- From: イアンフェッティ <ifette@google.com>
- Date: Wed, 13 Jun 2012 07:58:18 -0700
- To: Peter Cranstone <peter.cranstone@gmail.com>
- Cc: Justin Brookman <justin@cdt.org>, public-tracking@w3.org
- Message-ID: <CAF4kx8cvi5i=ZVOY+huf+Fj_yai4g-YvD8aq5Npy4dD8RHHm8g@mail.gmail.com>
On Wed, Jun 13, 2012 at 7:56 AM, Peter Cranstone <peter.cranstone@gmail.com>wrote: > The point that I'm trying to make is that the server has NO indication WHO > set the DNT flag. There is NOTHING in the spec to indicate this. > > You know (human) that MSIE ships with the default set to 1. Ok, I get > that. But if I change it and then change it back two days later are you > still going to reject every request? > Yes, as I still have no way of differentiating your setting from the default. Blame MS there. > > This whole "default" issue is a red herring. The server doesn't know > default from a hole in the wall. All it sees is DNT:1 and a UA. > > > > Peter > ___________________________________ > Peter J. Cranstone > 720.663.1752 > > > From: "Ian Fette (イアンフェッティ)" <ifette@google.com> > Reply-To: <ifette@google.com> > Date: Wednesday, June 13, 2012 8:52 AM > To: Peter Cranstone <peter.cranstone@gmail.com> > Cc: Justin Brookman <justin@cdt.org>, W3 Tracking <public-tracking@w3.org> > > Subject: Re: ACTION-211 Draft text on how user agents must obtain consent > to turn on a DNT signal > > Peter, what are you trying to get at? I am missing it. > > In the case of seeing DNT:1 from IE10, by far the most likely reason for > seeing that is that it's the default, and so in the absence of any other > information a server would be justified in thinking that it wasn't an > actual expression by the user but rather an expression by MSFT. You're > correct in that in the general case it's impossible to tell who tweaked the > setting (except perhaps in the case of SSL, where you know it was something > on the user's computer), but what are you trying to get at? > > On Wed, Jun 13, 2012 at 7:46 AM, Peter Cranstone < > peter.cranstone@gmail.com> wrote: > >> I know what the spec says. >> >> What I'm asking you to define is how the server knows WHO set the DNT >> flag. Nobody has been able to answer that question yet. >> >> >> Peter >> ___________________________________ >> Peter J. Cranstone >> 720.663.1752 >> >> >> From: Justin Brookman <justin@cdt.org> >> Date: Wednesday, June 13, 2012 8:41 AM >> To: W3 Tracking <public-tracking@w3.org> >> Subject: Re: ACTION-211 Draft text on how user agents must obtain >> consent to turn on a DNT signal >> Resent-From: W3 Tracking <public-tracking@w3.org> >> Resent-Date: Wed, 13 Jun 2012 14:41:56 +0000 >> >> On 6/13/2012 10:35 AM, Peter Cranstone wrote: >> >> >> We do not specify how tracking preference choices are offered to the >> user or how the preference is enabled: >> >> & >> >> >> Implementations of HTTP that are not under control of the user *must >> not* express a tracking preference on their behalf. >> >> Which means that MSIE 10 is compliant, because it's under the control >> of the user. >> >> This alone does not mean that IE10 is compliant, as there is separate >> text saying that "A user agent MUST NOT express a tracking preference >> for a user unless the user has interacted with the user agent in such a way >> as to indicate a tracking preference." >> >> >> >> Implementations of HTTP that are not under control of the user *must >> not* express a tracking preference on their behalf. >> >> How do you know? All a proxy server has to do is add DNT:1 take Abine >> for example. A 3rd party plugin that adds DNT:1 to the outbound header. You >> have no idea who set it because there's no code to determine who did it. Me >> or the add on. >> >> I agree that third parties should not be second guessing DNT:1 signals >> for all the reasons that I and others have expressed over the list in the >> last two weeks. >> >> >> Peter >> ___________________________________ >> Peter J. Cranstone >> 720.663.1752 >> >> >> From: Justin Brookman <justin@cdt.org> >> Date: Wednesday, June 13, 2012 8:26 AM >> To: W3 Tracking <public-tracking@w3.org> >> Subject: ACTION-211 Draft text on how user agents must obtain consent to >> turn on a DNT signal >> Resent-From: W3 Tracking <public-tracking@w3.org> >> Resent-Date: Wed, 13 Jun 2012 14:27:17 +0000 >> >> Hello, here is draft language for the compliance document on user >> agent requirements. The first paragraph is new, the second two are >> copied-and-pasted from Section 3 of the current TPE spec. >> >> Replace 4.2 Intermediary Compliance (empty) with this new section: >> >> 4.2 User Agent Compliance >> >> A user agent MAY offer a control to express a tracking preference to >> third parties. The control MUST communicate the user's preference in >> accordance with the [[Tracking Preference Expression (DNT)]] recommendation >> and otherwise comply with that recommendation. A user agent MUST NOT >> express a tracking preference for a user unless the user has interacted >> with the user agent in such a way as to indicate a tracking preference. >> >> We do not specify how tracking preference choices are offered to the user >> or how the preference is enabled: each implementation is responsible for >> determining the user experience by which a tracking preference is enabled. >> For example, a user might select a check-box in their user agent's >> configuration, install an extension or add-on that is specifically designed >> to add a tracking preference expression, or make a choice for privacy that >> then implicitly includes a tracking preference (e.g., Privacy settings: >> high). Likewise, a user might install or configure a proxy to add the >> expression to their own outgoing requests. >> >> Although some controlled network environments, such as public access >> terminals or managed corporate intranets, might impose restrictions on the >> use or configuration of installed user agents, such that a user might only >> have access to user agents with a predetermined preference enabled, the >> user is at least able to choose whether to make use of those user agents. >> In contrast, if a user brings their own Web-enabled device to a library or >> cafe with wireless Internet access, the expectation will be that their >> chosen user agent and personal preferences regarding Web site behavior will >> not be altered by the network environment, aside from blanket limitations >> on what resources can or cannot be accessed through that network. >> Implementations of HTTP that are not under control of the user *must not*express a tracking preference on their behalf. >> >> -- >> Justin Brookman >> Director, Consumer Privacy >> Center for Democracy & Technology >> 1634 I Street NW, Suite 1100 >> Washington, DC 20006 >> tel 202.407.8812 >> fax 202.637.0969justin@cdt.orghttp://www.cdt.org >> @CenDemTech >> @JustinBrookman >> >> >
Received on Wednesday, 13 June 2012 14:58:45 UTC