Re: Today's call: summary on user agent compliance from Peter Cranstone on 2012-06-13 (public-tracking@w3.org from June 2012)

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Wed, 13 Jun 2012 09:10:19 -0600
To: <ifette@google.com>
CC: Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, <public-tracking@w3.org>
Message-ID: <CBFE088E.31A8%peter.cranstone@gmail.com>
>> But there are cases you can detect where the setting was, more likely than
not, NOT set by the user.

Again – you'll have to show me the code that does this. I've already posted
mine to the forum. 

Microsoft were smart – the real compliance issue at stake here is "WHO" set
the flag. I would argue that you can not determine that with anywhere near
the accuracy required to deliver a consistent online experience. And even if
you could the performance hit on the servers is so huge that no admin would
ever make those changes.



Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
Reply-To:  <ifette@google.com>
Date:  Wednesday, June 13, 2012 9:05 AM
To:  Peter Cranstone <peter.cranstone@gmail.com>
Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
Subject:  Re: Today's call: summary on user agent compliance

> You don't.
> 
> You seem to be saying "You can't detect every possible case where the setting
> was set by something other than the user." That's true. But there are cases
> you can detect where the setting was, more likely than not, NOT set by the
> user. The former does not preclude the latter.
> 
> -Ian
> 
> On Wed, Jun 13, 2012 at 7:52 AM, Peter Cranstone <peter.cranstone@gmail.com>
> wrote:
>> Can you tell me (the forum) how you think the server knows that the default
>> was set by the OEM?
>> 
>> What do I look for in the header that tells me that?
>> 
>> 
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752 <tel:720.663.1752>
>> 
>> 
>> From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
>> Reply-To:  <ifette@google.com>
>> Date:  Wednesday, June 13, 2012 8:48 AM
>> 
>> To:  Peter Cranstone <peter.cranstone@gmail.com>
>> Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks" <brooks.dobbs@kbmg.com>,
>> Justin Brookman <jbrookman@cdt.org>, W3 Tracking <public-tracking@w3.org>
>> Subject:  Re: Today's call: summary on user agent compliance
>> Resent-From:  W3 Tracking <public-tracking@w3.org>
>> Resent-Date:  Wed, 13 Jun 2012 14:49:18 +0000
>> 
>>> The server knows two things.
>>> 
>>> The server knows what the default setting was ("none" "on" "off") and what
>>> setting it's seeing now.  If the setting is different than the default, it
>>> knows that the setting has been changed, presumably by the user but
>>> admittedly a third party (intermediary or software) could also change it.
>>> Such is life.
>>> 
>>> In the case of "setting == default" then the server has strictly less
>>> information than in the previous scenario -- it has NO way of knowing, the
>>> "default" has obscured the user's ability to make a preference, and thus the
>>> server can conclude that the UA doesn't offer the user a complaint
>>> mechanism.
>>> 
>>> On Wed, Jun 13, 2012 at 7:40 AM, Peter Cranstone <peter.cranstone@gmail.com>
>>> wrote:
>>>> Nope. Still fails your test.
>>>> 
>>>> You have no idea who made the decision. So using your logic every copy of
>>>> MSIE is non compliant because Microsoft shipped it by default. If I get a
>>>> copy of windows 8, turn it off and then turn it on BEFORE I send a request
>>>> to a server how do you know?
>>>> 
>>>> The server only knows one thing – DNT:1 that's it. It has NO idea who set
>>>> it, you, the OEM or a 3rd party add on.
>>>> 
>>>> 
>>>> 
>>>> Peter
>>>> ___________________________________
>>>> Peter J. Cranstone
>>>> 720.663.1752 <tel:720.663.1752>
>>>> 
>>>> 
>>>> From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
>>>> Reply-To:  <ifette@google.com>
>>>> Date:  Wednesday, June 13, 2012 8:36 AM
>>>> 
>>>> To:  Peter Cranstone <peter.cranstone@gmail.com>
>>>> Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks"
>>>> <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, W3 Tracking
>>>> <public-tracking@w3.org>
>>>> Subject:  Re: Today's call: summary on user agent compliance
>>>> 
>>>>> The point is that with IE your decision is masked by MSFT's default. If
>>>>> you turn it off, I know that you've made a decision, but if you turn it
>>>>> back on again I have no way of knowing if you're a user that made a
>>>>> decision or not.
>>>>> 
>>>>> With FF it is __NOT__ proposed to be "off" by default. It is proposed to
>>>>> be unset by default. You turn it on I know you made an explicit decision.
>>>>> You set it to off and I know you made an explicit decision.
>>>>> 
>>>>> -Ian
>>>>> 
>>>>> On Wed, Jun 13, 2012 at 7:27 AM, Peter Cranstone
>>>>> <peter.cranstone@gmail.com> wrote:
>>>>>> Nope.
>>>>>> 
>>>>>> I install MSIE and it's on by default. So I turn it off. 2 days later I
>>>>>> decide I want to turn it on again.
>>>>>> 
>>>>>> I install FF and it's off by default. So I turn it on. 2 days later I
>>>>>> decide I want to turn it off again.
>>>>>> 
>>>>>> There's no functional difference between those two statements. The spec
>>>>>> cannot determine "who" turned it on or off.
>>>>>> 
>>>>>> 
>>>>>> Peter
>>>>>> ___________________________________
>>>>>> Peter J. Cranstone
>>>>>> 720.663.1752 <tel:720.663.1752>
>>>>>> 
>>>>>> 
>>>>>> From:  "Ian Fette   (イアンフェッティ)" <ifette@google.com>
>>>>>> Reply-To:  <ifette@google.com>
>>>>>> Date:  Wednesday, June 13, 2012 8:24 AM
>>>>>> To:  Peter Cranstone <peter.cranstone@gmail.com>
>>>>>> Cc:  Nicholas Doty <npdoty@w3.org>, "Dobbs, Brooks"
>>>>>> <brooks.dobbs@kbmg.com>, Justin Brookman <jbrookman@cdt.org>, W3 Tracking
>>>>>> <public-tracking@w3.org>
>>>>>> 
>>>>>> Subject:  Re: Today's call: summary on user agent compliance
>>>>>> 
>>>>>>> The difference is that with IE you can't tell, and with FF you can tell.
>>>>>>> 
>>>>>>> As for being set by intermediary, we prohibited that in the spec as
>>>>>>> well, but there's not a great way to tell this. Presumably you might see
>>>>>>> something like "100% of users coming from this ASN are using DNT" if you
>>>>>>> cared to look, but it is a much harder question.
>>>>>>> 
>>>>>>> -Ian 
>>>>>>> 
>>>>>>> On Wed, Jun 13, 2012 at 7:18 AM, Peter Cranstone
>>>>>>> <peter.cranstone@gmail.com> wrote:
>>>>>>> Nick,
>>>>>>> 
>>>>>>> Question: How do you know if this is 'truly the preference of the user'?
>>>>>>> 
>>>>>>> For example
>>>>>>> 1. I install Windows 8 and MSIE sends the DNT:1 header by default.
>>>>>>> 2. I install Firefox 12 or 13 and then turn on DNT:1
>>>>>>> What's the difference that you can determine with server code?
>>>>>>> 
>>>>>>> Second question: How do you know it's been set by a vendor or
>>>>>>> intermediary?
>>>>>>> * Proxy server adds DNT:1 to all outgoing HTTP requests.
>>>>>>> * Server sees DNT:1 on the incoming request  there's been NO other
>>>>>>> change to the UA
>>>>>>> 
>>>>>>> 
>>>>>>> Peter
>>>>>>> ___________________________________
>>>>>>> Peter J. Cranstone
>>>>>>> 720.663.1752 <tel:720.663.1752>
>>>>>>> 
>>>>>>> 
>>>>>>> From:  Nicholas Doty <npdoty@w3.org>
>>>>>>> Date:  Wednesday, June 13, 2012 12:26 AM
>>>>>>> To:  "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
>>>>>>> Cc:  Justin Brookman <jbrookman@cdt.org>, W3 Tracking
>>>>>>> <public-tracking@w3.org>
>>>>>>> 
>>>>>>> Subject:  Re: Today's call: summary on user agent compliance
>>>>>>> Resent-From:  W3 Tracking <public-tracking@w3.org>
>>>>>>> Resent-Date:  Wed, 13 Jun 2012 06:27:03 +0000
>>>>>>> 
>>>>>>> On Jun 8, 2012, at 4:27 PM, Dobbs, Brooks wrote:
>>>>>>> 
>>>>>>> I think the problem is that compliance is based on both sides ability to
>>>>>>> honor user preference.  If one side forges user preference, and the
>>>>>>> other side can correctly only be compliant by acting on actual user
>>>>>>> preference, there is an untenable situation.  Where a UA sends a well
>>>>>>> formed header absent having obtained a preference from the user, the
>>>>>>> recipient server will always be forced into non-compliance, no matter
>>>>>>> which action it takes.
>>>>>>> 
>>>>>>> Two cases come to mind:
>>>>>>> 1. If a UA sends a DNT:1 by default, AND this is truly the preference of
>>>>>>> the user, if the server fails to respond accordingly to DNT:1  then
>>>>>>> arguably compliance has not been achieved.
>>>>>>> 2. If, conversely, a server honors a well formed DNT:1 set by a vendor
>>>>>>> or intermediary, absent such being the actual preference of the the
>>>>>>> user, again preference has not been honored and compliance not
>>>>>>> maintained.
>>>>>>> For the second case: I'm not aware of anything in draft specifications
>>>>>>> that would make a server non-compliant if it treated a user that hadn't
>>>>>>> expressed a DNT:1 preference as if it had. For example, we don't have
>>>>>>> any requirements that a user who arrives with DNT:0 must be tracked. You
>>>>>>> might confuse a user if you provide a very different experience under
>>>>>>> DNT:1 and it was inserted by an intermediary unbeknownst to the user,
>>>>>>> but I don't see any issues with compliance with this group's
>>>>>>> specifications.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> Nick
>>>>>>> 
>>>>> 
>>> 
>
Received on Wednesday, 13 June 2012 15:11:08 UTC