W3C home > Mailing lists > Public > public-tracking@w3.org > July 2012

Re: Prototype of Do Not Track Exceptions (ISSUE-151)

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Mon, 02 Jul 2012 13:55:27 -0600
To: Rigo Wenning <rigo@w3.org>, <public-tracking@w3.org>
CC: "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>, Jonathan Mayer <jmayer@stanford.edu>
Message-ID: <CC1755ED.4B11%peter.cranstone@gmail.com>
This raises some important questions.

Lets start with what's the definition of compliance? And then how do I
determine compliance from a server context e.g. server receives a DNT:1 is
that really compliant? A server then receives a DNT:1 or DNT:2 or DNT:0
from an exception - is that compliant?

It's very hard to determine the context of the compliance when the context
(1, 0, "") lacks context - i.e. it's all binary.

Now lets take all of this to the next level - lets assume that the OEMs
can whip up this exception code, figure out all the parsing required in
real time and keep the performance on par with what they already have in
the browser. Great - the next question becomes "what about local laws".

Everything about this spec is going to come down to local laws - which
then extends the question "what about local laws" and turns it into "whose
local laws? - is it the servers or is it the users?"

Which in turn spawns the question - how do I determine the users real time
location on Mobile and then can the user use an exception based on what
he/she wants EVEN if it's in violation of local/regional laws?

At the F2F it appears that there was consensus on the definition of
tracking. However there's still no consensus on what is compliance and
every time we introduce an exception into the mix we have to be able to
apply the compliance question because essentially as Rigo just pointed out
below - if we don't and we just add a "1" or a "0" every time then it's no
different from what Microsoft just did with IE10.

Exceptions just added a whole new level of complexity not only on the
browser side, but also the server side. Essentially from a compliance
perspective it has to check twice - was that IE10 by default and who
really added that Exception DNT:1 ?


Peter
___________________________________
Peter J. Cranstone
720.663.1752








-----Original Message-----
From: Rigo Wenning <rigo@w3.org>
Organization: W3C
Date: Monday, July 2, 2012 7:03 AM
To: W3 Tracking <public-tracking@w3.org>
Cc: "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>,
Jonathan Mayer <jmayer@stanford.edu>
Subject: Re: Prototype of Do Not Track Exceptions (ISSUE-151)
Resent-From: W3 Tracking <public-tracking@w3.org>
Resent-Date: Mon, 02 Jul 2012 13:04:06 +0000

>Vincent, 
>
>if we reject "on by default" on the basis that it allegedly doesn't
>reflect a user choice, it is even less a user choice if a tool can
>just spawn DNT:1 requests and reject exception requests.
>
>This will only serve some short-term success for alleged baseline
>protection for the US market only. Not good enough IMHO as it also
>removes the DNT system as a communication system. Without exceptions
>or only one answer (no), this isn't really a tool for the user. But
>what if we create a tool that sends "yes" on every exception
>request? Would that be compliant too?
>
>Rigo
>
>On Monday 02 July 2012 13:27:45 TOUBIANA, VINCENT wrote:
>> 2): I think  it should be enough for the UA to "be able to handle
>> an exception request" (as forumlated in Issue-151). Thus the UA
>> could be designed to accept (or reject) all exception requests
>> and still be compliant.
>
>
Received on Monday, 2 July 2012 19:56:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:52 UTC