- From: Tamir Israel <tisrael@cippic.ca>
- Date: Thu, 14 Jun 2012 01:00:31 -0400
- To: ifette@google.com
- CC: Rigo Wenning <rigo@w3.org>, public-tracking@w3.org, Kevin Smith <kevsmith@adobe.com>, "Roy T. Fielding" <fielding@gbiv.com>
- Message-ID: <4FD96FEF.10807@cippic.ca>
I think treading the line between "annoying" and "ensuring exception requests are brought to users' attention" is not an impossible one to draw. Rigo's dashboard (which btw is in PRE alpha :P) and Jonathan's banner are less intrusive than your typical plug-in prompt, and users are able to 'accept' from the bar itself. Also, I took Rigo's point to be that web-wide exceptions would build momentum, While much will certainly come down to specific browser implementations, if one browser's users are plagued with an excess of annoyances vis a vis others, this will surely take care of itself. I think, however, it is in everyone's interest to resolve this through the spec. Otherwise you can get the following scenario: MSIE: DNT-1 (set by default) Server: Neg ACK (I have taken a look at MSIE's implementation of the standard and I do not deem this DNT-1 to be a valid expression of user choice). MSIE: prompts the user (through an in-browser dashboard it has developed): this server has failed to acknowledge your DNT-1. Please select one of the following a.) I don't want to be tracked by this server; b.) I do want to be tracked by this server; c.) I'm generally ok with being tracked, please stop bothering me. User: I pick 'a.) I don't want to be tracked by this server' MSIE: DNT-1 (again) Server: ???? The server is basing its rejection of the first DNT-1 on its own research and the assessment that it did not result from 'user choice'. I don't think it can do so for the second DNT-1. Indeed, this second DNT-1 is fully compliant as far as I can tell. So, I think we are better off addressing this within the spec by more working with the exceptions. Best, Tamir On 6/13/2012 8:00 PM, Ian Fette (イアンフェッティ) wrote: > Rigo, I didn't mean to suggest it had to be a literal popup. It could > be any sort of mechanism (infobar, flashing lights, whatever). The > point is that if it's to be acceptable to the companies representing > the third parties likely to be requesting exceptions, it will have to > be rather prominent. And if it's rather prominent, then the browser > vendors will be incentivized to reduce the number of times it shows up > in an unwanted sense ("it's annoying"). > > Unless you're suggesting that the browser decide based on heuristics > of when it thinks the user is likely to click "yes" based on the > user's past history, and either answers for them (seems like it would > violate "express consent") or just doesn't answer at all (doesn't give > third parties equal footing and would greatly disincentivize them from > participating in DNT). > > I'm not saying there's _nothing_ we can do here, but it does seem that > the likely outcome is that it's not quite so simple :) > > On Wed, Jun 13, 2012 at 4:53 PM, Rigo Wenning <rigo@w3.org > <mailto:rigo@w3.org>> wrote: > > On Wednesday 13 June 2012 16:38:21 Ian Fette wrote: > > Because I thought we said earlier (in DC) that we expected > > browsers would only show exception UI in response to a user > > gesture. Otherwise, you end up with popups on every page (which > > apparently some people think is an OK outcome). > > Ok, I challenge you with my research result: > > When Dave made the privacy dashboard, I had the idea that everybody > has their "known territory" in the digital world. I uncovered this > while training my CRM114 spam-protection system. It would start by > asking me for every other email. After 3 weeks, accuracy was over > 90%. After 4 month of training, I got one false positive and about 5 > false negatives per month. > > Translated into the dashboard, we had this hanging bar. It would > only appear if you encounter something new. This is what users > expect. It works on a per-site basis and has per-site permissions. > Try it at code.w3.org/privacy-dashboard/ > <http://code.w3.org/privacy-dashboard/> UI was tested in UX labs. > It is still somewhat alpha.. I don't want to mandate anything, just > suggest that we think beyond "pop up". > > It has shown a way to inform the user that is not invasive (pop up) > and still does the trick. So we may have a third way. We should at > least look at that option. > > Rigo > >
Received on Thursday, 14 June 2012 05:01:33 UTC