Re: Today's call: summary on user agent compliance

Nope.

I install MSIE and it's on by default. So I turn it off. 2 days later I
decide I want to turn it on again.

I install FF and it's off by default. So I turn it on. 2 days later I decide
I want to turn it off again.

There's no functional difference between those two statements. The spec
cannot determine "who" turned it on or off.


Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
Reply-To:  <ifette@google.com>
Date:  Wednesday, June 13, 2012 8:24 AM
To:  Peter Cranstone <peter.cranstone@gmail.com>
Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
Subject:  Re: Today's call: summary on user agent compliance

> The difference is that with IE you can't tell, and with FF you can tell.
> 
> As for being set by intermediary, we prohibited that in the spec as well, but
> there's not a great way to tell this. Presumably you might see something like
> "100% of users coming from this ASN are using DNT" if you cared to look, but
> it is a much harder question.
> 
> -Ian 
> 
> On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone <peter.cranstone@gmail.com>
> wrote:
>> Nick,
>> 
>> Question: How do you know if this is 'truly the preference of the user'?
>> 
>> For example
>> 1. I install Windows 8 and MSIE sends the DNT:1 header by default.
>> 2. I install Firefox 12 or 13 and then turn on DNT:1
>> What's the difference that you can determine with server code?
>> 
>> Second question: How do you know it's been set by a vendor or intermediary?
>> * Proxy server adds DNT:1 to all outgoing HTTP requests.
>> * Server sees DNT:1 on the incoming request ­ there's been NO other change to
>> the UA
>> 
>> 
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752 <tel:720.663.1752>
>> 
>> 
>> From:  Nicholas Doty <npdoty@w3.org>
>> Date:  Wednesday, June 13, 2012 12:26 AM
>> To:  "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
>> Cc:  Justin Brookman <jbrookman@cdt.org>, W3 Tracking
>> <public-tracking@w3.org>
>> 
>> Subject:  Re: Today's call: summary on user agent compliance
>> Resent-From:  W3 Tracking <public-tracking@w3.org>
>> Resent-Date:  Wed, 13 Jun 2012 06:27:03 +0000
>> 
>>> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
>>> 
>>>> I think the problem is that compliance is based on both sides ability to
>>>> honor user preference.  If one side forges user preference, and the other
>>>> side can correctly only be compliant by acting on actual user preference,
>>>> there is an untenable situation.  Where a UA sends a well formed header
>>>> absent having obtained a preference from the user, the recipient server
>>>> will always be forced into non-compliance, no matter which action it takes.
>>>> 
>>>> Two cases come to mind:
>>>> 1. If a UA sends a DNT:1 by default, AND this is truly the preference of
>>>> the user, if the server fails to respond accordingly to DNT:1  then
>>>> arguably compliance has not been achieved.
>>>> 2. If, conversely, a server honors a well formed DNT:1 set by a vendor or
>>>> intermediary, absent such being the actual preference of the the user,
>>>> again preference has not been honored and compliance not maintained.
>>> For the second case: I'm not aware of anything in draft specifications that
>>> would make a server non-compliant if it treated a user that hadn't expressed
>>> a DNT:1 preference as if it had. For example, we don't have any requirements
>>> that a user who arrives with DNT:0 must be tracked. You might confuse a user
>>> if you provide a very different experience under DNT:1 and it was inserted
>>> by an intermediary unbeknownst to the user, but I don't see any issues with
>>> compliance with this group's specifications.
>>> 
>>> Thanks,
>>> Nick
>