Re: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft

Also, I forgot to say (echoing others), that a MUST needs to be testable and 'MUST reflect the user's deepest wishes and desires' is pretty tricky to test.

:-)

On Jan 19, 2012, at 13:31 , Sid Stamm wrote:

> Me too. 
> 
> Users may choose one UA over another because it makes the right decisions *for* them... then the UAs will cater to their set of users based on how those users want to interact with the UA and the web.
> 
> It's a good idea to spec out how the UA communicates with web servers, and makes sense to provide non-normative guidance or examples about implementation techniques, but not normative language dictating how user agents help users make choices.
> 
> -Sid
> 
> ----- Original Message -----
>> From: "JC Cannon" <jccannon@microsoft.com>
>> To: "David Singer" <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
>> Sent: Thursday, January 19, 2012 1:17:33 PM
>> Subject: RE: ACTION-43: added user-agent-managed site-specific exception   proposal to Editor's Draft
>> 
>> I wholeheartedly agree with David on this point.
>> 
>> JC
>> 
>> -----Original Message-----
>> From: David Singer [mailto:singer@apple.com]
>> Sent: Thursday, January 19, 2012 9:29 AM
>> To: public-tracking@w3.org (public-tracking@w3.org)
>> Subject: Re: ACTION-43: added user-agent-managed site-specific
>> exception proposal to Editor's Draft
>> 
>> Right.  As I am sure you know, I am all for user-control and user
>> self-determination.
>> 
>> But there is an important avenue that users have to exercise that
>> control, and that is in their choice of user-agent, and their choice
>> of its configuration.
>> 
>> They re at liberty to say "I use browser X even though it doesn't
>> support DNT because of Y", and they are liberty to say "I prefer
>> browser M over browser N, because N is constantly asking me to make
>> DNT choices in real-time, whereas M I can configure so it just gets
>> it right".
>> 
>> I think it a *huge* mistake for us to design the way the user makes
>> choices.  Be clear in the text that certain aspects of 'driving' the
>> protocol belong to the user, but don't tell browsers what to do to
>> make sure that that is the case. " MUST provide a user interface
>> prompting the user to choose" is not a good phrase.
>> 
>> On Jan 18, 2012, at 23:45 , Rigo Wenning wrote:
>> 
>>> David,
>>> 
>>> we are approaching the "normal" catch22 situation of the data self
>>> determination concept that is secretly underlying all our
>>> discussions IMHO.
>>> 
>>> On Wednesday 18 January 2012 16:37:25 David Singer wrote:
>>>> I think we're designing a protocol between the UA and the server,
>>>> and what
>>>> that protocol means and its requirements.  UA to user interactions
>>>> are out
>>>> of the scope of a MUST statement, I think.
>>> 
>>> And if you want to have (some) user-control and self-determination,
>>> we assume
>>> that at some point the user should be enabled to make a (albeit
>>> possibly
>>> automated) decision. And the protocol, at some point, needs to
>>> trigger that
>>> decision process. I do not believe we can avoid that without going
>>> square to
>>> the entire concept of privacy (because privacy is finally about
>>> autonomy).
>>> 
>>> This said, a specification should only said that there MUST be a
>>> user decision
>>> and not how that user decision is implemented. Note that P3P
>>> implementation on
>>> UAs failed mainly because of lacking guidance and complete
>>> misunderstanding by
>>> implementers. Coming out of a 4 year research project where we
>>> investigated
>>> some of this, I could imagine that it may be worthwhile to have
>>> some good
>>> practices documentation where we join forces to unearth good
>>> privacy
>>> interfacing guidelines.
>>> 
>>> Best,
>>> 
>>> Rigo
>>> 
>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
>> 
>> 
>> 
>> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Thursday, 19 January 2012 21:45:05 UTC