Re: Today's call: summary on user agent compliance

Nope. Still fails your test.

You have no idea who made the decision. So using your logic every copy of
MSIE is non compliant because Microsoft shipped it by default. If I get a
copy of windows 8, turn it off and then turn it on BEFORE I send a request
to a server how do you know?

The server only knows one thing – DNT:1 that's it. It has NO idea who set
it, you, the OEM or a 3rd party add on.



Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
Reply-To:  <ifette@google.com>
Date:  Wednesday, June 13, 2012 8:36 AM
To:  Peter Cranstone <peter.cranstone@gmail.com>
Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
Subject:  Re: Today's call: summary on user agent compliance

> The point is that with IE your decision is masked by MSFT's default. If you
> turn it off, I know that you've made a decision, but if you turn it back on
> again I have no way of knowing if you're a user that made a decision or not.
> 
> With FF it is __NOT__ proposed to be "off" by default. It is proposed to be
> unset by default. You turn it on I know you made an explicit decision. You set
> it to off and I know you made an explicit decision.
> 
> -Ian
> 
> On Wed, Jun 13, 2012 at 7:27 AM, Peter Cranstone <peter.cranstone@gmail.com>
> wrote:
>> Nope.
>> 
>> I install MSIE and it's on by default. So I turn it off. 2 days later I
>> decide I want to turn it on again.
>> 
>> I install FF and it's off by default. So I turn it on. 2 days later I decide
>> I want to turn it off again.
>> 
>> There's no functional difference between those two statements. The spec
>> cannot determine "who" turned it on or off.
>> 
>> 
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752 <tel:720.663.1752>
>> 
>> 
>> From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
>> Reply-To:  <ifette@google.com>
>> Date:  Wednesday, June 13, 2012 8:24 AM
>> To:  Peter Cranstone <peter.cranstone@gmail.com>
>> Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
>> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
>> 
>> Subject:  Re: Today's call: summary on user agent compliance
>> 
>>> The difference is that with IE you can't tell, and with FF you can tell.
>>> 
>>> As for being set by intermediary, we prohibited that in the spec as well,
>>> but there's not a great way to tell this. Presumably you might see something
>>> like "100% of users coming from this ASN are using DNT" if you cared to
>>> look, but it is a much harder question.
>>> 
>>> -Ian 
>>> 
>>> On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone <peter.cranstone@gmail.com>
>>> wrote:
>>>> Nick,
>>>> 
>>>> Question: How do you know if this is 'truly the preference of the user'?
>>>> 
>>>> For example
>>>> 1. I install Windows 8 and MSIE sends the DNT:1 header by default.
>>>> 2. I install Firefox 12 or 13 and then turn on DNT:1
>>>> What's the difference that you can determine with server code?
>>>> 
>>>> Second question: How do you know it's been set by a vendor or intermediary?
>>>> * Proxy server adds DNT:1 to all outgoing HTTP requests.
>>>> * Server sees DNT:1 on the incoming request ­ there's been NO other change
>>>> to the UA
>>>> 
>>>> 
>>>> Peter
>>>> ___________________________________
>>>> Peter J. Cranstone
>>>> 720.663.1752 <tel:720.663.1752>
>>>> 
>>>> 
>>>> From:  Nicholas Doty <npdoty@w3.org>
>>>> Date:  Wednesday, June 13, 2012 12:26 AM
>>>> To:  "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
>>>> Cc:  Justin Brookman <jbrookman@cdt.org>, W3 Tracking
>>>> <public-tracking@w3.org>
>>>> 
>>>> Subject:  Re: Today's call: summary on user agent compliance
>>>> Resent-From:  W3 Tracking <public-tracking@w3.org>
>>>> Resent-Date:  Wed, 13 Jun 2012 06:27:03 +0000
>>>> 
>>>>> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
>>>>> 
>>>>>> I think the problem is that compliance is based on both sides ability to
>>>>>> honor user preference.  If one side forges user preference, and the other
>>>>>> side can correctly only be compliant by acting on actual user preference,
>>>>>> there is an untenable situation.  Where a UA sends a well formed header
>>>>>> absent having obtained a preference from the user, the recipient server
>>>>>> will always be forced into non-compliance, no matter which action it
>>>>>> takes. 
>>>>>> 
>>>>>> Two cases come to mind:
>>>>>> 1. If a UA sends a DNT:1 by default, AND this is truly the preference of
>>>>>> the user, if the server fails to respond accordingly to DNT:1  then
>>>>>> arguably compliance has not been achieved.
>>>>>> 2. If, conversely, a server honors a well formed DNT:1 set by a vendor or
>>>>>> intermediary, absent such being the actual preference of the the user,
>>>>>> again preference has not been honored and compliance not maintained.
>>>>> For the second case: I'm not aware of anything in draft specifications
>>>>> that would make a server non-compliant if it treated a user that hadn't
>>>>> expressed a DNT:1 preference as if it had. For example, we don't have any
>>>>> requirements that a user who arrives with DNT:0 must be tracked. You might
>>>>> confuse a user if you provide a very different experience under DNT:1 and
>>>>> it was inserted by an intermediary unbeknownst to the user, but I don't
>>>>> see any issues with compliance with this group's specifications.
>>>>> 
>>>>> Thanks,
>>>>> Nick
>>> 
> 

Received on Wednesday, 13 June 2012 14:40:50 UTC