- From: Peter Cranstone <peter.cranstone@gmail.com>
- Date: Wed, 13 Jun 2012 08:35:29 -0600
- To: Justin Brookman <justin@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <CBFE009B.3141%peter.cranstone@gmail.com>
>> We do not specify how tracking preference choices are offered to the user or how the preference is enabled: & >> Implementations of HTTP that are not under control of the user must not express a tracking preference on their behalf. Which means that MSIE 10 is compliant, because it's under the control of the user. >> Implementations of HTTP that are not under control of the user must not express a tracking preference on their behalf. How do you know? All a proxy server has to do is add DNT:1 take Abine for example. A 3rd party plugin that adds DNT:1 to the outbound header. You have no idea who set it because there's no code to determine who did it. Me or the add on. Peter ___________________________________ Peter J. Cranstone 720.663.1752 From: Justin Brookman <justin@cdt.org> Date: Wednesday, June 13, 2012 8:26 AM To: W3 Tracking <public-tracking@w3.org> Subject: ACTION-211 Draft text on how user agents must obtain consent to turn on a DNT signal Resent-From: W3 Tracking <public-tracking@w3.org> Resent-Date: Wed, 13 Jun 2012 14:27:17 +0000 > > Hello, here is draft language for the compliance document on user agent > requirements. The first paragraph is new, the second two are > copied-and-pasted from Section 3 of the current TPE spec. > > Replace 4.2 Intermediary Compliance (empty) with this new section: > > 4.2 User Agent Compliance > > A user agent MAY offer a control to express a tracking preference to third > parties. The control MUST communicate the user's preference in accordance > with the [[Tracking Preference Expression (DNT)]] recommendation and otherwise > comply with that recommendation. A user agent MUST NOT express a tracking > preference for a user unless the user has interacted with the user agent in > such a way as to indicate a tracking preference. > > > We do not specify how tracking preference choices are offered to the user or > how the preference is enabled: each implementation is responsible for > determining the user experience by which a tracking preference is enabled. For > example, a user might select a check-box in their user agent's configuration, > install an extension or add-on that is specifically designed to add a tracking > preference expression, or make a choice for privacy that then implicitly > includes a tracking preference (e.g., Privacy settings: high). Likewise, a > user might install or configure a proxy to add the expression to their own > outgoing requests. > > > Although some controlled network environments, such as public access > terminals or managed corporate intranets, might impose restrictions on the use > or configuration of installed user agents, such that a user might only have > access to user agents with a predetermined preference enabled, the user is at > least able to choose whether to make use of those user agents. In contrast, if > a user brings their own Web-enabled device to a library or cafe with wireless > Internet access, the expectation will be that their chosen user agent and > personal preferences regarding Web site behavior will not be altered by the > network environment, aside from blanket limitations on what resources can or > cannot be accessed through that network. Implementations of HTTP that are not > under control of the user must not express a tracking preference on their > behalf. > > -- > Justin Brookman > Director, Consumer Privacy > Center for Democracy & Technology > 1634 I Street NW, Suite 1100 > Washington, DC 20006 > tel 202.407.8812 > fax 202.637.0969 > justin@cdt.orghttp://www.cdt.org > @CenDemTech > @JustinBrookman >
Received on Wednesday, 13 June 2012 14:36:10 UTC