- From: Justin Brookman <justin@cdt.org>
- Date: Wed, 13 Jun 2012 10:41:22 -0400
- To: public-tracking@w3.org
- Message-ID: <4FD8A692.8020907@cdt.org>
On 6/13/2012 10:35 AM, Peter Cranstone wrote: > >> We do not specify how tracking preference choices are offered to > the user or how the preference is enabled: > > & > > >> Implementations of HTTP that are not under control of the user > /must not/ express a tracking preference on their behalf. > > Which means that MSIE 10 is compliant, because it's under the control > of the user. This alone does not mean that IE10 is compliant, as there is separate text saying that "A user agent MUST NOT express a tracking preference for a user unless the user has interacted with the user agent in such a way as to indicate a tracking preference." > > >> Implementations of HTTP that are not under control of the user > /must not/ express a tracking preference on their behalf. > > How do you know? All a proxy server has to do is add DNT:1 -- take > Abine for example. A 3rd party plugin that adds DNT:1 to the outbound > header. You have no idea who set it because there's no code to > determine who did it. Me or the add on. I agree that third parties should not be second guessing DNT:1 signals for all the reasons that I and others have expressed over the list in the last two weeks. > > Peter > ___________________________________ > Peter J. Cranstone > 720.663.1752 > > > From: Justin Brookman <justin@cdt.org <mailto:justin@cdt.org>> > Date: Wednesday, June 13, 2012 8:26 AM > To: W3 Tracking <public-tracking@w3.org <mailto:public-tracking@w3.org>> > Subject: ACTION-211 Draft text on how user agents must obtain consent > to turn on a DNT signal > Resent-From: W3 Tracking <public-tracking@w3.org > <mailto:public-tracking@w3.org>> > Resent-Date: Wed, 13 Jun 2012 14:27:17 +0000 > > Hello, here is draft language for the compliance document on user > agent requirements. The first paragraph is new, the second two > are copied-and-pasted from Section 3 of the current TPE spec. > > Replace 4.2 Intermediary Compliance (empty) with this new section: > > 4.2 User Agent Compliance > > A user agent MAY offer a control to express a tracking preference > to third parties. The control MUST communicate the user's > preference in accordance with the [[Tracking Preference Expression > (DNT)]] recommendation and otherwise comply with that > recommendation. A user agent MUST NOT express a tracking > preference for a user unless the user has interacted with the user > agent in such a way as to indicate a tracking preference. > > We do not specify how tracking preference choices are offered to > the user or how the preference is enabled: each implementation is > responsible for determining the user experience by which a > tracking preference is enabled. For example, a user might select a > check-box in their user agent's configuration, install an > extension or add-on that is specifically designed to add a > tracking preference expression, or make a choice for privacy that > then implicitly includes a tracking preference (e.g., "Privacy > settings: high"). Likewise, a user might install or configure a > proxy to add the expression to their own outgoing requests. > > Although some controlled network environments, such as public > access terminals or managed corporate intranets, might impose > restrictions on the use or configuration of installed user agents, > such that a user might only have access to user agents with a > predetermined preference enabled, the user is at least able to > choose whether to make use of those user agents. In contrast, if a > user brings their own Web-enabled device to a library or cafe with > wireless Internet access, the expectation will be that their > chosen user agent and personal preferences regarding Web site > behavior will not be altered by the network environment, aside > from blanket limitations on what resources can or cannot be > accessed through that network. Implementations of HTTP that are > not under control of the user /must not/ express a tracking > preference on their behalf. > > -- > Justin Brookman > Director, Consumer Privacy > Center for Democracy& Technology > 1634 I Street NW, Suite 1100 > Washington, DC 20006 > tel 202.407.8812 > fax 202.637.0969 > justin@cdt.orghttp://www.cdt.org > @CenDemTech > @JustinBrookman >
Received on Wednesday, 13 June 2012 14:41:54 UTC