Re: Today's call: summary on user agent compliance

I think the problem is that compliance is based on both sides ability to
honor user preference.  If one side forges user preference, and the other
side can correctly only be compliant by acting on actual user preference,
there is an untenable situation.  Where a UA sends a well formed header
absent having obtained a preference from the user, the recipient server will
always be forced into non-compliance, no matter which action it takes.

Two cases come to mind:
1. If a UA sends a DNT:1 by default, AND this is truly the preference of the
user, if the server fails to respond accordingly to DNT:1  then arguably
compliance has not been achieved.
2. If, conversely, a server honors a well formed DNT:1 set by a vendor or
intermediary, absent such being the actual preference of the the user, again
preference has not been honored and compliance not maintained.

There is a no-win compliance situation for the server no matter which way it
goes.  Starting from the position that each user preference is not equally
as valid is damaging.

-Brooks


On 6/8/12 7:59 AM, "Justin Brookman" <jbrookman@cdt.org> wrote:

> I'm pretty sure no one is saying that a site should be non-compliant by
> failing to second-guess the user agent.  There is nothing in any of the drafts
> today that would render you non-compliant by honoring a DNT:1 header from a
> browser that set DNT:1 by default.
> 
> DNT was always intended to be a global solution.  I do not see the point in
> rewriting the standard to allow for third parties to state that they kind of
> follow DNT.  If some third party wants to try that outside of the standard,
> they can obviously do so, but we should not facilitate an outcome that runs
> contrary to the very purpose of DNT.
>> 
>> From: Chris Pedigo [mailto:CPedigo@online-publishers.org]
>> To: Rigo Wenning [mailto:rigo@w3.org]
>> Cc: Jonathan Mayer [mailto:jmayer@stanford.edu], ifette@google.com
>> [mailto:ifette@google.com], Bjoern Hoehrmann [mailto:derhoermi@gmx.net],
>> David Singer [mailto:singer@apple.com], public-tracking@w3.org
>> (public-tracking@w3.org) [mailto:public-tracking@w3.org]
>> Sent: Fri, 08 Jun 2012 07:54:00 -0400
>> Subject: Re: Today's call: summary on user agent compliance
>> 
>> Question - if a site decides to honor any and all DNT:1 signals, regardless
>> of whether the browser is non-compliant because it set DNT on by default,
>> would the site be in non-compliance?
>> 
>> 
>> 
>> On Jun 8, 2012, at 5:21 AM, "Rigo Wenning" <rigo@w3.org> wrote:
>> 
>>> > Jonathan, 
>>> > 
>>> > I had private exchanges with David about this and I think we are
>>> > talking past each other. You mean one can't brand "We do DNT" into
>>> > consumer's faces and then reject each and every DNT:1 request with
>>> > an NACK-header. And this is a valid point. BTW, your browser can
>>> > react on NACK by starting tor. I would love to see such intelligent
>>> > browsers and browser extensions.
>>> > 
>>> > Ian and I mean, on the wire, it is better that you know someone is
>>> > rejecting your DNT preference.
>>> > 
>>> > The problem is the assertion "We do DNT" as a marketing statement.
>>> > As we can define everything, we can also define when we allow people
>>> > to make that statement. Or even make a different (better) statement,
>>> > like "We honor your tracking preference". If you want to make it
>>> > enforceable, you would make a statement like "we honor the W3C
>>> > tracking preference statement". Then I can even enforce it (if I get
>>> > a budget for that).
>>> > 
>>> > But I don't think by sending DNT:1 to some data graveyard from the
>>> > nineties that is still online, you'll get anything honored in
>>> > anyway. And you can't force that either.
>>> > 
>>> > Rigo
>>> > P.S. This is actually an instance of the supermarket problem that
>>> > already haunted the PrimeLife and the PRIME project for those who
>>> > know. Those who want to know can contact me off-list.
>>> > 
>>> > 
>>> > On Friday 08 June 2012 01:05:00 Jonathan Mayer wrote:
>>>> >> Ian,
>>>> >> 
>>>> >> I'm gravely disappointed to hear you expressing the view, one year
>>>> >> into this process, that third-party websites might just
>>>> >> unilaterally renegotiate the W3C's Do Not Track standard
>>>> >> post-ratification.  That cuts against the cooperative spirit of
>>>> >> these productive discussions, and I trust it is not Google's
>>>> >> position.
>>>> >> 
>>>> >> At any rate, I believe your view is misguided.  Third-party
>>>> >> websites are, to be sure, under no binding obligation to comply
>>>> >> with the W3C's Do Not Track standard.  But there are myriad
>>>> >> reasons for companies to comply with the W3C specification,
>>>> >> including growing pressures from users, policymakers, and the
>>>> >> media.  Moreover, if a company claims to support Do Not Track and
>>>> >> it doesn't, it'll have to deal with the Federal Trade Commission
>>>> >> and other law enforcement agencies.  I should hope Google in
>>>> >> particular appreciates the ramifications of incorrectly claiming
>>>> >> to comply with a browser's default privacy setting.  It's no
>>>> >> coincidence that industry participants in the working group have
>>>> >> a strong preference to develop consensus on this issue.
>>>> >> 
>>>> >> Jonathan
>>>> >> 
>>>> >> On Thursday, June 7, 2012 at 9:25 PM, Ian Fette (イアンフェッティ) wrote:
>>>>> >>> A site is already under no obligation to conform to DNT. Would
>>>>> >>> you rather have the user be clear that their request is being
>>>>> >>> ignored, or left to wonder?
>>>>> >>> 
>>>>> >>> -Ian
>>>>> >>> 
>>>>> >>> On Thu, Jun 7, 2012 at 6:10 PM, Bjoern Hoehrmann
>>> > <derhoermi@gmx.net (mailto:derhoermi@gmx.net)> wrote:
>>>>>> >>>> * Rigo Wenning wrote:
>>>>>>> >>>>> [...]
>>>>>> >>>> 
>>>>>> >>>> Are you proposing that saying "I ignore your tracking
>>>>>> >>>> preferences" is all it should take to conform to the DNT
>>>>>> >>>> specifications? --
>>>>>> >>>> Björn Höhrmann · mailto:bjoern@hoehrmann.de ·
>>>>>> >>>> http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon:
>>>>>> >>>> +49(0)160/4415681 (tel:%2B49%280%29160%2F4415681) ·
>>>>>> >>>> http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub.
>>>>>> >>>> KeyID: 0xA4357E78 · http://www.websitedev.de/
>>> > 
>>> > 
> 

-- 

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
brooks.dobbs@kbmg.com



This email – including attachments – may contain confidential information.
If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message.