Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance]

I support what David said. I agree that the existing consensus should 
still be valid and that there is no need to revisit it.

I strongly disagree on Shane's suggestion that we should change the spec 
and advise servers to consider a DNT;1 or DNT;0 (valid DNT setting) as 
DNT;unset, if they think the UA making the request is "misbehaving" 
according to the spec.

Even if we cannot assume that using a UA with DNT;1 default necessarily 
means that the user chose the UA because of this privacy-by-default 
setting, we neither can assume that the setting does not reflect the the 
preference of a significant number of users. Maybe they chose the UA 
because of advertising as privacy-enhancing, maybe they opted-in and 
then opted-out again. Neither we nor the server may know. By sending a 
response "Non-Compliant User Agent" we would knowingly disregard the 
preference of these users. When we are talking about IE10 this would be 
a large number of users. Confronting them with a response like that 
would make an awful impression not only for the the responding first 
party and the UA but also for the whole DNT recommendation.

Affronting users in this way, wether the default is congruent with their 
preference or not, would be the worst possible outcome imho.

If a site chooses to answer with a NACK signal, it is up to them (what 
impact this does have on their claimed DNT compliance is another topic), 
but we should not advise them to do so in the spec.

I think this conflict shows once again that the user needs to get a 
clear answer by the server wether his DNT signal (of which he may not be 
aware) is honored.

Ninja

Am 05.06.2012 21:20, schrieb David Singer:
>
> On Jun 5, 2012, at 8:53 , Dobbs, Brooks wrote:
>
>>
>> Hi Rigo,
>>
>> So a little follow-up:
>>
>>
>>> Rob (Article 29 WP) suggested to have a selection screen at first
>>> startup. After all the noise about the defaults, can we assume that
>>> using a certain browser means sending DNT;1?
>>
>> No. We can't.  This is the same point I raised with Justin.  With no
>> disrespect to the hard work this group does, DNT really just isn't top of
>> mind share for Joe Consumer and is exceedingly unlikely to be the primary
>> motivation for choosing a browser and/or reflect his/her personal preference
>> on DNT.  Realistically would anyone ever choose browser A over 3 primary
>> competitors because it had DNT by default where the others made me go
>> through Preferences->Privacy->DNT?  Doesn't it generally take more than 3
>> clicks to install/switch to a new browser?
>>
>
>
> I don't want to defend on-by-default in general, but I do think Roy's example of browsers that are specifically marketed as being 'privacy enhanced' is not a complete fantasy.  I think it quite possible someone will write and market such a browser, which takes various measures to enhance privacy, such as reducing fingerprinting capability, turning on DNT, using HTTPS whenever possible, being careful with traces kept locally (e..g history lists), maybe even using TOR when using a service that might records history, and so on.
>
> So, I think the compromise position we reached is a good one (that admits this possibility in special-purpose browsers), and I don't think the existence of a product that steps outside that compromise should make us revisit it.
>
> David Singer
> Multimedia and Software Standards, Apple Inc.
>
>

-- 

Ninja Marnau
mail: NMarnau@datenschutzzentrum.de - http://www.datenschutzzentrum.de
Telefon: +49 431/988-1285, Fax +49 431/988-1223
Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein
Independent Centre for Privacy Protection Schleswig-Holstein

Received on Wednesday, 6 June 2012 08:52:37 UTC