- From: Justin Brookman <justin@cdt.org>
- Date: Tue, 05 Jun 2012 12:45:25 -0400
- CC: public-tracking@w3.org
- Message-ID: <4FCE37A5.6090307@cdt.org>
For purposes of argument, substitute NACK with a different response header for "Invalid User Agent" or "Non-Compliant User Agent"that Shane suggested. Justin Brookman Director, Consumer Privacy Center for Democracy& Technology 1634 I Street NW, Suite 1100 Washington, DC 20006 tel 202.407.8812 fax 202.637.0969 justin@cdt.org http://www.cdt.org @CenDemTech @JustinBrookman On 6/5/2012 12:29 PM, Rigo Wenning wrote: > Justin, > > I have concerns that some of the assumptions underlying certain > argumentations will not hold in front of central principles of law. > Unless there is buy-in. > > Sending a DNT;1 header is an expression of a preference. But this > expression can not force the service to do anything without > violating the freedom of contract. And W3C is no legislator. If a > law said, on reception of DNT;1 you have to do what is written down > in the W3C compliance specification, that would be different. But > this would only count for the jurisdiction the law was made for. > > So a service can _always_ ignore a DNT signal. Now I hear the > saying: "They claimed compliance". But compliance to what? That > their entire site is honoring DNT? What about if I'm logged in to > W3C services? They must track me because of the ACL. Consequence: I > get an NACK. And rightly so. But if the service issues an NACK, it > does not make a misleading statement anymore. Because the service > does not claim to honor DNT;1 and doesn't. And if we accept the user > sending DNT;1 as an expression, we also have to accept NACK as an > expression. Whether from a pure wording we then tell that after > sending NACK a service is not "dnt-compliant" anymore is a matter of > terminology, branding, campaigning etc. But the NACK would have to > be defined in the Specification. And if a service is acting > according to that Specification, I wonder how we could still say it > is "not compliant". > > So I say, with defaults or without, you can't force a service to > honor DNT;1 until they've sent you an ACK! If we violate this basic > principle, I will start to send contracts to all those in favor of > the violation of that principle and request that they do what I have > written down in the contract. > > Is getting a NACK on a DNT;1 the end of the world? No! The browser > knows now that the service is not willing to apply DNT;1 rules and > can react accordingly. I can show you in Seattle what that > potentially can mean. I would e.g. hope that the browser-bundle > would start TOR on demand for that situation. > > I maintain, nearly every server, except perhaps dedicated tracking > servers, has areas where user tracking is part of the necessity to > provide the service. We need an NACK for that anyway. > > Rigo > > On Tuesday 05 June 2012 11:54:28 Justin Brookman wrote: >> The >> ad net would send back a NACK signal . . . and then what? There >> would be no way to reset the DNT mechanism to say "yes, I really >> mean this" on a persistent basis. Effectively, any "compliant" >> third party will have the ability to refuse to ever acknowledge >> any DNT:1 signal coming from a UA that it unilaterally deems out >> of compliance. They may be some transparency around that >> refusal, but no ability for the user to redeem the faults of the >> UI. And then what would the UA do in this conundrum? Block >> communications to servers that report back that they're ignoring >> its DNT signal? I do not think this is an optimal result. >
Received on Tuesday, 5 June 2012 16:45:56 UTC