- From: Tom Lowenthal <tom@mozilla.com>
- Date: Thu, 26 Jan 2012 08:15:54 +0100
- To: Kevin Smith <kevsmith@adobe.com>
- CC: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <4F20FDAA.3040701@mozilla.com>
When a site complies with DNT, there are a set of restrictions on their data practices, like "Third parties must not collect or retain data about users except for data collected for <certain particular purposes>.", and so on. As Shane said yesterday, the "exceptions" are part of this set of rules, not separate things. Opt-in is fundamentally different. When a user has engaged in an out-of-band opt-in, the user has said "Even though I'm sending you a DNT:1 signal, I permit you to do <these things> which are otherwise prohibited by my DNT:1 signal.". This is a "dangerous" state, because it means that the site is *not* following the rules of DNT, but instead following some different set of rules which has been agreed between the site and the user. Unless the user can tell that a site is following an alternate ruleset agreed between them, it would look like the site says that it is complying with DNT but is in fact not following the DNT rules. Only and individualized "I see that you have sent me a DNT:1 signal, but I know that you want me to do some things which are prohibited by that signal." message allows users to distinguish those two states. --- Could you let me know which states you think are redundant duplicates of each other? I think that these states are all distinct, and I suspect that knowing which things you think are the same would help us to identify and resolve our mis-communication. First parties are not exempt from DNT. First parties and third parties have different obligations under DNT. First parties are not permitted to share any information gathered from a user sending DNT:1 (except...). A first party would return `c` when they follow DNT, but the user has specifically requested that they generally share information about the user's visits with someone outside that party. However, when I am browsing Twitter, I would not expect to see `c` because I do not generally wish for my actions to be shared with anyone other than Twitter. For actions like sending a tweet which are self-evidently communicative, no `c` response is needed. If a first party intends to directly share information with a third party, then *both* of those parties need permission to break their DNT obligations. The first party needs permission to share the information (a prohibited practice), and the third party needs permission to collect the information (a prohibited practice). However, if a third party simply wishes to collect information directly from the user then only the third party needs permission. --- As for "xxx most of the time, but yyy only some of the time", I think that most logical servers that don't run widgets or have out-of-band opt-in will only be in one state, pretty much all of the time. There's no need to use any server-side logic to work out which response header to send to a particular request, you just hard-code the -- for instance -- service-provider response, and everyone who hits that server gets that signal. There are some servers which need to use more than one header. Widgets like +1, Like, Tweet This, &c would need to send third-party on general resource loads, but switch to first-party when they respond to user interaction. Servers that allow users to engage in an out-of-band opt-in would likewise need to return the non-opted-in header unless a user has opted in. On 01/25/2012 10:47 PM, Kevin Smith wrote: > Tom, > > Can you repeat why you wanted (or it sounded like it was a requirement for your initial proposal) the opt-in exception to be called out differently than other exceptions? You said something about xxx most of the time, but yyy only some of the time, but I did not quite grasp it. This still has the redundancy issue I brought up earlier. I may try to take a pass at it to see if the redundancy can be removed and still maintain your current functionality, but I want to make sure I understand the reasoning first. > > Also, what is an example of when a server would return a "c" (first-party-opt in). Since the first party has a default exception, what does an opt-in even mean. Opt-ins are for 3rd parties in correlation to a 1st party, but I do not think you would say that the 1st party has an opt-in. That would seem to imply that the 1st party is going to share your data with a 3rd party not on the request, otherwise the opt-in should come from the 3rd party - is that the purpose? Or perhaps it might make sense with a sitewide opt-in, basically saying all 3rd parties on my site share this opt-in. > > -----Original Message----- > From: Tom Lowenthal [mailto:tom@mozilla.com] > Sent: Wednesday, January 25, 2012 5:12 PM > To: public-tracking@w3.org > Subject: Revised Response Header > > ACTION-90 ACTION-87 > ISSUE-48 ISSUE-76 ISSUE-90 ISSUE-105 ISSUE-106 ISSUE-107 > > Behold, the bikeshed has been re-painted. > > --- > > Non-normative Discussion > ------------------------ > > This response header has the following features: > > - Servers state whether they think that they are a first or third party. > - Servers may state that they think that a user has explicitly opted back in to data collection by that site (not catchable). > - There is a response for catchable, static, or otherwise not-relevant-to-tracking objects. > > Everything fits within two characters: one for status and one for explanations. With the exception of "you have opted in" almost any logical server should only ever exist in one of these states, so dynamic generation is not needed. The user also has a way to query a server to discover that server's tracking policies, without that request causing tracking. > > > Normative Text > -------------- > > If a server receives a request with a DNT header, the response to that request MUST include a DNT-response header. If a server receives a request without a DNT header, the response to that request MAY include a DNT-response header. If sent, a DNT-response header MUST be accurate. > The DNT-response header is as follows: > >> DNT-Response = "Tk:" [CFWS] DNT-Status [CFWS] [ reason-code ] >> DNT-Status = no-dnt / full-dnt-1 / full-dnt-3 / except-dnt-1 / > except-dnt-3 / opt-dnt-1 / opt-dnt-3 / dnt-cached >> no-dnt = 0 >> not-tracking = 1 >> static-untracked = u >> first-party = f >> third-party = 3 >> service-provider = s >> first-party-opt = c >> third-part-opt = p >> reason-code: 1*alphanum >> alphanum = ALPHA / DIGIT > > If a reason code is specified, an *explanation* MUST exist at /.well-known/dnt?r=reason-code . Whether or not a reason code is specified, a *general policy* regarding Do Not Track SHOULD exist at /.well-known/dnt . The structure and requirements for *explanations* and > *general-policies* is described in section $FIXME of this document. > > *no-dnt* indicates that this party does not comply with [Tracking Definitions and Compliance](). Servers MUST NOT use this response. > > *not-tracking* indicates that: > - this party complies with [Tracking Definitions and Compliance](), > - does not engage in tracking, and > - that any information gathered by the party as a result of this request will be treated as if this party is a third party. > > *static-untracked* indicates that: > - this a resource -- such as a cached resource -- on which tracking does not occur, and > - that any information gathered by the party through requests to this resource will be treated as if the server is a third party. > > *first-party* indicates that: > - this party complies with [Tracking Definitions and Compliance]() and > - believes it is acting as a first party in responding to this request. > > *third-party* indicates that: > - this party complies with [Tracking Definitions and Compliance]() and > - believes it is acting as a third party in responding to this request. > > *service-provider* indicates that: > - this party complies with [Tracking Definitions and Compliance]() and > - believes it is acting as an outsourced third party service provider under section [3.6.1.2]() of [Tracking Definitions and Compliance](). > > *first-party-opt* indicates that: > - this party complies with [Tracking Definitions and Compliance](), > - believes it is acting as a first party in responding to this request, > - believes that the user has affirmatively consented to allow this site additional permission to track them, and > - the appropriate *explanation* describes these additional permissions and allows the user to revoke or modify them. > All responses with this state must be marked as uncacheable. > > *third-part-opt* indicates that: > - this party complies with [Tracking Definitions and Compliance](), > - believes it is acting as a first party in responding to this request, > - believes that the user has affirmatively consented to allow this site additional permission to track them, and > - the appropriate *explanation* describes these additional permissions and allows the user to revoke or modify them. > All responses with this state must be marked as uncacheable. >
Received on Thursday, 26 January 2012 07:18:15 UTC