Re: Today's call: summary on user agent compliance

Nick,

Question: How do you know if this is 'truly the preference of the user'?

For example
1. I install Windows 8 and MSIE sends the DNT:1 header by default.
2. I install Firefox 12 or 13 and then turn on DNT:1
What's the difference that you can determine with server code?

Second question: How do you know it's been set by a vendor or intermediary?
* Proxy server adds DNT:1 to all outgoing HTTP requests.
* Server sees DNT:1 on the incoming request ­ there's been NO other change
to the UA


Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  Nicholas Doty <npdoty@w3.org>
Date:  Wednesday, June 13, 2012 12:26 AM
To:  "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
Cc:  Justin Brookman <jbrookman@cdt.org>, W3 Tracking
<public-tracking@w3.org>
Subject:  Re: Today's call: summary on user agent compliance
Resent-From:  W3 Tracking <public-tracking@w3.org>
Resent-Date:  Wed, 13 Jun 2012 06:27:03 +0000

> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
> 
>> Re: Today's call: summary on user agent compliance
>> I think the problem is that compliance is based on both sides ability to
>> honor user preference.  If one side forges user preference, and the other
>> side can correctly only be compliant by acting on actual user preference,
>> there is an untenable situation.  Where a UA sends a well formed header
>> absent having obtained a preference from the user, the recipient server will
>> always be forced into non-compliance, no matter which action it takes.
>> 
>> Two cases come to mind:
>> 1. If a UA sends a DNT:1 by default, AND this is truly the preference of the
>> user, if the server fails to respond accordingly to DNT:1  then arguably
>> compliance has not been achieved.
>> 2. If, conversely, a server honors a well formed DNT:1 set by a vendor or
>> intermediary, absent such being the actual preference of the the user, again
>> preference has not been honored and compliance not maintained.
> For the second case: I'm not aware of anything in draft specifications that
> would make a server non-compliant if it treated a user that hadn't expressed a
> DNT:1 preference as if it had. For example, we don't have any requirements
> that a user who arrives with DNT:0 must be tracked. You might confuse a user
> if you provide a very different experience under DNT:1 and it was inserted by
> an intermediary unbeknownst to the user, but I don't see any issues with
> compliance with this group's specifications.
> 
> Thanks,
> Nick

Received on Wednesday, 13 June 2012 14:18:45 UTC