- From: Peter Cranstone <peter.cranstone@gmail.com>
- Date: Mon, 11 Jun 2012 09:30:20 -0600
- To: Roy T. Fielding <fielding@gbiv.com>
- Cc: public-tracking@w3.org
- Message-Id: <A73570A8-5969-4C65-9CBF-55950063356A@gmail.com>
> Somebody tests the browser and says it is broken. We add logic > to the server to move the invalid value out of the way based on > the presence of a variable, and then a BrowserMatch directive to > set the variable based on User-Agent pattern. I believe you know > how that works. Yep I know how to do that. It¡¯s going to require a whole new Apache module: mod-see-if-this-request-is-from-a-browser-that-might-be-on-a-blacklist-because-someone-thinks-it-isn't-doing-something-right.so Should be a piece of cake to build, debug, and then keep updated across every Apache and IIS server. ¡¦and any copy of Apache in the whole world who does NOT have this ¡°new module¡± installed is also, itself, immediately non-compliant with the DNT standard and subject to financial penalties in places like Europe? > It is all optional, and no I am not asking them to do it. IE is. Ah, the ¡°optional¡± get of jail free card. And while we¡¯re on the subject of accusing IE of being non compliant you might as well add all the other browsers to that list. The default ¡°Choice¡± is being made for you, which is one of ¡°track away¡±. Let me explain. In the absence of a pop-up during the install which gives the user the choice of either to be tracked or not, the default is to NOT set a header which is the functional equivalent of setting a DNT:0 (maybe that¡¯s why no current browser even allows you to set a header of DNT:0). In essence without a huge marketing campaign and a pop-up the default is to track. It¡¯s looking like Microsoft did the right thing for once and thought about protecting the consumer. But again it¡¯s all optional. > The same way HTTP works on mobile. Well HTTP does work on mobile. What doesn¡¯t work on mobile very well is JavaScript. So get ready to test and debug any JavaScript you¡¯re using to support DNT on a mobile device. > I don't think the user will be surprised when a site tells them that > their new user agent is not standards-compliant and will not be > treated as such. Again I come back to the ¡°How¡±. Think UI on a 4¡± screen. Also what about sight impaired people. Are we just writing them off with confusing pop-ups on their mobile devices because they can¡¯t see correctly. The amount of work that is going to have to take place on the server is staggering. And in countries where compliance has financial penalties there¡¯s going to be huge pressure to ensure that your code is up to spec. Peter ___________________________________ Peter J. Cranstone Contact information (Email is fastest) ____________________________________ Email: peter.cranstone@gmail.com Phone: (00 +1) 720.663.1752 On Jun 9, 2012, at 5:06 PM, Roy T. Fielding wrote: > On Jun 9, 2012, at 10:13 AM, Peter Cranstone wrote: > >>>> I think you are missing the point. The DNT signals do not matter if >>>> the UA's implementation is broken. >> >> How do you determine that in real time? > > I don't need to. > >> Exactly what information arrives >> so the Web server understands it©ös broken? > > Somebody tests the browser and says it is broken. We add logic > to the server to move the invalid value out of the way based on > the presence of a variable, and then a BrowserMatch directive to > set the variable based on User-Agent pattern. I believe you know > how that works. > >>>> A site can choose to do anything >>>> it wants, including denying all service, provided that what it chooses >>>> to do is consistent with other claims it has made to this user. >> >> How does it communicate this to the user? > > However it likes. It is a server, after all. > >>>> If the service has the ability to supply or overlay content on >>>> the page, it might go further and render a piece of content that >>>> informs the user that they are using a non-compliant browser, >>>> along with a link to a hypertext page that describes an opt-out >>>> mechanism that is not subject to browser bugs, along with pointers >>>> to browsers that aren't so buggy. >> >> You're not serious right? Your asking vendors to write code to determine >> whether or not the browser has bugs, is sending a non compliant UA and >> then asking them to add all of that into a page for the user to read. And >> BTW you should download a browser that works? > > It is all optional, and no I am not asking them to do it. IE is. > >> Exactly how does all of this work on mobile? > > The same way HTTP works on mobile. > >>>> All that is needed is a choice made by the user (not the OS >>>> vendor, the browser vendor, nor the sysadmin installing the OS). >>>> That's not a high bar. >> >> Again how do you know? All the server sees is DNT=1 Are you now going to >> ask them to run a quick check against all the known UA©ös for good >> browsers. >> >>>> DNT is already defined as >>>> an expression of the user's choice. If a UA decides to send the >>>> header field without a user choice, then it is lying to the server. >> >> Your server just received DNT=1 How do you know if the header was sent >> without the users choice? > > It doesn't matter. The site does not support that UA, period. > Sites are under no obligation to support broken user agents. > >> All Joe Public is going to do is go to his browser privacy setting, turn >> on ©øTell Web Sites to Not Track Me©÷ and EXPECT them to comply. Can you >> imagine his surprise when he finds out that nothing is further from the >> truth, that his browser is broken, the site has decided not to honor DNT >> and oh yes, his header never turned up there because it got stripped out >> along the way. > > I don't think the user will be surprised when a site tells them that > their new user agent is not standards-compliant and will not be > treated as such. > > ....Roy > > >
Received on Monday, 11 June 2012 15:30:54 UTC