- From: Tom Lowenthal <tom@mozilla.com>
- Date: Wed, 25 Jan 2012 20:16:43 +0100
- To: Sean Harvey <sharvey@google.com>
- CC: Andy Zeigler <andyzei@microsoft.com>, "Tracking Protection Working Group WG (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <4F20551B.3000201@mozilla.com>
Wrong thread? On Wed 25 Jan 2012 08:00:44 PM CET, Sean Harvey wrote: > In general i'm really excited about the progress on the response header! > but given that we've just reviewed it this afternoon i do need to get more > feedback both internally and from publishers in order to ensure that this > is reasonably implementable. and i believe we need to discuss this as a > group before any issues are formally closed. it's worth stepping back for a > moment and making sure we all know what we're signing up for, but this is > great progress. > > > > > On Wed, Jan 25, 2012 at 7:51 PM, Tom Lowenthal <tom@mozilla.com> wrote: > >> In that case, let's follow the simplicity principle and avoid >> extraneous text. I'm closing ISSUE-65 and ACTION-70. >> >> On Wed 25 Jan 2012 07:24:49 PM CET, Andy Zeigler wrote: >>> That would be simpler. Either way is fine with me. >>> >>> -----Original Message----- >>> From: Tom Lowenthal [mailto:tom@mozilla.com] >>> Sent: Wednesday, January 25, 2012 7:22 PM >>> To: Andy Zeigler >>> Cc: Tracking Protection Working Group WG (public-tracking@w3.org) >>> Subject: Re: Issue-65: How does logged in and logged out state work -- >> Draft Proposal >>> >>> ACTION-70 ISSUE-65 >>> Fine, I suppose. I'd rather just not have any text on this topic at all, >> and let the existing rules work it out. >>> >>> On Wed 25 Jan 2012 02:10:04 PM CET, Andy Zeigler wrote: >>>> I apologize - sent before the cut-and-paste. >>>> >>>> Draft text: >>>> >>>> If a user is logged into a first-party website and it >> receives a DNT:1 signal, the website MUST respect DNT:1 signal as a first >> party and SHOULD handle the user login as it normally would. If a user is >> logged into a third-party website, and the third party receives a DNT:1 >> signal, then it MUST respect the DNT:1 signal unless it falls under an >> exemption described in section 3.4. >>>> >>>> Example use cases: >>>> >>>> - A user with DNT:1 logs into a search service called "Searchy". >> Searchy also operates advertisements on other websites. When the user is on >> a news website, Searchy receives DNT:1, and it must respect it, as Searchy >> is operating in a third-party context. >>>> >>>> - A user with DNT:1 enabled visits a shopping website and logs in. The >> shopping website continues to provide recommendations, order history, etc. >> The shopping site includes third-party advertisements. Those third-parties >> continue to respect DNT:1. When the user purchases the items in their >> basket, a third-party financial transaction service is used. The user >> interacts with the third-party service, at which point it becomes >> first-party and may use previously collected data. >>>> >>>> - A user with DNT:1 visits a website (Website A) that uses a >> third-party authentication service called "LogMeIn". The user logs into the >> site with his LogMeIn credentials. The user has interacted with LogMeIn, >> and now it can act as a first-party. Now the user vists Website B, which >> also uses the LogMeIn service, but is branded differently than Website A. >> LogMeIn MUST respect the DNT:1 signal until the user chooses to interact >> with LogMeIn in order to log into Website B. >>>> >>>> From: Andy Zeigler >>>> Sent: Wednesday, January 25, 2012 2:02 PM >>>> To: Tracking Protection Working Group WG (public-tracking@w3.org) >>>> Subject: Issue-65: How does logged in and logged out state work -- >>>> Draft Proposal >>>> >>>> >>>> >>>> >>>> >>> >> >> > >
Received on Wednesday, 25 January 2012 19:17:27 UTC