- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 20 Jan 2012 12:30:24 -0800
- To: Tracking Protection Working Group WG <public-tracking@w3.org>
ISSUE-117: Terms: tracking v. cross-site tracking
Move discussion of cross-site tracking to a single issue that has to
be resolved in TCS.
% cvs diff -r1.57 -r1.58
Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- tracking-dnt.html 16 Jan 2012 17:05:47 -0000 1.57
+++ tracking-dnt.html 20 Jan 2012 20:24:20 -0000 1.58
@@ -33,14 +33,14 @@
<body>
<section id='abstract'>
This specification defines the technical mechanisms for expressing a
- cross-site tracking preference via the <a>DNT</a> request header field in
+ tracking preference via the <a>DNT</a> request header field in
HTTP, via an HTML DOM property readable by embedded scripts, and via
properties accessible to various user agent plug-in or extension APIs.
It also defines mechanisms for sites to signal whether and how they
honor this preference, both in the form of a machine-readable policy
at a well-known location for first-party sites and a <q>Tracking</q>
response header field for third-party resources that engage in
- cross-site tracking, and a mechanism for allowing the user to approve
+ tracking, and a mechanism for allowing the user to approve
site-specific exceptions to DNT as desired.
</section>
@@ -127,10 +127,9 @@
In particular, targeting and personalization can evoke strong
negative feelings when data collected at a trusted site is used,
without the user's consent, for targeting ads on some other site
- with which they have no personal trust relationship. When cross-site
- tracking or cross-site sharing of data collection does not match the
- user's expectations regarding privacy, the result can be a very
- angry customer.
+ with which they have no personal trust relationship. When tracking
+ does not match the user's expectations regarding privacy, the result
+ can be a very angry customer.
</p>
<p>
None of the participants in this Web of customization and targeted
@@ -138,7 +137,7 @@
counterproductive. For Web site owners, it drives away their
audience and income. For advertising networks, it leads to blocking
and lost advertisers. Therefore, we need a mechanism for the user
- to express their own preference regarding cross-site tracking that is
+ to express their own preference regarding tracking that is
both simple to configure and efficient when implemented.
Likewise, since some Web sites may be dependent on the revenue
obtained from targeted advertising and unwilling (or unable) to
@@ -148,7 +147,7 @@
</p>
<p>
This specification defines the HTTP request header field <a>DNT</a> for
- expressing a cross-site tracking preference on the Web, a well-known location
+ expressing a tracking preference on the Web, a well-known location
(URI) for providing a machine-readable site-wide policy regarding DNT
compliance, and the HTTP response header field <a>Tracking</a> for
third-party resources engaged in dynamic tracking behavior to
@@ -163,6 +162,13 @@
when an indication of tracking preference is received.
</p>
<p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/108">ISSUE-108</a>: Should/could the tracking preference expression be extended to other protocols beyond HTTP?</p>
+ <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/117">ISSUE-117</a>: Terms: tracking v. cross-site tracking<br />
+ The WG has not come to consensus regarding the definition of tracking
+ and whether the scope of DNT includes all forms of user-identifying
+ data collection or just cross-site data collection/use. This issue
+ will be resolved in the TCS document, though its resolution is a
+ necessary prerequisite to understanding and correctly implementing
+ the protocol defined by this document.</p>
</section>
<section id='notational'>
@@ -206,7 +212,7 @@
<p>
The goal of this protocol is to allow a user to express their
- personal preference regarding cross-site tracking to each server and
+ personal preference regarding tracking to each server and
web application that they communicate with via HTTP, thereby allowing
each service to either adjust their behavior to meet the user's
expectations or reach a separate agreement with the user to satisfy
@@ -230,20 +236,20 @@
</p>
<p>
The remainder of this specification defines the protocol in terms
- of whether a cross-site tracking preference is <dfn>enabled</dfn> or
+ of whether a tracking preference is <dfn>enabled</dfn> or
<dfn>not enabled</dfn>. We do not specify how that preference is
enabled: each implementation is responsible for determining the
user experience by which this preference is enabled.
</p>
<p>
- For example, a user might configure their own user agent to
- tell servers <q>do not track me cross-site</q>, install a plug-in
- or extension that is specifically designed to add that expression,
+ For example, a user might select a check-box in their user agent's
+ configuration, install a plug-in or extension that is specifically
+ designed to add a tracking preference expression,
or make a choice for privacy that then implicitly includes a
tracking preference (e.g., <q>Privacy settings: high</q>). Likewise,
a user might install or configure a proxy to add the expression
to their own outgoing requests.
- For each of these cases, we say that a cross-site tracking preference
+ For each of these cases, we say that a tracking preference
is <a>enabled</a>.
</p>
<p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/95">ISSUE-95</a>: May an institution or network provider set a tracking preference for a user?<br />
@@ -256,7 +262,7 @@
<h2>Expressing a Tracking Preference</h2>
<p>
- When a user has <a>enabled</a> a cross-site tracking preference, that
+ When a user has <a>enabled</a> a tracking preference, that
preference needs to be expressed to all mechanisms that might perform
or initiate tracking by third parties, including sites that the user
agent communicates with via HTTP, scripts that can extend behavior on
@@ -275,14 +281,14 @@
other sites to personalize a response.</td>
</tr>
<tr><th>0</th>
- <td>Use of cross-site tracking and personalization has been
+ <td>Use of tracking and personalization has been
specifically permitted for this site, as described in
<a href='#exceptions' class='sectionRef'></a>.<td>
</tr>
</table>
</p>
<p>
- If a cross-site tracking preference is <a>not enabled</a>, then no
+ If a tracking preference is <a>not enabled</a>, then no
preference is expressed by this protocol. This means that no
expression is sent for each of the following cases:
<ul>
@@ -293,7 +299,7 @@
all sites.</li>
</ul>
In the absence of regulatory, legal, or other requirements, servers
- MAY interpret the lack of an expressed cross-site tracking preference
+ MAY interpret the lack of an expressed tracking preference
as they find most appropriate for the given user, particularly when
considered in light of the user's privacy expectations and cultural
circumstances. Likewise, servers might make use of other preference
@@ -305,10 +311,10 @@
<p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/78">ISSUE-78</a>: What is the difference between absence of DNT header and DNT = 0?<br />
<strong>[PENDING REVIEW]</strong>
Proposed text above and in 4.1 below defines that a "0" is only
- sent when a cross-site tracking preference is enabled and some
+ sent when a tracking preference is enabled and some
mechanism known to the user agent has specifically made an exception
for this origin server. Note that we have not yet defined such a
- mechanism. If a cross-site tracking preference is not enabled or
+ mechanism. If a tracking preference is not enabled or
not implemented, no DNT header field is sent.
</p>
@@ -319,10 +325,10 @@
The <dfn>DNT</dfn> header field is hereby defined as the means for
expressing a user's tracking preference via HTTP [[!HTTP11]].
A user agent MUST send the <dfn>DNT</dfn> header field on all HTTP
- requests if (and only if) a cross-site tracking preference is
+ requests if (and only if) a tracking preference is
<a>enabled</a>.
A user agent MUST NOT send the <a>DNT</a> header field if a
- cross-site tracking preference is <a>not enabled</a>.
+ tracking preference is <a>not enabled</a>.
</p>
<pre class="abnf">
<dfn>DNT-field-name</dfn> = "DNT" ; case-insensitive
@@ -331,10 +337,10 @@
</pre>
<p>
The DNT field-value sent by a user agent MUST begin with the
- character "1" (%x31) if a cross-site tracking preference is
+ character "1" (%x31) if a tracking preference is
<a>enabled</a> and there is not, to the user agent's knowledge, a
specific exception for the origin server targeted by this request.
- If a cross-site tracking preference is <a>enabled</a> and there is
+ If a tracking preference is <a>enabled</a> and there is
a specific exception for the target origin server via some mechanism
understood by the user agent, then the DNT field-value sent by the
user agent MUST begin with the character "0" (%x30).
@@ -369,10 +375,10 @@
main preference expressed by the first digit, such that the main
preference will be obeyed if the recipient does not understand the
extension. Hence, a DNT-field-value of "1xyz" can be thought of
- as <q>do not track me cross-site, but if you understand the
+ as <q>do not track, but if you understand the
refinements defined by x, y, or z, then adjust my preferences
according to those refinements.</q>
- DNT extensions can only be transmitted when a cross-site tracking
+ DNT extensions can only be transmitted when a tracking
preference is <a>enabled</a>.
</p>
<p>
@@ -394,18 +400,18 @@
<p>
The <a>NavigatorDoNotTrack</a> interface provides a means for
- the user's cross-site tracking preference to be expressed to
+ the user's tracking preference to be expressed to
web applications running within a page rendered by the user agent.
</p>
<dl class="idl" title='[NoInterfaceObject] interface NavigatorDoNotTrack'>
<dt>readonly attribute DOMString doNotTrack</dt>
<dd>
- When a cross-site tracking preference is <a>enabled</a>, the
+ When a tracking preference is <a>enabled</a>, the
doNotTrack attribute MUST have a string value that is the same as
the <a>DNT-field-value</a> defined in
<a href="#dnt-header-field" class="sectionRef"></a>.
- If a cross-site tracking preference is <a>not enabled</a>, the
+ If a tracking preference is <a>not enabled</a>, the
value is <code>null</code>.
</dd>
</dl>
@@ -440,7 +446,7 @@
<dfn>browser extensions</dfn>, that are capable of making their own
network requests. From the user's perspective, these components
are considered part of the user agent and thus ought to respect the
- user's configuration of a cross-site tracking preference. However, plug-ins
+ user's configuration of a tracking preference. However, plug-ins
do not normally have read access to the browser configuration.
Therefore, we will define here various mechanisms for communicating
the tracking preference via common plug-in APIs.
@@ -523,7 +529,7 @@
<p>
There have been many suggestions, but not much consensus, on how
- servers ought to respond when a cross-site tracking preference is enabled. The various
+ servers ought to respond when a tracking preference is enabled. The various
suggestions can be roughly categorized as follows:
</p>
<ul>
Received on Friday, 20 January 2012 20:30:34 UTC