Re: ACTION-211 Draft text on how user agents must obtain consent to turn on a DNT signal

>> We do not specify how tracking preference choices are offered to the user or
how the preference is enabled:

& 

>> Implementations of HTTP that are not under control of the user must not
express a tracking preference on their behalf.

Which means that MSIE 10 is compliant, because it's under the control of the
user.

>> Implementations of HTTP that are not under control of the user must not
express a tracking preference on their behalf.

How do you know? All a proxy server has to do is add DNT:1 ­ take Abine for
example. A 3rd party plugin that adds DNT:1 to the outbound header. You have
no idea who set it because there's no code to determine who did it. Me or
the add on.


Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  Justin Brookman <justin@cdt.org>
Date:  Wednesday, June 13, 2012 8:26 AM
To:  W3 Tracking <public-tracking@w3.org>
Subject:  ACTION-211 Draft text on how user agents must obtain consent to
turn  on a DNT signal
Resent-From:  W3 Tracking <public-tracking@w3.org>
Resent-Date:  Wed, 13 Jun 2012 14:27:17 +0000

>     
>  Hello, here is draft language for the compliance document on user agent
> requirements.  The first paragraph is new, the second two are
> copied-and-pasted from Section 3 of the current TPE spec.
>  
>  Replace 4.2 Intermediary Compliance (empty) with this new section:
>  
>  4.2 User Agent Compliance
>  
>  A user agent MAY offer a control to express a tracking preference to third
> parties.  The control MUST communicate the user's preference in accordance
> with the [[Tracking Preference Expression (DNT)]] recommendation and otherwise
> comply with that recommendation.  A user agent MUST NOT express a tracking
> preference for a user unless the user has interacted with the user agent in
> such a way as to indicate a tracking preference.
>  
> 
>  We do not specify how tracking preference choices are offered to the user or
> how the preference is enabled: each implementation is responsible for
> determining the user experience by which a tracking preference is enabled. For
> example, a user might select a check-box in their user agent's configuration,
> install an extension or add-on that is specifically designed to add a tracking
> preference expression, or make a choice for privacy that then implicitly
> includes a tracking preference (e.g., Privacy settings: high). Likewise, a
> user might install or configure a proxy to add the expression to their own
> outgoing requests.
>  
> 
>  Although some controlled network environments, such as public access
> terminals or managed corporate intranets, might impose restrictions on the use
> or configuration of installed user agents, such that a user might only have
> access to user agents with a predetermined preference enabled, the user is at
> least able to choose whether to make use of those user agents. In contrast, if
> a user brings their own Web-enabled device to a library or cafe with wireless
> Internet access, the expectation will be that their chosen user agent and
> personal preferences regarding Web site behavior will not be altered by the
> network environment, aside from blanket limitations on what resources can or
> cannot be accessed through that network. Implementations of HTTP that are not
> under control of the user must not express a tracking preference on their
> behalf. 
>  
> -- 
> Justin Brookman
> Director, Consumer Privacy
> Center for Democracy & Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969
> justin@cdt.orghttp://www.cdt.org
> @CenDemTech
> @JustinBrookman
>  

Received on Wednesday, 13 June 2012 14:36:10 UTC