Re: tracking-ISSUE-150: DNT conflicts from multiple user agents [Tracking Definitions and Compliance] from Justin Brookman on 2012-06-19 (public-tracking@w3.org from June 2012)

From: Justin Brookman <jbrookman@cdt.org>
Date: Tue, 19 Jun 2012 12:39:51 -0400
To: public-tracking@w3.org
Message-ID: <99521ed0-7a6c-491d-be88-962a598b5c38@blur>

I don't really disagree with any of this.  If businesses want to bombard  
DNT:1 users with requests to track all the time, far be it from me to stop  
them.  I just want to avoid a scenario where hundreds of third parties are  
making independent evaluations of user intent/user-agent compliance and  
disregarding DNT:1 headers while claiming compliance with the standard.  As  
you say, that would frustrate the purpose of the global DNT standard and  
undermine trust in this process.  But if publishers and third parties want  
to harass or limit DNT:1 users from obtaining content, I'm comfortable  
letting the market work that out.

I'm also interested in hearing more practical ideas for ensuring user agent  
compliance with the notion that DNT:1 should be an expression of user  
preference.  I still haven't heard arguments against my suggestion that UAs  
invite legal liability by sending the preference without user consent, which  
may be sufficient to deter secret injection of headers (but I may have  
missed in all the traffic).

Sent via mobile, please excuse curtness and typos

-----Original message-----
From: Matthias Schunter <mts-std@schunter.org>
To: Justin Brookman <justin@cdt.org>
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Sent: Tue, Jun 19, 2012 16:21:02 GMT+00:00
Subject: Re: tracking-ISSUE-150: DNT conflicts from multiple user agents  
[Tracking   Definitions and Compliance]

Hi Justin,


my humble opinion...

We have agreed that the DNT value should reflect the preference of the
user. This includes that it is OK if a privacy-suite that is installed
by the user (as an expression of preference) modifies Mozilla to send
DNT;1 (or inserts a corresponding plugin or installs a modified  browser).

I believe that just ignoring the DNT header is not an option (no matter
what tool has inserted it). This holds for DNT;1 as well as DNT;0. The
reason (from my perspective) is that this would violate the principle of
transparency.

The only thing an enterprise may do is to tell the user that it's
preference of DNT;1 is not acceptable (e.g., by redirecting to a special
landing page). This rejection can have various reasons and it seems to
be similar to the case where we agreed that sites may choose to refuse
to serve DNT;1 users or choose to offer a version with 'light'  or paid
content. This landing page may also ask for changing settings etc.

Whether these businesses want to treat this customer segment in such a
way should not be our decision and should be left to the individual
enterprise and their customers.

The only thing we MUST avoid is that a user agent sends DNT;1 and that
the user is then tracked without strong notices since this would
significantly undermine the trust into our standard.


Just my 2cents,

matthias






in my humble opinion, we have two option
On 02/06/2012 00:31, Justin Brookman wrote:
> As a user, if I'm going to pick a par

Received on Tuesday, 19 June 2012 16:40:21 UTC