- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 13 Jan 2012 17:10:38 -0800
- To: David Singer <singer@apple.com>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Jan 13, 2012, at 2:41 PM, David Singer wrote: > In reading a separate thread, I realized that there is a potential issue here over DNT:0. > > A little while back we discussed whether the UA should send a DNT header to the first party. A number of us argued that it should, even if the first party is exempt: because the first party may care that its third parties are being asked not to track - it might ask for payment in consequence, for example. > > This argument relies on the assumption that DNT is a single 'big switch', either on or off, but the discussion around DNT:0 reveals that people think it may be OK for the UA to send DNT:1 to some sites, and DNT:0 to others. Yes, that discussion is why I defined it as a big switch "on" with configurable exceptions to off. In that case, DNT: 0 is only received when the switch is on for others, which is as much information that the user agent can send to the first party without compromising its own configuration. But that only works as notification to first-parties if UAs do not implement a global switch with which the user can explicitly turn DNT off for all sites. Until Wednesday, nobody had suggested that browsers would implement an off switch. I'd like to know if WebKit will do that. > So what, then, does the first party get? DNT:1 if any third party is getting DNT:1, else DNT:0 if all are getting DNT:0? An average of the DNT values :-) DNT:0.7 ??! The first party would get DNT 0 if an explicit exception exists. That does not tell the first party which, if any, of its subrequest partners might receive DNT 1 instead. It only alerts them to the potential. > Am I, as a UA, allowed to mix non-DNT requests into the mix? Not as currently defined. ....Roy
Received on Saturday, 14 January 2012 01:11:22 UTC