Re: Today's call: summary on user agent compliance

With all due respect, I think you've already heard from a number of
companies that they will not honor such a signal. The question at hand is
not whether or not that should be allowed -- the W3C has no power to force
a company to honor DNT -- but rather how that company's decision should be
signaled. (Similarly the W3C has no power to say what MS can or can't do in
IE10. We can declare whether or not the specification allows it, but it's
up to MS whether they wish to be compliant with the specification.)

As for whether DNT becomes a norm users expect, I'm not sure I buy the
notion that it will be either respected by all websites or sent by all
users. Who knows what will happen? I have no doubt that there may be
websites that find the overall DNT specification too onerous and decide not
to implement it, but may still take (hopefully positive) actions based on
the user preference they see in the form of a DNT header.

-Ian

On Wed, Jun 6, 2012 at 10:57 PM, Jeffrey Chester
<jeff@democraticmedia.org>wrote:

> The W3c should not sanction the punishing of consumers who use a browser
> or user agent that has publicly declared that DNT is the default.  No
> mechanism that enables a site to reject the DNT signal from a user agent
> that has publicly declared it is offering it as a default should be
> adopted. DNT is also likely to become a norm users expect. I assume brands
> that ignore such requests will find themselves in the privacy spotlight. I
> can imagine that many advertisers will add to their own brand safe
> protection lists the need for a site to honor DNT.
>
>
>
> On 07 Jun 2012, at 12:01 AM, Ian Fette (イアンフェッティ) <ifette@google.com>
> wrote:
>
> Mike,
>
> The discussion on that part largely revolved around what sites an option
> has when it receives a request that, for whatever reason, it believes
> doesn't meet the bar. We've said from the beginning that no one is forcing
> sites to implement DNT (or browsers for that matter). We are coming up with
> a specification for what DNT means, we have no power to force anyone to use
> the specification. The question came up something along the lines of "So,
> what happens if I get a request from an IE10 user with DNT:1, what options
> do I as a site have?".
>
> There's some people in the working group who felt that if you as a site
> support DNT, then you must support it when you see DNT:1 and you have no
> business second-guessing the UI decisions made by the browser or the level
> of compliance of the browser. You see DNT:1, you do your DNT:1 thing,
> whatever that means.
>
> There's other people in the working group, myself included, who feel that
> since you are under no obligation to honor DNT in the first place (it is
> voluntary and nothing is binding until you tell the user "Yes, I am
> honoring your DNT request") that you already have an option to reject a
> DNT:1 request (for instance, by sending no DNT response headers). The
> question in my mind is whether we should provide websites with a mechanism
> to provide more information as to why they are rejecting your request, e.g.
> "You're using a user agent that sets a DNT setting by default and thus I
> have no idea if this is actually your preference or merely another large
> corporation's preference being presented on your behalf." Given that DNT is
> optional and the only regulatory hooks are what you sign up for and say
> you're going to do, someone suggested what Aleecia paraphrased in her
> email, "we comply with the W3C DNT specification except we ignore
> non-compliant user agents.". E.g. the site determining what amount of DNT
> compliance it wishes to claim and under what circumstances. Perhaps we go
> beyond there, perhaps we don't, who knows, but that was where the
> discussion started to go.
>
> -Ian
>
> On Wed, Jun 6, 2012 at 7:19 PM, Mike Zaneis <mike@iab.net> wrote:
>
>> I was not on the call today because I was with Marc and others at the CFA
>> conference, so I'd love to hear more about this potential new publisher
>> requirement. If they are outside of the Spec then why would they have any
>> response obligation?  Happy to learn more about the initial discussion.
>>
>> Mike Zaneis
>> SVP & General Counsel, IAB
>> (202) 253-1466
>>
>> On Jun 6, 2012, at 10:06 PM, "Aleecia M. McDonald" <aleecia@aleecia.com>
>> wrote:
>>
>> >
>> > On Jun 6, 2012, at 3:00 PM, David Singer wrote:
>> >
>> >>
>> >> On Jun 6, 2012, at 11:48 , Aleecia M. McDonald wrote:
>> >>
>> >>> We did NOT hear a view that the specification should require
>> publishers to honor DNT:1 signals from non-compliant User Agents.
>> >>
>> >> I think that I have consistently argued that when the two ends adhere
>> to the protocol (i.e. their expression and responses are correct), then
>> it's non-compliant to do other than the protocol requires, both in email
>> and on the call.
>> >>
>> >> You might have good reason.  But it's still not compliant.  I sent you
>> "Please do X", and you replied "No, I won't, I don't believe you."  I don't
>> think you can describe that as *compliant*.  You might think it *justified*.
>> >>
>> >> Note well that this goes as much for servers claiming compliance and
>> expecting to be treated as compliant, when in fact they implement something
>> else (e.g. "do not target"). What is sauce for the goose is sauce for the
>> gander, as they say, and if we write anything about one, we should write
>> about both.
>> >
>> > To follow up on this, which is all a good capture of discussion, there
>> was talk of publishers noting in a privacy policy "we comply with the W3C
>> DNT specification except we ignore non-compliant user agents." We did not
>> talk that all through. There is a lot more to talk about here, actually. We
>> did make a good start getting into it; more to go.
>> >
>> >    Aleecia
>>
>>
>

Received on Thursday, 7 June 2012 06:11:04 UTC