Re: ISSUE-4 and clarity regarding browser defaults

There is an irony here.  Whether a user agent is compliant depends on whether "a tracking preference expression is only transmitted [by the user agent] when it reflects a deliberate choice by the user."  If a server messages a user that their user agent is noncompliant because it sets DNT:1 by default, and the user continues to use the user agent when interacting with the server, this takes away much of the argument that the user agent is still noncompliant with respect to that user.  At this point, the user has been given an explicit statement that their user agent is sending DNT:1 and an explanation of what that means, and has chosen not to do anything about it.


James Grimmelmann              Professor of Law
New York Law School                 (212) 431-2864
185 West Broadway<>
New York, NY 10013

On Jul 27, 2012, at 2:01 AM, Shane Wiley wrote:


I don’t believe it’s a fair comparison to hold the DNT discussion against a pure technical standard where I agree syntax validity is typically the only factor in acceptance.  The heavy Policy aspect of DNT in this conversation should be taken into consideration when viewing valid vs. invalid signals.

A better comparison would be to look at hardware centric standards where a capability failure alerts a user to the situation and becomes a forcing function for correct marketplace behavior.

For example, if I make an HDMI cable that says it supports the 1.3 HDMI standard and when a user connects the cable to a receiver and TV and they both suggest the HDMI cable is not compliant with v1.3 and reject the cable, the user will need to purchase a different cable that is compliant.  The original company that was not compliant will of course be driven to work to update their cable design to bring it back into compliance so people will purchase it.  To think a standard would take the position that makers of receivers and TVs must accept any HDMI cable regardless of standards compliance would make no sense.  And it shouldn't in our case either.

Allowing Servers to message users that their User Agent is invalid (non-compliant) will drive users who care to switch to a different User Agent to express their preferences in a compliant manner.  If the percentage of users leaving the non-compliant User Agent reaches a significant "enough" level, then one would assume the maker of the User Agent would move their product into compliance to remove this reason for user departures.  This is why standards in other contexts have a natural forcing alignment function.  Suggesting that Servers must honor “any DNT signal” – even from non-compliant UAs – doesn’t allow natural alignment to occur.

With respect to EU considerations, I believe the confusion is that some are suggesting servers not respond to the invalid UA DNT signal.  To be clear the goal is to transparently share with the user their User Agent (browser) of choice is non-compliant and to offer them alternatives at that time (if they desire to take them).  User knowledge of the situation is key.

- Shane

From: David Singer []
Sent: Thursday, July 26, 2012 3:49 PM
To: Mike Zaneis
Cc: Tamir Israel; Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin Brookman;<>
Subject: Re: ISSUE-4 and clarity regarding browser defaults


I like it that you state your positions clearly and without dissimulation (perhaps a little strongly, though?), but…

I agree with Tamir: we HAVE decided that user-agents should not enable DNT by default.  We have NOT decided whether sites can ignore a protocol-valid DNT signal because they think it might possibly not, in some cases, reflect the user's true intention.  (Nor have we decided whether user-agents can disbelieve what the sites say, under some circumstances).

Generally, in protocols, the normal practice is that if the protocol exchange itself is valid, but you think it an error for the other end to be doing something, you write software that respects the protocol (after all, you want your implementation to be cleanly compliant, with no questions), and you write letters asking the other company to get into compliance.

Personally, as I have stated, I think the end-points (software) trying to second-guess "did he really mean that?" is highly questionable and a recipe for a downward spiral of measure/counter-measure, and so on. I also feel that we have our work cut out deciding what conformance exchanges entail, without trying to define how end-points behave when faced with (the myriad possibilities of) non-conformant, or suspected non-conformant, behavior

On Jul 26, 2012, at 14:24 , Mike Zaneis <<>> wrote:


You are simply wrong.  This group has decided that browsers should be shipped with DNT turned off.  Furthermore, we have agreed that browsers shipped with DNT turned on would be non-compliant with the spec (Aleecia has been very public with this position).  Therefore, a company can be compliant with the W3C spec and ignore a signal that they know to have been sent by a default setting.  If read the story, that is the scenario being discussed.

There are many open questions around knowing how a signal was set and what the appropriate actions may be.  Those issues are being worked on, but if we cannot agree on the previous scenario, and industry is going to be attacked post any W3C spec if they operate in this fashion, then I question why we are continuing our work.

Mike Zaneis
SVP & General Counsel
Interactive Advertising Bureau
(202) 253-1466

Follow me on Twitter @mikezaneis

From: Tamir Israel [<>]
Sent: Thursday, July 26, 2012 5:07 PM
To: Mike Zaneis
Cc: Jeffrey Chester; Shane Wiley; Roy T. Fielding; Justin Brookman;<>
Subject: Re: ISSUE-4 and clarity regarding browser defaults

Hi Mike,

As I am sure you are well aware from the multiple times this has been discussed recently, the issue Jeff was referring to is far from closed.

You seem to be conflating two distinct issues, in fact. The one you are referring to, which was, indeed, closed long ago, was whether the specification would obligateany form of default setting. The conclusion was that it would not.

The issue Jeff is referring to is one that has been quite contentious and has not yet, to my knowledge, been resolved. This second issue is whether servers will be permitted to simply ignore DNT-1 signals sent by any IE user simply because they do not feel these are an accurate representation of user preference.

As we have all discussed multiple times, these two questions are quite distinct.

Best regards,

On 7/26/2012 4:55 PM, Mike Zaneis wrote:

I hate to revisit an issue that has been closed at least twice before, the first time being way back in September, but you again raised the browser default setting issue and its place in the W3C standards process -,0,5932169.story.  The story is about the W3C TPE Working Group and how Microsoft has decided to ship IE10 with the DNT flag turned on.  I was extremely disappointed to see your quote that industry would face a “bloody virtual and real-world fight” if we did not honor such a default.  That flies in the face of your statement from last month (see below to refresh your memory).

I have to question whether you are negotiating at the W3C in good faith.  If the industry is to be attacked and engaged in a bloody fight even if we develop and adopt a W3C standard, then what is the incentive for us to remain at the table?  Can you please clarify your position on this vitally important issue.

Mike Zaneis
SVP & General Counsel
Interactive Advertising Bureau
(202) 253-1466

Follow me on Twitter @mikezaneis

From: Jeffrey Chester []
Sent: Sunday, June 03, 2012 5:41 PM
To: Shane Wiley
Cc: Roy T. Fielding; Justin Brookman;<>
Subject: Re: ISSUE-4 and clarity regarding browser defaults

I support what the working group agreed to, with DNT not being shipped as on.  That is part of the set of compromises we have agreed to within the working group.  I was surprised as everyone else with Microsoft's announcement.  I was just responding the tone of some of the comments in the press where various industry players suggest that Microsoft is a digital Benedict Arnold.  That said, we need to conclude this work with agreement on definition for policy.  I still believe there is a win-win here that can be achieved.  If we can all agree on meaningful final policy, it will be the norm which everyone should abide.

So to be clear.  I am not trying to undo the agreement and urge us to stay in discussions.

But it sounds like there will be a lot of sleeplessness in Seattle!  Those Microsoft people better lock their doors!



Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009<><>

On Jun 3, 2012, at 4:44 PM, Shane Wiley wrote:


I thought we had solved this issue sometime ago at the beginning of the working group:  opt-in vs. opt-out.  By moving the UA to default to DNT:1 without an explicit user action, you’re creating an opt-in world.  I understand you like that end-point, but if you’re unwilling to move back to the originally agreed upon opt-out structure, I suspect industry participants may leave the working group.  A pure opt-in outcome will have devastating impact to the online ecosystem, will prompt many to develop overly inclusive opt-in approaches, and ultimately consumers lose after being barraged with a sea of opt-in requests.  I’m saddened by this sudden 180 on this very key perspective but hopefully saner minds will prevail.

In my opinion, we need to resolve this fundamentally core issue prior to moving forward on any other issues at the TPWG.  Please let me know if you agree.

Thank you,

From: Jeffrey Chester []
Sent: Sunday, June 03, 2012 7:16 AM
To: Roy T. Fielding
Cc: Justin Brookman;<>
Subject: Re: ISSUE-4 and clarity regarding browser defaults

I believe having DNT:1 turned on from the start is appropriate for users.  The industry has created a ubiquitous data collection system by default (which it terms an "ecosystem").  Users have little choice in an online world shaped by immersive and invisible strategies designed to trigger conversion, viral social marketing, lead gen and related data techniques (let alone a person sold to highest bidder on exchanges).  The cross-platform measurement systems being put in place, which mirror the unified marketing platforms, is another example of a world where users have no real choices.   With DNT on from the start,  a user can make more informed decisions about their data collection practices and then decide how to proceed.

Groups such as mine have already taken key issues off the table--such as the need to control first parties.  We believe we can have both monetization and privacy.  But we need to make DNT meaningful--to stop tracking and collection.  I know that the consumer and privacy community is committed to strike the right balance.  I look to the industry leaders in this group to help make DNT a reality.

Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009<><>

On Jun 2, 2012, at 10:45 PM, Roy T. Fielding wrote:

On Jun 2, 2012, at 6:29 PM, Justin Brookman wrote:

Roy, this precise issue came up on the weekly call on Wednesday, and Aleecia concluded that there was disagreement among the group on the precise question of whether DNT:1 could be on by default, and that we would discuss the issue in Seattle.

What we talked about was whether a non-specific add-on (AVG) can
set the header field (ISSUE-149) and the impact of conflicting
extensions and configuration (ISSUE-150).

You can obviously do whatever you like to the document, but I just wanted to point out that the editors seem to disagree with your statement that we have reached consensus on this point.  The minutes from the last call ( seem to back up my argument, but perhaps I am confused and misunderstood what was said on Wednesday --- guidance from the chairs on this point would be helpful.  (Also, FWIW, there is also another raised ISSUE-143 on whether "activating a tracking preference must require explicit, informed consent from a user" . . .)

I believe 143 is about additional requirements on user awareness
of the new setting when DNT is enabled by an add-on/extension.

In the meantime, if you or anyone else could shed some light on why DNT:1 on by default would make the standard more challenging to implement, I would very much like to hear substantive arguments about how that would not be workable.

It isn't more challenging to implement.  It just won't be
implemented because it obscures the user's choice.  The essence
of any Recommendation is to encourage deployment of a given
protocol because it is good for everyone to do so, and we already
established that most of industry will deploy DNT if it accurately
reflects an individual user's choice.  We already discussed this
and made a decision. It has not yet been reopened to further
discussion, so I am not going to explain it further.

  Thus far, I have only heard assertions by fiat that we can't discuss the issue and tautological interpretations of the word "preference."  If there are technical reasons by DNT:1 on by default would pose problems, what are they (I'm not saying they don't exist, I just don't know)?

The technical reason is that it wouldn't match the defined
semantics for the field.  That could obviously be fixed by
changing the definition of the field, but since that is one
of the few things we have agreed to already, we have a process
that must be followed to reopen the issue.  Otherwise, we have
no chance of finishing anything.


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Friday, 27 July 2012 13:31:26 UTC