RE: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance]

Unfortunately, the world we live in requires web developers to have an intimate understanding of which browser they are interacting with (although this is getting better).  Most sites are already riddled with conditional clauses that look like:

If IE: Do something
Else if Firefox: do something else
Else if Chrome: do something else
etc

Each site already has to decide which subset of a browser's features they will use/ignore/override.  This is no different.

Kevin Smith  |  Engineering Manager  |  Adobe  |  385.221.1288 |  kevsmith@adobe.com

From: Justin Brookman [mailto:justin@cdt.org]
Sent: Friday, June 01, 2012 3:53 PM
To: public-tracking@w3.org
Subject: Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance]

The intermediary will correct based on what information?  Who will create the black list of "browser matches" and on what criteria, maintain it, deduce what the browser UI was that the user interfaced with, and determine that the user did not otherwise interact with the browser settings?


Justin Brookman

Director, Consumer Privacy

Center for Democracy & Technology

1634 I Street NW, Suite 1100

Washington, DC 20006

tel 202.407.8812

fax 202.637.0969

justin@cdt.org<mailto:justin@cdt.org>

http://www.cdt.org

@CenDemTech

@JustinBrookman

On 6/1/2012 5:45 PM, Roy T. Fielding wrote:
I do what I usually do when a user agent has a broken
implementation of HTTP -- I correct it before anything
downstream sees it.  In this case, an intermediary will delete
the DNT field value based on browser match before the applications
have a chance to make a decision based on the DNT field value.

....Roy

On Jun 1, 2012, at 2:36 PM, Justin Brookman wrote:


Agree with David --- we don't even know what MSFT's eventual implementation is going to be, and I can't say I know what AVG's is today.  Is there a screen that's pre-checked?  Is there some sort of ephemeral notice saying "by the way, DNT is on."  Will those UIs change over time?  Who is going to monitor the UIs and make the decision: "No, this isn't user choicey enough!"  How will you know what the UI was when the user installed the user agent?  Even if the default is on and there's no notice at all, how will the party know that the user didn't turn it off at some point, see a retargeted ad for a Vegas casino, and then turn in back on again?

I can't see how a standard answers those questions.


Justin Brookman

Director, Consumer Privacy

Center for Democracy & Technology

1634 I Street NW, Suite 1100

Washington, DC 20006

tel 202.407.8812

fax 202.637.0969

justin@cdt.org<mailto:justin@cdt.org>

http://www.cdt.org<http://www.cdt.org/>

@CenDemTech

@JustinBrookman

On 6/1/2012 5:28 PM, David Singer wrote:

On Jun 1, 2012, at 14:22 , Shane Wiley wrote:


David,

I disagree.  If you know that an UA is non-compliant, it should be fair to NOT honor the DNT signal from that non-compliant UA and message this back to the user in the well-known URI or Response Header.  Further, we can provide information for the user to use a UA that is DNT compliant if they wish for their preference to be honored in that regard.


OK, I think we will have to agree to disagree.  I can't think of any other spec., off hand, that allows one end to 'misbehave' if they believe the other end is misbehaving.  There *are* specs that deal with what you do if you see actual invalid values, incorrect responses, etc., but none that I know of that allow you to conclude 'you didn't really mean that' and do something other than what was signalled.

I still don't know how you tell the difference between a user who agree with, and wanted, the choice, and a user who wasn't aware of it.



David Singer
Multimedia and Software Standards, Apple Inc.