- From: Dobbs, Brooks <brooks.dobbs@kbmg.com>
- Date: Fri, 08 Jun 2012 15:27:06 -0500
- To: Justin Brookman <jbrookman@cdt.org>, <public-tracking@w3.org>
- Message-ID: <CBF7CA4A.1709%brooks.dobbs@kbmg.com>
I think the problem is that compliance is based on both sides ability to honor user preference. If one side forges user preference, and the other side can correctly only be compliant by acting on actual user preference, there is an untenable situation. Where a UA sends a well formed header absent having obtained a preference from the user, the recipient server will always be forced into non-compliance, no matter which action it takes. Two cases come to mind: 1. If a UA sends a DNT:1 by default, AND this is truly the preference of the user, if the server fails to respond accordingly to DNT:1 then arguably compliance has not been achieved. 2. If, conversely, a server honors a well formed DNT:1 set by a vendor or intermediary, absent such being the actual preference of the the user, again preference has not been honored and compliance not maintained. There is a no-win compliance situation for the server no matter which way it goes. Starting from the position that each user preference is not equally as valid is damaging. -Brooks On 6/8/12 7:59 AM, "Justin Brookman" <jbrookman@cdt.org> wrote: > I'm pretty sure no one is saying that a site should be non-compliant by > failing to second-guess the user agent. There is nothing in any of the drafts > today that would render you non-compliant by honoring a DNT:1 header from a > browser that set DNT:1 by default. > > DNT was always intended to be a global solution. I do not see the point in > rewriting the standard to allow for third parties to state that they kind of > follow DNT. If some third party wants to try that outside of the standard, > they can obviously do so, but we should not facilitate an outcome that runs > contrary to the very purpose of DNT. >> >> From: Chris Pedigo [mailto:CPedigo@online-publishers.org] >> To: Rigo Wenning [mailto:rigo@w3.org] >> Cc: Jonathan Mayer [mailto:jmayer@stanford.edu], ifette@google.com >> [mailto:ifette@google.com], Bjoern Hoehrmann [mailto:derhoermi@gmx.net], >> David Singer [mailto:singer@apple.com], public-tracking@w3.org >> (public-tracking@w3.org) [mailto:public-tracking@w3.org] >> Sent: Fri, 08 Jun 2012 07:54:00 -0400 >> Subject: Re: Today's call: summary on user agent compliance >> >> Question - if a site decides to honor any and all DNT:1 signals, regardless >> of whether the browser is non-compliant because it set DNT on by default, >> would the site be in non-compliance? >> >> >> >> On Jun 8, 2012, at 5:21 AM, "Rigo Wenning" <rigo@w3.org> wrote: >> >>> > Jonathan, >>> > >>> > I had private exchanges with David about this and I think we are >>> > talking past each other. You mean one can't brand "We do DNT" into >>> > consumer's faces and then reject each and every DNT:1 request with >>> > an NACK-header. And this is a valid point. BTW, your browser can >>> > react on NACK by starting tor. I would love to see such intelligent >>> > browsers and browser extensions. >>> > >>> > Ian and I mean, on the wire, it is better that you know someone is >>> > rejecting your DNT preference. >>> > >>> > The problem is the assertion "We do DNT" as a marketing statement. >>> > As we can define everything, we can also define when we allow people >>> > to make that statement. Or even make a different (better) statement, >>> > like "We honor your tracking preference". If you want to make it >>> > enforceable, you would make a statement like "we honor the W3C >>> > tracking preference statement". Then I can even enforce it (if I get >>> > a budget for that). >>> > >>> > But I don't think by sending DNT:1 to some data graveyard from the >>> > nineties that is still online, you'll get anything honored in >>> > anyway. And you can't force that either. >>> > >>> > Rigo >>> > P.S. This is actually an instance of the supermarket problem that >>> > already haunted the PrimeLife and the PRIME project for those who >>> > know. Those who want to know can contact me off-list. >>> > >>> > >>> > On Friday 08 June 2012 01:05:00 Jonathan Mayer wrote: >>>> >> Ian, >>>> >> >>>> >> I'm gravely disappointed to hear you expressing the view, one year >>>> >> into this process, that third-party websites might just >>>> >> unilaterally renegotiate the W3C's Do Not Track standard >>>> >> post-ratification. That cuts against the cooperative spirit of >>>> >> these productive discussions, and I trust it is not Google's >>>> >> position. >>>> >> >>>> >> At any rate, I believe your view is misguided. Third-party >>>> >> websites are, to be sure, under no binding obligation to comply >>>> >> with the W3C's Do Not Track standard. But there are myriad >>>> >> reasons for companies to comply with the W3C specification, >>>> >> including growing pressures from users, policymakers, and the >>>> >> media. Moreover, if a company claims to support Do Not Track and >>>> >> it doesn't, it'll have to deal with the Federal Trade Commission >>>> >> and other law enforcement agencies. I should hope Google in >>>> >> particular appreciates the ramifications of incorrectly claiming >>>> >> to comply with a browser's default privacy setting. It's no >>>> >> coincidence that industry participants in the working group have >>>> >> a strong preference to develop consensus on this issue. >>>> >> >>>> >> Jonathan >>>> >> >>>> >> On Thursday, June 7, 2012 at 9:25 PM, Ian Fette (イアンフェッティ) wrote: >>>>> >>> A site is already under no obligation to conform to DNT. Would >>>>> >>> you rather have the user be clear that their request is being >>>>> >>> ignored, or left to wonder? >>>>> >>> >>>>> >>> -Ian >>>>> >>> >>>>> >>> On Thu, Jun 7, 2012 at 6:10 PM, Bjoern Hoehrmann >>> > <derhoermi@gmx.net (mailto:derhoermi@gmx.net)> wrote: >>>>>> >>>> * Rigo Wenning wrote: >>>>>>> >>>>> [...] >>>>>> >>>> >>>>>> >>>> Are you proposing that saying "I ignore your tracking >>>>>> >>>> preferences" is all it should take to conform to the DNT >>>>>> >>>> specifications? -- >>>>>> >>>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · >>>>>> >>>> http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: >>>>>> >>>> +49(0)160/4415681 (tel:%2B49%280%29160%2F4415681) · >>>>>> >>>> http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. >>>>>> >>>> KeyID: 0xA4357E78 · http://www.websitedev.de/ >>> > >>> > > -- Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com brooks.dobbs@kbmg.com This email – including attachments – may contain confidential information. If you are not the intended recipient, do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.
Attachments
- image/png attachment: image.png
Received on Friday, 8 June 2012 19:27:42 UTC