Re: ACTION-211 Draft text on how user agents must obtain consent to turn on a DNT signal

Is there any reason to say a user agent MAY offer a control instead of "A
user agent MUST offer a control?" -- I'd personally prefer MUST, and can't
imagine any reason for saying "MAY". With MAY you can claim "I never send a
DNT signal and I don't offer any controls, therefore I have implemented
DNT."

Also, the third paragraph seems to apply to intermediaries, not UAs.

That said, I think this text is necessary but not sufficient, we may want
to say more... i expect we'll get lots of conversation around this :)

On Wed, Jun 13, 2012 at 7:26 AM, Justin Brookman <justin@cdt.org> wrote:

>  Hello, here is draft language for the compliance document on user agent
> requirements.  The first paragraph is new, the second two are
> copied-and-pasted from Section 3 of the current TPE spec.
>
> Replace 4.2 Intermediary Compliance (empty) with this new section:
>
> 4.2 User Agent Compliance
>
> A user agent MAY offer a control to express a tracking preference to third
> parties.  The control MUST communicate the user's preference in accordance
> with the [[Tracking Preference Expression (DNT)]] recommendation and
> otherwise comply with that recommendation.  A user agent MUST NOT express a
> tracking preference for a user unless the user has interacted with the user
> agent in such a way as to indicate a tracking preference.
>
> We do not specify how tracking preference choices are offered to the user
> or how the preference is enabled: each implementation is responsible for
> determining the user experience by which a tracking preference is enabled.
> For example, a user might select a check-box in their user agent's
> configuration, install an extension or add-on that is specifically designed
> to add a tracking preference expression, or make a choice for privacy that
> then implicitly includes a tracking preference (e.g., Privacy settings:
> high). Likewise, a user might install or configure a proxy to add the
> expression to their own outgoing requests.
>
> Although some controlled network environments, such as public access
> terminals or managed corporate intranets, might impose restrictions on the
> use or configuration of installed user agents, such that a user might only
> have access to user agents with a predetermined preference enabled, the
> user is at least able to choose whether to make use of those user agents.
> In contrast, if a user brings their own Web-enabled device to a library or
> cafe with wireless Internet access, the expectation will be that their
> chosen user agent and personal preferences regarding Web site behavior will
> not be altered by the network environment, aside from blanket limitations
> on what resources can or cannot be accessed through that network.
> Implementations of HTTP that are not under control of the user *must not*express a tracking preference on their behalf.
>
> --
> Justin Brookman
> Director, Consumer Privacy
> Center for Democracy & Technology
> 1634 I Street NW, Suite 1100
> Washington, DC 20006
> tel 202.407.8812
> fax 202.637.0969justin@cdt.orghttp://www.cdt.org
> @CenDemTech
> @JustinBrookman
>
>

Received on Wednesday, 13 June 2012 14:44:16 UTC