- From: Peter Cranstone <peter.cranstone@gmail.com>
- Date: Wed, 13 Jun 2012 08:52:44 -0600
- To: <ifette@google.com>
- CC: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, <public-tracking@w3.org>
- Message-ID: <CBFE04F2.3180%peter.cranstone@gmail.com>
Can you tell me (the forum) how you think the server knows that the default was set by the OEM? What do I look for in the header that tells me that? Peter ___________________________________ Peter J. Cranstone 720.663.1752 From: "Ian Fette (イアンフェッティ)" <ifette@google.com> Reply-To: <ifette@google.com> Date: Wednesday, June 13, 2012 8:48 AM To: Peter Cranstone <peter.cranstone@gmail.com> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org> Subject: Re: Today's call: summary on user agent compliance Resent-From: W3 Tracking <public-tracking@w3.org> Resent-Date: Wed, 13 Jun 2012 14:49:18 +0000 > The server knows two things. > > The server knows what the default setting was ("none" "on" "off") and what > setting it's seeing now. If the setting is different than the default, it > knows that the setting has been changed, presumably by the user but admittedly > a third party (intermediary or software) could also change it. Such is life. > > In the case of "setting == default" then the server has strictly less > information than in the previous scenario -- it has NO way of knowing, the > "default" has obscured the user's ability to make a preference, and thus the > server can conclude that the UA doesn't offer the user a complaint mechanism. > > On Wed, Jun 13, 2012 at 7:40 AM, Peter Cranstone <peter.cranstone@gmail.com> > wrote: >> Nope. Still fails your test. >> >> You have no idea who made the decision. So using your logic every copy of >> MSIE is non compliant because Microsoft shipped it by default. If I get a >> copy of windows 8, turn it off and then turn it on BEFORE I send a request to >> a server how do you know? >> >> The server only knows one thing – DNT:1 that's it. It has NO idea who set it, >> you, the OEM or a 3rd party add on. >> >> >> >> Peter >> ___________________________________ >> Peter J. Cranstone >> 720.663.1752 <tel:720.663.1752> >> >> >> From: "Ian Fette (イアンフェッティ)" <ifette@google.com> >> Reply-To: <ifette@google.com> >> Date: Wednesday, June 13, 2012 8:36 AM >> >> To: Peter Cranstone <peter.cranstone@gmail.com> >> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, >> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org> >> Subject: Re: Today's call: summary on user agent compliance >> >>> The point is that with IE your decision is masked by MSFT's default. If you >>> turn it off, I know that you've made a decision, but if you turn it back on >>> again I have no way of knowing if you're a user that made a decision or not. >>> >>> With FF it is __NOT__ proposed to be "off" by default. It is proposed to be >>> unset by default. You turn it on I know you made an explicit decision. You >>> set it to off and I know you made an explicit decision. >>> >>> -Ian >>> >>> On Wed, Jun 13, 2012 at 7:27 AM, Peter Cranstone <peter.cranstone@gmail.com> >>> wrote: >>>> Nope. >>>> >>>> I install MSIE and it's on by default. So I turn it off. 2 days later I >>>> decide I want to turn it on again. >>>> >>>> I install FF and it's off by default. So I turn it on. 2 days later I >>>> decide I want to turn it off again. >>>> >>>> There's no functional difference between those two statements. The spec >>>> cannot determine "who" turned it on or off. >>>> >>>> >>>> Peter >>>> ___________________________________ >>>> Peter J. Cranstone >>>> 720.663.1752 <tel:720.663.1752> >>>> >>>> >>>> From: "Ian Fette (イアンフェッティ)" <ifette@google.com> >>>> Reply-To: <ifette@google.com> >>>> Date: Wednesday, June 13, 2012 8:24 AM >>>> To: Peter Cranstone <peter.cranstone@gmail.com> >>>> Cc: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" >>>> <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, W3 Tracking >>>> <public-tracking@w3.org> >>>> >>>> Subject: Re: Today's call: summary on user agent compliance >>>> >>>>> The difference is that with IE you can't tell, and with FF you can tell. >>>>> >>>>> As for being set by intermediary, we prohibited that in the spec as well, >>>>> but there's not a great way to tell this. Presumably you might see >>>>> something like "100% of users coming from this ASN are using DNT" if you >>>>> cared to look, but it is a much harder question. >>>>> >>>>> -Ian >>>>> >>>>> On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone >>>>> <peter.cranstone@gmail.com> wrote: >>>>>> Nick, >>>>>> >>>>>> Question: How do you know if this is 'truly the preference of the user'? >>>>>> >>>>>> For example >>>>>> 1. I install Windows 8 and MSIE sends the DNT:1 header by default. >>>>>> 2. I install Firefox 12 or 13 and then turn on DNT:1 >>>>>> What's the difference that you can determine with server code? >>>>>> >>>>>> Second question: How do you know it's been set by a vendor or >>>>>> intermediary? >>>>>> * Proxy server adds DNT:1 to all outgoing HTTP requests. >>>>>> * Server sees DNT:1 on the incoming request there's been NO other >>>>>> change to the UA >>>>>> >>>>>> >>>>>> Peter >>>>>> ___________________________________ >>>>>> Peter J. Cranstone >>>>>> 720.663.1752 <tel:720.663.1752> >>>>>> >>>>>> >>>>>> From: Nicholas Doty <npdoty@w3.org> >>>>>> Date: Wednesday, June 13, 2012 12:26 AM >>>>>> To: "Dobbs, Brooks" <brooks.dobbs@kbmg.com> >>>>>> Cc: Justin Brookman <jbrookman@cdt.org>, W3 Tracking >>>>>> <public-tracking@w3.org> >>>>>> >>>>>> Subject: Re: Today's call: summary on user agent compliance >>>>>> Resent-From: W3 Tracking <public-tracking@w3.org> >>>>>> Resent-Date: Wed, 13 Jun 2012 06:27:03 +0000 >>>>>> >>>>>>> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote: >>>>>>> >>>>>>> I think the problem is that compliance is based on both sides ability to >>>>>>> honor user preference. If one side forges user preference, and the >>>>>>> other side can correctly only be compliant by acting on actual user >>>>>>> preference, there is an untenable situation. Where a UA sends a well >>>>>>> formed header absent having obtained a preference from the user, the >>>>>>> recipient server will always be forced into non-compliance, no matter >>>>>>> which action it takes. >>>>>>> >>>>>>> Two cases come to mind: >>>>>>> 1. If a UA sends a DNT:1 by default, AND this is truly the preference of >>>>>>> the user, if the server fails to respond accordingly to DNT:1 then >>>>>>> arguably compliance has not been achieved. >>>>>>> 2. If, conversely, a server honors a well formed DNT:1 set by a vendor >>>>>>> or intermediary, absent such being the actual preference of the the >>>>>>> user, again preference has not been honored and compliance not >>>>>>> maintained. >>>>>>> For the second case: I'm not aware of anything in draft specifications >>>>>>> that would make a server non-compliant if it treated a user that hadn't >>>>>>> expressed a DNT:1 preference as if it had. For example, we don't have >>>>>>> any requirements that a user who arrives with DNT:0 must be tracked. You >>>>>>> might confuse a user if you provide a very different experience under >>>>>>> DNT:1 and it was inserted by an intermediary unbeknownst to the user, >>>>>>> but I don't see any issues with compliance with this group's >>>>>>> specifications. >>>>>>> >>>>>>> Thanks, >>>>>>> Nick >>>>> >>> >
Received on Wednesday, 13 June 2012 14:53:25 UTC