- From: Justin Brookman <justin@cdt.org>
- Date: Tue, 05 Jun 2012 11:54:28 -0400
- To: "public-tracking@w3.org" <public-tracking@w3.org>
On 6/5/2012 11:22 AM, Shane Wiley wrote: > Justin, > > At some point we need to draw line in the sand to call out bad actors as "bad". We've agreed users should expressly activate DNT on their own (expect in cases where the act of installing a CLEARLY privacy protective product is their goal). If bad actor UAs cross that line (i.e. IE10 :-) ), then Servers should have the flexibility to respond appropriately. This will make the situation very transparent to users (response header/well known URI) and allow them to exercise choices the Server provides (list of supported UAs, for example). > > Your belief that ALL Servers should honor the ALL DNT:1 header requests, while very simple, is the basis for a pure opt-in world which all sides had previously agreed is the not the appropriate outcome for the Internet. Is the CDT taking a different stance on this topic? You keep missing my point. I am merely trying to allocate responsibility for ascertaining user intent and determining what is "bad" in a rational fashion. I do not think that third parties are well positioned to assess UIs or what a user's knowledge and intent is based on or despite that UI. Even assuming for the same of argument that all third parties possess a perfect mechanism for assessing whether all UIs meet the goals of this standard of expressing user preference, how would a feedback mechanism work to ascertain the true intent of the user? The ad net would send back a NACK signal . . . and then what? There would be no way to reset the DNT mechanism to say "yes, I really mean this" on a persistent basis. Effectively, any "compliant" third party will have the ability to refuse to ever acknowledge any DNT:1 signal coming from a UA that it unilaterally deems out of compliance. They may be some transparency around that refusal, but no ability for the user to redeem the faults of the UI. And then what would the UA do in this conundrum? Block communications to servers that report back that they're ignoring its DNT signal? I do not think this is an optimal result. I was suggesting another approach in adding into the spec affirmative requirements on user agents to only send the signal when it's the choice of the user. This still gets to UI issues where the group had been hesitant to be prescriptive before, but it may be a more sensible alternative. If you require UAs to publicly state that they're compliant with the standard, does that put sufficient pressure on them to deliver messaging and UI to obtain a user's active preference? I am not yet convinced this is the right approach, but it seemed to be what Aleecia was going to be putting on the agenda, so it at least seemed worthwhile to get some discussion started around the idea. > Thank you, > Shane > > -----Original Message----- > From: Justin Brookman [mailto:justin@cdt.org] > Sent: Tuesday, June 05, 2012 8:09 AM > To: public-tracking@w3.org > Subject: Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance] > > > On 6/5/2012 11:53 AM, Dobbs, Brooks wrote: >> Hi Rigo, >> >> So a little follow-up: >> >> >>> Rob (Article 29 WP) suggested to have a selection screen at first >>> startup. After all the noise about the defaults, can we assume that >>> using a certain browser means sending DNT;1? >> No. We can't. This is the same point I raised with Justin. With no >> disrespect to the hard work this group does, DNT really just isn't top of >> mind share for Joe Consumer and is exceedingly unlikely to be the primary >> motivation for choosing a browser and/or reflect his/her personal preference >> on DNT. Realistically would anyone ever choose browser A over 3 primary >> competitors because it had DNT by default where the others made me go >> through Preferences->Privacy->DNT? Doesn't it generally take more than 3 >> clicks to install/switch to a new browser? > Even if a user does not *choose* a browser because DNT is enabled by > default, the user may well be *aware* that DNT is turned on by default. > Or the user might go to turn on DNT and notice that it was already > checked. The ad network is never going to know what the user's > knowledge and intent is in any case. For this reason, I believe ad > networks should respect the signal regardless. Assuming that the group > wants to ensure that users knowingly choose to transmit the DNT signal, > wouldn't it make more sense to put the burden on the implementing > browsers? This would give the browsers an affirmative responsibility to > conform to the specifications in the standard and would prevent a > situation where all third parties are making subjective determinations > about user intent and the legitimacy of any particular UI. > > > >
Received on Tuesday, 5 June 2012 15:57:26 UTC