Today's call: summary on user agent compliance

[Reminder: a user agent is not just a web browser. We are long-since agreed that user agents can be a plug in, add on, or a mobile phone OS sending a signal to applications. There may be other contexts we have not even imagined. But we are not just talking about 5, or even 20, web browsers when we discuss user agents.] 

Since user agent defaults are such an important issue for so many TPWG participants, I wanted to write down what I think I heard on the call today. If you disagree with this as an account of what happened (not what you _want_ for the outcome, but what actually occurred) then please correct me right here on the mailing list. 

(0) Today we created a new issue-151 that considers if a user agent must be able to handle receiving an exception to be compliant. An interesting issue from Rigo, and one we did not discuss today: we will discuss this in the future. This is currently listed as a TPE issue but cuts across both documents, so do not be surprised to hear me take it up.

(1) Today we reaffirmed the group consensus that a user agent MUST NOT set a default of DNT:1 or DNT:0, unless the act of selecting that user agent is itself a choice that expresses the user's preference for privacy. In all cases, a DNT signal MUST be an expression of a user's preference.
	Action item on Aleecia to re-work some of the existing text here, including non-normative discussion that a UA may elect to provide user choice at installation (action-210.) Normal process here: We will review the text as a group. Once approved, the Compliance editors will add it to the Compliance draft.

	Implication A: Microsoft IE, as a general purpose user agent, will not be able to claim compliance with DNT once we have a published W3C Recommendation. As a practical matter they can continue their current default settings, since DNT is a voluntary standard in the first place. But if they claim to comply with the W3C Recommendation and do not, that is a matter the FTC (and others) can enforce.

	Implication B: AVG, as an anti-virus package and much more, may or may not count as a users' expression of privacy. We are still discussing this which leads to...

(2) Today we did not agree what threshold "counts" for a user expressing a privacy preference while selecting a user agent. We heard a variety of views and thresholds proposed. The conversation ended with:
	Action item on Ian to write text with his proposal (action-212)
	Action item on Justin to write text with his proposal (action-211)

Again as normal, those two texts will come before the group, we'll discuss them and make any revisions, and then with the final texts in hand we will reach a consensus decision.

(3) Today we discussed, but did not agree upon, what role the specification does or does not have in dealing with a non-compliant user agent. We still have more to talk about here to make sure we all understand the full decision space. We heard two views:
	- The specification should be silent
	- The specification should detail how a publisher receiving a DNT signal from a non-compliant User Agent can signal to the user that the publisher it is not going to honor it

We did NOT hear a view that the specification should require publishers to honor DNT:1 signals from non-compliant User Agents.

There was a great deal of very interesting discussion here, some quite subtle, some rather blunt. :-) We will discuss this further, including here on the dlist, and I expect we are not too far away from another set of action items to write texts. Anyone who missed the call today might care to refer to the minutes so we do not duplicate conversations when we take this up again in the future. Speaking of, thank you again to hwest for great scribing during a busy meeting.

Also, my thanks to all participants on the call today for a productive tone. Let us please continue our productive tone in all discussions as we move forward. 

	Aleecia

Received on Wednesday, 6 June 2012 18:48:41 UTC