- From: Peter Cranstone <peter.cranstone@gmail.com>
- Date: Mon, 02 Jul 2012 13:55:27 -0600
- To: Rigo Wenning <rigo@w3.org>, <public-tracking@w3.org>
- CC: "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>, Jonathan Mayer <jmayer@stanford.edu>
This raises some important questions. Lets start with what's the definition of compliance? And then how do I determine compliance from a server context e.g. server receives a DNT:1 is that really compliant? A server then receives a DNT:1 or DNT:2 or DNT:0 from an exception - is that compliant? It's very hard to determine the context of the compliance when the context (1, 0, "") lacks context - i.e. it's all binary. Now lets take all of this to the next level - lets assume that the OEMs can whip up this exception code, figure out all the parsing required in real time and keep the performance on par with what they already have in the browser. Great - the next question becomes "what about local laws". Everything about this spec is going to come down to local laws - which then extends the question "what about local laws" and turns it into "whose local laws? - is it the servers or is it the users?" Which in turn spawns the question - how do I determine the users real time location on Mobile and then can the user use an exception based on what he/she wants EVEN if it's in violation of local/regional laws? At the F2F it appears that there was consensus on the definition of tracking. However there's still no consensus on what is compliance and every time we introduce an exception into the mix we have to be able to apply the compliance question because essentially as Rigo just pointed out below - if we don't and we just add a "1" or a "0" every time then it's no different from what Microsoft just did with IE10. Exceptions just added a whole new level of complexity not only on the browser side, but also the server side. Essentially from a compliance perspective it has to check twice - was that IE10 by default and who really added that Exception DNT:1 ? Peter ___________________________________ Peter J. Cranstone 720.663.1752 -----Original Message----- From: Rigo Wenning <rigo@w3.org> Organization: W3C Date: Monday, July 2, 2012 7:03 AM To: W3 Tracking <public-tracking@w3.org> Cc: "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>, Jonathan Mayer <jmayer@stanford.edu> Subject: Re: Prototype of Do Not Track Exceptions (ISSUE-151) Resent-From: W3 Tracking <public-tracking@w3.org> Resent-Date: Mon, 02 Jul 2012 13:04:06 +0000 >Vincent, > >if we reject "on by default" on the basis that it allegedly doesn't >reflect a user choice, it is even less a user choice if a tool can >just spawn DNT:1 requests and reject exception requests. > >This will only serve some short-term success for alleged baseline >protection for the US market only. Not good enough IMHO as it also >removes the DNT system as a communication system. Without exceptions >or only one answer (no), this isn't really a tool for the user. But >what if we create a tool that sends "yes" on every exception >request? Would that be compliant too? > >Rigo > >On Monday 02 July 2012 13:27:45 TOUBIANA, VINCENT wrote: >> 2): I think it should be enough for the UA to "be able to handle >> an exception request" (as forumlated in Issue-151). Thus the UA >> could be designed to accept (or reject) all exception requests >> and still be compliant. > >
Received on Monday, 2 July 2012 19:56:08 UTC