 12 January 2012 15:36:48 Tom Lowenthal wrote: >> Correction: "All parties" in the DNT:0 blurb should be "Both first and >> third parties". The header only imparts >> information/permission/preferences to the party receiving it, not to >> anyone else. That was just sloppy writing on my part. >> >> Does anyone have any suggestions for modifications to this? Roy, if we >> don't get any suggested changes, could you incorporate this before the >> "let's read it on the plane" document freeze? >> >> On 01/12/2012 03:02 PM, Roy T. Fielding wrote: >>> On Jan 12, 2012, at 12:52 PM, Tom Lowenthal wrote: >>>> On 01/10/2012 06:12 PM, Roy T. Fielding wrote: >>>>> 1 Do not track me across differently-branded sites and do not use >>>>> previously tracked/obtained behavioral data from other sites to >>>>> personalize a response. >>>>> >>>>> 0 Use of cross-site tracking and personalization has been >>>>> specifically permitted for this site, as described in section 6. >>>>> User-agent-managed site-specific exceptions. >>>> >>>> [Section 4, 4.1] >>>> As mentioned on the call, I was surprised to see this definition of >>>> DNT:0 positioned as a site-specific exception to a general DNT:1 >>>> preference. I was expecting (and others on the call seemed to assume) >>>> a >>>> quite different approach. My understanding is more as follows: >>>> >>>> >>>> DNT:1 Tells everyone who receives it that I have a heightened >>>> preference >>>> for privacy and against being tracked. First parties mustn't share any >>>> information about me. Third parties must treat me like someone about >>>> whom they know nothing, and remember nothing about me later. >>>> >>>> DNT:0 Tells everyone who receives it that I have a preference towards >>>> a >>>> personalized service, and consent to tracking. All parties may gather >>>> data and learn about me and should use that information to improve my >>>> experience with them. >>> >>> I have no problem defining it that way if that is how user agents intend >>> to implement it. What I wrote is how it is currently implemented, >>> AFAICT. I agree that the current state isn't as crisp as what you >>> describe above, for a variety of reasons. >>> >>> Can we get some input from the other browser vendors? >>> >>> ....Roy >
Received on Friday, 13 January 2012 19:22:58 UTC