W3C home > Mailing lists > Public > public-tracking@w3.org > January 2012

Re: ISSUE-43, ACTION-60: let the user know their options when arriving with Do Not Track

From: Nicholas Doty <npdoty@w3.org>
Date: Mon, 30 Jan 2012 16:43:23 +0100
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <A13778C9-34AB-42B1-8D88-2C2792718593@w3.org>
To: David Singer <singer@apple.com>
While I see the logical distinction, I think the messages:
* "Don't share this interaction with an arbitrary third party"
* "I may send a Do Not Track preference to one of your third parties"
are pretty much consistent. 

In initiating the request, the user agent won't know what third parties will be referred to in the response, so couldn't at the HTTP request header level tell the site whether one or more of the site's third parties will receive DNT:1. I agree that JavaScript is probably better for that fine-level detail.

On Jan 30, 2012, at 4:29 PM, David Singer wrote:

> I think that there was a bad idea (which I shared) at one time that the DNT header sent to a first party had two functions:
> * like any party, tell the first party how it was supposed to behave;
> * warn the first party that the user is DNT-aware and may be using DNT with its third parties.
> I think it best if these two are separated as much as possible.  Ideally, the second question is answered through javascript, but it seems rather complex.  We could require that some kind of DNT header must be sent to the first party, if a DNT header is sent to any party; but then we're overloading, and we'd (logically) need to be able to say "some third parties are getting DNT, but you may behave as if I had sent you no DNT header", which is a mess.
> So, summary: I have an open puzzle over how the 1st party should be made aware of whether DNT is in use at all.
> On Jan 30, 2012, at 15:15 , Nicholas Doty wrote:
>> In Brussels there was some doubt about what ISSUE-43 ("Sites should be able to let the user know their options when they arrive with Do Not Track") meant and whether it was a duplicate or otherwise already resolved. Here are my interpretations and my suggested resolution.
>> Per ISSUE-50, which was closed way back on September 22nd, we agree that a Do Not Track header should be sent to the first party so that the publisher is aware of the user's preference and can provide options in case the publisher needs the tracking for monetization of content, for example. We also need to send the DNT header to the first party since there will be some minimal restriction even on first parties (of the form, "don't share this data with arbitrary third parties to effectively work around my DNT preference"). I elaborate on reasons we should still send DNT:1 on the first request here: http://lists.w3.org/Archives/Public/public-tracking/2012Jan/0242.html
>> In addition, the JavaScript API (either the DOM property mirroring the header or the siteSpecificTrackingExceptions described in the Site-Specific Exceptions chapter) will give further visibility to the first party. And ISSUE-111 tracks the question of whether the first party should receive a different DNT value if it's in the situation of having some associated site-specific exceptions.
>> I suggest we keep ISSUE-43 closed. We could re-open if someone believes publishers will somehow not have enough visibility into this status or if changes to the spec would affect whether DNT:1 is sent to the first party or its JavaScript visibility.
> David Singer
> Multimedia and Software Standards, Apple Inc.

Received on Monday, 30 January 2012 15:43:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:30 UTC