RE: Today's call: summary on user agent compliance from Shane Wiley on 2012-06-13 (public-tracking@w3.org from June 2012)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 13 Jun 2012 07:55:12 -0700
To: "ifette@google.com" <ifette@google.com>, Peter Cranstone <peter.cranstone@gmail.com>
CC: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D187864BA@SP2-EX07VS02.ds.corp.yahoo.com>

Additionally, ISSUE-143 attempts to provide a mechanism to convey non-browser UAs that activate DNT to the Server.

- Shane

From: Ian Fette (イアンフェッティ) [mailto:ifette@google.com]
Sent: Wednesday, June 13, 2012 10:36 AM
To: Peter Cranstone
Cc: Nicholas Doty; Dobbs, Brooks; Justin Brookman; public-tracking@w3.org
Subject: Re: Today's call: summary on user agent compliance

The point is that with IE your decision is masked by MSFT's default. If you turn it off, I know that you've made a decision, but if you turn it back on again I have no way of knowing if you're a user that made a decision or not.

With FF it is __NOT__ proposed to be "off" by default. It is proposed to be unset by default. You turn it on I know you made an explicit decision. You set it to off and I know you made an explicit decision.

-Ian
On Wed, Jun 13, 2012 at 7:27 AM, Peter Cranstone <peter.cranstone@gmail.com<mailto:peter.cranstone@gmail.com>> wrote:
Nope.

I install MSIE and it's on by default. So I turn it off. 2 days later I decide I want to turn it on again.

I install FF and it's off by default. So I turn it on. 2 days later I decide I want to turn it off again.

There's no functional difference between those two statements. The spec cannot determine "who" turned it on or off.

Peter
___________________________________
Peter J. Cranstone
720.663.1752<tel:720.663.1752>

From: "Ian Fette (イアンフェッティ)" <ifette@google.com<mailto:ifette@google.com>>
Reply-To: <ifette@google.com<mailto:ifette@google.com>>
Date: Wednesday, June 13, 2012 8:24 AM
To: Peter Cranstone <peter.cranstone@gmail.com<mailto:peter.cranstone@gmail.com>>
Cc: Nicholas Doty <npdoty@w3.org<mailto:npdoty@w3.org>>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com>>, Justin Brookman <jbrookman@cdt.org<mailto:jbrookman@cdt.org>>, W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>

Subject: Re: Today's call: summary on user agent compliance

The difference is that with IE you can't tell, and with FF you can tell.

As for being set by intermediary, we prohibited that in the spec as well, but there's not a great way to tell this. Presumably you might see something like "100% of users coming from this ASN are using DNT" if you cared to look, but it is a much harder question.

-Ian
On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone <peter.cranstone@gmail.com<mailto:peter.cranstone@gmail.com>> wrote:
Nick,

Question: How do you know if this is 'truly the preference of the user'?

For example

 1.  I install Windows 8 and MSIE sends the DNT:1 header by default.
 2.  I install Firefox 12 or 13 and then turn on DNT:1
What's the difference that you can determine with server code?

Second question: How do you know it's been set by a vendor or intermediary?

 *   Proxy server adds DNT:1 to all outgoing HTTP requests.
 *   Server sees DNT:1 on the incoming request  there's been NO other change to the UA

Peter
___________________________________
Peter J. Cranstone
720.663.1752<tel:720.663.1752>

From: Nicholas Doty <npdoty@w3.org<mailto:npdoty@w3.org>>
Date: Wednesday, June 13, 2012 12:26 AM
To: "Dobbs, Brooks" <brooks.dobbs@kbmg.com<mailto:brooks.dobbs@kbmg.com>>
Cc: Justin Brookman <jbrookman@cdt.org<mailto:jbrookman@cdt.org>>, W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>

Subject: Re: Today's call: summary on user agent compliance
Resent-From: W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Wed, 13 Jun 2012 06:27:03 +0000

On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:

I think the problem is that compliance is based on both sides ability to honor user preference.  If one side forges user preference, and the other side can correctly only be compliant by acting on actual user preference, there is an untenable situation.  Where a UA sends a well formed header absent having obtained a preference from the user, the recipient server will always be forced into non-compliance, no matter which action it takes.

Two cases come to mind:

 1.  If a UA sends a DNT:1 by default, AND this is truly the preference of the user, if the server fails to respond accordingly to DNT:1  then arguably compliance has not been achieved.
 2.  If, conversely, a server honors a well formed DNT:1 set by a vendor or intermediary, absent such being the actual preference of the the user, again preference has not been honored and compliance not maintained.
For the second case: I'm not aware of anything in draft specifications that would make a server non-compliant if it treated a user that hadn't expressed a DNT:1 preference as if it had. For example, we don't have any requirements that a user who arrives with DNT:0 must be tracked. You might confuse a user if you provide a very different experience under DNT:1 and it was inserted by an intermediary unbeknownst to the user, but I don't see any issues with compliance with this group's specifications.

Thanks,
Nick

Received on Wednesday, 13 June 2012 14:56:27 UTC