Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance] from Rigo Wenning on 2012-06-05 (public-tracking@w3.org from June 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 05 Jun 2012 18:29:29 +0200
To: public-tracking@w3.org
Cc: Justin Brookman <justin@cdt.org>
Message-ID: <2241168.EdQ3n3o2ja@hegel.sophia.w3.org>

Justin, 

I have concerns that some of the assumptions underlying certain 
argumentations will not hold in front of central principles of law. 
Unless there is buy-in. 

Sending a DNT;1 header is an expression of a preference. But this 
expression can not force the service to do anything without 
violating the freedom of contract. And W3C is no legislator. If a 
law said, on reception of DNT;1 you have to do what is written down 
in the W3C compliance specification, that would be different. But 
this would only count for the jurisdiction the law was made for.

So a service can _always_ ignore a DNT signal. Now I hear the 
saying: "They claimed compliance". But compliance to what? That 
their entire site is honoring DNT? What about if I'm logged in to 
W3C services? They must track me because of the ACL. Consequence: I 
get an NACK. And rightly so. But if the service issues an NACK, it 
does not make a misleading statement anymore. Because the service 
does not claim to honor DNT;1 and doesn't. And if we accept the user 
sending DNT;1 as an expression, we also have to accept NACK as an 
expression. Whether from a pure wording we then tell that after 
sending NACK a service is not "dnt-compliant" anymore is a matter of 
terminology, branding, campaigning etc. But the NACK would have to 
be defined in the Specification. And if a service is acting 
according to that Specification, I wonder how we could still say it 
is "not compliant".

So I say, with defaults or without, you can't force a service to 
honor DNT;1 until they've sent you an ACK! If we violate this basic 
principle, I will start to send contracts to all those in favor of 
the violation of that principle and request that they do what I have 
written down in the contract. 

Is getting a NACK on a DNT;1 the end of the world? No! The browser 
knows now that the service is not willing to apply DNT;1 rules and 
can react accordingly. I can show you in Seattle what that 
potentially can mean. I would e.g. hope that the browser-bundle 
would start TOR on demand for that situation.

I maintain, nearly every server, except perhaps dedicated tracking 
servers, has areas where user tracking is part of the necessity to 
provide the service. We need an NACK for that anyway.

Rigo

On Tuesday 05 June 2012 11:54:28 Justin Brookman wrote:
> The 
> ad net would send back a NACK signal . . . and then what?  There
> would  be no way to reset the DNT mechanism to say "yes, I really
> mean this" on a persistent basis.  Effectively, any "compliant"
> third party will have the ability to refuse to ever acknowledge
> any DNT:1 signal coming from a UA that it unilaterally deems out
> of compliance.  They may be some transparency around that
> refusal, but no ability for the user to redeem the faults of the
> UI.  And then what would the UA do in this conundrum? Block
> communications to servers that report back that they're ignoring
> its DNT signal?  I do not think this is an optimal result.

Received on Tuesday, 5 June 2012 16:30:02 UTC