Re: Today's call: summary on user agent compliance from イアンフェッティ on 2012-06-13 (public-tracking@w3.org from June 2012)

From: イアンフェッティ <ifette@google.com>
Date: Wed, 13 Jun 2012 07:24:13 -0700
To: Peter Cranstone <peter.cranstone@gmail.com>
Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, public-tracking@w3.org
Message-ID: <CAF4kx8fvJ0xW47xsfLC1nVEhFjXdr5xpGBaryYk0uuBjgK7KoQ@mail.gmail.com>

The difference is that with IE you can't tell, and with FF you can tell.

As for being set by intermediary, we prohibited that in the spec as well,
but there's not a great way to tell this. Presumably you might see
something like "100% of users coming from this ASN are using DNT" if you
cared to look, but it is a much harder question.

-Ian

On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone
<peter.cranstone@gmail.com>wrote:

> Nick,
>
> Question: How do you know if this is 'truly the preference of the user'?
>
> For example
>
>    1. I install Windows 8 and MSIE sends the DNT:1 header by default.
>    2. I install Firefox 12 or 13 and then turn on DNT:1
>
> What's the difference that you can determine with server code?
>
> Second question: How do you know it's been set by a vendor or intermediary?
>
>    - Proxy server adds DNT:1 to all outgoing HTTP requests.
>    - Server sees DNT:1 on the incoming request – there's been NO other
>    change to the UA
>
>
>
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752
>
>
> From: Nicholas Doty <npdoty@w3.org>
> Date: Wednesday, June 13, 2012 12:26 AM
> To: "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
> Cc: Justin Brookman <jbrookman@cdt.org>, W3 Tracking <
> public-tracking@w3.org>
>
> Subject: Re: Today's call: summary on user agent compliance
> Resent-From: W3 Tracking <public-tracking@w3.org>
> Resent-Date: Wed, 13 Jun 2012 06:27:03 +0000
>
> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
>
> I think the problem is that compliance is based on both sides ability to
> honor user preference.  If one side forges user preference, and the other
> side can correctly only be compliant by acting on actual user preference,
> there is an untenable situation.  Where a UA sends a well formed header
> absent having obtained a preference from the user, the recipient server
> will always be forced into non-compliance, no matter which action it takes.
>
> Two cases come to mind:
>
>    1. If a UA sends a DNT:1 by default, AND this is truly the preference
>    of the user, if the server fails to respond accordingly to DNT:1  then
>    arguably compliance has not been achieved.
>    2. If, conversely, a server honors a well formed DNT:1 set by a vendor
>    or intermediary, absent such being the actual preference of the the user,
>    again preference has not been honored and compliance not maintained.
>
> For the second case: I'm not aware of anything in draft specifications
> that would make a server non-compliant if it treated a user that hadn't
> expressed a DNT:1 preference as if it had. For example, we don't have any
> requirements that a user who arrives with DNT:0 must be tracked. You might
> confuse a user if you provide a very different experience under DNT:1 and
> it was inserted by an intermediary unbeknownst to the user, but I don't see
> any issues with compliance with this group's specifications.
>
> Thanks,
> Nick
>
>

Received on Wednesday, 13 June 2012 14:24:47 UTC