Re: Today's call: summary on user agent compliance from Rigo Wenning on 2012-06-08 (public-tracking@w3.org from June 2012)

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 08 Jun 2012 21:44:50 +0200
To: public-tracking@w3.org
Cc: "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>
Message-ID: <5237309.GTrWUcI7aX@hegel.sophia.w3.org>

Brooks, 

I agree. A server can't know whether a UA has obtained a user's 
willful interaction to set some DNT status. Even for the browser who 
announced a default you can't know. Because weirdos like me may have 
altered the settings. And in this case even this browser defaulting 
to DNT:1 is compliant. 

The server sees a DNT:1 on the wire. It can decide to follow that 
and send an ACK. It can decide to not respond and it can decide to 
send NACK. But having browser sniffing determine whether a request 
is compliant is adventurous at best. 

So a service having too many DNT:1 requests will be inventive and do 
advertisement without tracking. Or it will block those users with 
DNT:1 by sending exception requests. 

I personally do NOT believe that a server can determine compliance 
of a header that is well formed and comes down the pipe. We can only 
exclude those user agents that can't even handle exceptions and are 
purely injecting DNT:1 strings into every TCP/IP traffic. And we can 
call them out. A server, if a suspicion exists, can probe with an 
exception call. 

Rigo

On Friday 08 June 2012 15:27:06 Dobbs, Brooks wrote:
> I think the problem is that compliance is based on both sides
> ability to honor user preference.  If one side forges user
> preference, and the other side can correctly only be compliant by
> acting on actual user preference, there is an untenable
> situation.  Where a UA sends a well formed header absent having
> obtained a preference from the user, the recipient server will
> always be forced into non-compliance, no matter which action it
> takes.
> 
> Two cases come to mind:
> 1. If a UA sends a DNT:1 by default, AND this is truly the
> preference of the user, if the server fails to respond
> accordingly to DNT:1  then arguably compliance has not been
> achieved.
> 2. If, conversely, a server honors a well formed DNT:1 set by a
> vendor or intermediary, absent such being the actual preference
> of the the user, again preference has not been honored and
> compliance not maintained.
> 
> There is a no-win compliance situation for the server no matter
> which way it goes.  Starting from the position that each user
> preference is not equally as valid is damaging.
>

Received on Friday, 8 June 2012 19:45:16 UTC