Re: Today's call: summary on user agent compliance from Peter Cranstone on 2012-06-13 (public-tracking@w3.org from June 2012)

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Wed, 13 Jun 2012 08:52:44 -0600
To: <ifette@google.com>
CC: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, <public-tracking@w3.org>
Message-ID: <CBFE04F2.3180%peter.cranstone@gmail.com>
Can you tell me (the forum) how you think the server knows that the default
was set by the OEM?

What do I look for in the header that tells me that?


Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
Reply-To:  <ifette@google.com>
Date:  Wednesday, June 13, 2012 8:48 AM
To:  Peter Cranstone <peter.cranstone@gmail.com>
Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
Subject:  Re: Today's call: summary on user agent compliance
Resent-From:  W3 Tracking <public-tracking@w3.org>
Resent-Date:  Wed, 13 Jun 2012 14:49:18 +0000

> The server knows two things.
> 
> The server knows what the default setting was ("none" "on" "off") and what
> setting it's seeing now.  If the setting is different than the default, it
> knows that the setting has been changed, presumably by the user but admittedly
> a third party (intermediary or software) could also change it. Such is life.
> 
> In the case of "setting == default" then the server has strictly less
> information than in the previous scenario -- it has NO way of knowing, the
> "default" has obscured the user's ability to make a preference, and thus the
> server can conclude that the UA doesn't offer the user a complaint mechanism.
> 
> On Wed, Jun 13, 2012 at 7:40 AM, Peter Cranstone <peter.cranstone@gmail.com>
> wrote:
>> Nope. Still fails your test.
>> 
>> You have no idea who made the decision. So using your logic every copy of
>> MSIE is non compliant because Microsoft shipped it by default. If I get a
>> copy of windows 8, turn it off and then turn it on BEFORE I send a request to
>> a server how do you know?
>> 
>> The server only knows one thing – DNT:1 that's it. It has NO idea who set it,
>> you, the OEM or a 3rd party add on.
>> 
>> 
>> 
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752 <tel:720.663.1752>
>> 
>> 
>> From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
>> Reply-To:  <ifette@google.com>
>> Date:  Wednesday, June 13, 2012 8:36 AM
>> 
>> To:  Peter Cranstone <peter.cranstone@gmail.com>
>> Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
>> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
>> Subject:  Re: Today's call: summary on user agent compliance
>> 
>>> The point is that with IE your decision is masked by MSFT's default. If you
>>> turn it off, I know that you've made a decision, but if you turn it back on
>>> again I have no way of knowing if you're a user that made a decision or not.
>>> 
>>> With FF it is __NOT__ proposed to be "off" by default. It is proposed to be
>>> unset by default. You turn it on I know you made an explicit decision. You
>>> set it to off and I know you made an explicit decision.
>>> 
>>> -Ian
>>> 
>>> On Wed, Jun 13, 2012 at 7:27 AM, Peter Cranstone <peter.cranstone@gmail.com>
>>> wrote:
>>>> Nope.
>>>> 
>>>> I install MSIE and it's on by default. So I turn it off. 2 days later I
>>>> decide I want to turn it on again.
>>>> 
>>>> I install FF and it's off by default. So I turn it on. 2 days later I
>>>> decide I want to turn it off again.
>>>> 
>>>> There's no functional difference between those two statements. The spec
>>>> cannot determine "who" turned it on or off.
>>>> 
>>>> 
>>>> Peter
>>>> ___________________________________
>>>> Peter J. Cranstone
>>>> 720.663.1752 <tel:720.663.1752>
>>>> 
>>>> 
>>>> From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
>>>> Reply-To:  <ifette@google.com>
>>>> Date:  Wednesday, June 13, 2012 8:24 AM
>>>> To:  Peter Cranstone <peter.cranstone@gmail.com>
>>>> Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks"
>>>> <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, W3 Tracking
>>>> <public-tracking@w3.org>
>>>> 
>>>> Subject:  Re: Today's call: summary on user agent compliance
>>>> 
>>>>> The difference is that with IE you can't tell, and with FF you can tell.
>>>>> 
>>>>> As for being set by intermediary, we prohibited that in the spec as well,
>>>>> but there's not a great way to tell this. Presumably you might see
>>>>> something like "100% of users coming from this ASN are using DNT" if you
>>>>> cared to look, but it is a much harder question.
>>>>> 
>>>>> -Ian 
>>>>> 
>>>>> On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone
>>>>> <peter.cranstone@gmail.com> wrote:
>>>>>> Nick,
>>>>>> 
>>>>>> Question: How do you know if this is 'truly the preference of the user'?
>>>>>> 
>>>>>> For example
>>>>>> 1. I install Windows 8 and MSIE sends the DNT:1 header by default.
>>>>>> 2. I install Firefox 12 or 13 and then turn on DNT:1
>>>>>> What's the difference that you can determine with server code?
>>>>>> 
>>>>>> Second question: How do you know it's been set by a vendor or
>>>>>> intermediary?
>>>>>> * Proxy server adds DNT:1 to all outgoing HTTP requests.
>>>>>> * Server sees DNT:1 on the incoming request  there's been NO other
>>>>>> change to the UA
>>>>>> 
>>>>>> 
>>>>>> Peter
>>>>>> ___________________________________
>>>>>> Peter J. Cranstone
>>>>>> 720.663.1752 <tel:720.663.1752>
>>>>>> 
>>>>>> 
>>>>>> From:  Nicholas Doty <npdoty@w3.org>
>>>>>> Date:  Wednesday, June 13, 2012 12:26 AM
>>>>>> To:  "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
>>>>>> Cc:  Justin Brookman <jbrookman@cdt.org>, W3 Tracking
>>>>>> <public-tracking@w3.org>
>>>>>> 
>>>>>> Subject:  Re: Today's call: summary on user agent compliance
>>>>>> Resent-From:  W3 Tracking <public-tracking@w3.org>
>>>>>> Resent-Date:  Wed, 13 Jun 2012 06:27:03 +0000
>>>>>> 
>>>>>>> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
>>>>>>> 
>>>>>>> I think the problem is that compliance is based on both sides ability to
>>>>>>> honor user preference.  If one side forges user preference, and the
>>>>>>> other side can correctly only be compliant by acting on actual user
>>>>>>> preference, there is an untenable situation.  Where a UA sends a well
>>>>>>> formed header absent having obtained a preference from the user, the
>>>>>>> recipient server will always be forced into non-compliance, no matter
>>>>>>> which action it takes.
>>>>>>> 
>>>>>>> Two cases come to mind:
>>>>>>> 1. If a UA sends a DNT:1 by default, AND this is truly the preference of
>>>>>>> the user, if the server fails to respond accordingly to DNT:1  then
>>>>>>> arguably compliance has not been achieved.
>>>>>>> 2. If, conversely, a server honors a well formed DNT:1 set by a vendor
>>>>>>> or intermediary, absent such being the actual preference of the the
>>>>>>> user, again preference has not been honored and compliance not
>>>>>>> maintained.
>>>>>>> For the second case: I'm not aware of anything in draft specifications
>>>>>>> that would make a server non-compliant if it treated a user that hadn't
>>>>>>> expressed a DNT:1 preference as if it had. For example, we don't have
>>>>>>> any requirements that a user who arrives with DNT:0 must be tracked. You
>>>>>>> might confuse a user if you provide a very different experience under
>>>>>>> DNT:1 and it was inserted by an intermediary unbeknownst to the user,
>>>>>>> but I don't see any issues with compliance with this group's
>>>>>>> specifications.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> Nick
>>>>> 
>>> 
>
Received on Wednesday, 13 June 2012 14:53:25 UTC