- From: Peter Cranstone <peter.cranstone@gmail.com>
- Date: Wed, 20 Jun 2012 07:48:08 -0600
- To: "Grimmelmann, James" <James.Grimmelmann@nyls.edu>, "public-tracking@w3.org" <public-tracking@w3.org>
James, I agree in general. However what about a modification? >> "But once websites have an excuse to look beyond the header they >>receive, Do >> Not Track is dead as a practical matter Note quite. Websites can look beyond the header - what they cannot do is NOT respond with a reason why they've made a particular choice. The way the current spec reads you're right. The server MAY "chose" not to respond. How about we change that MAY to a MUST. Now all of a sudden it works. The server looks, decides and then communicates back to the user. The user says "this was my intent" so please honor my DNT setting. Server sets a cookie and goes about it's business. >> >> Being able to>> question whether a user really meant her Do Not Track >>header is a license to >> ignore what she does mean. >> See above. It's all about the ability to communicate intent. It's a two way street. The spec just needs to be tweaked to change some MAY's to a MUST. Of course the work load on the server, the bandwidth consumed (think mobile) and the UI that the user sees all become the next reason why the spec will not be followed. It makes all the sense in the world to simply accept the incoming DNT flag as the users choice, because the alternatives will not be followed without regulations and fines. Peter ___________________________________ Peter J. Cranstone 720.663.1752 -----Original Message----- From: "Grimmelmann, James" <James.Grimmelmann@nyls.edu> Date: Tuesday, June 19, 2012 11:05 PM To: W3 Tracking <public-tracking@w3.org> Subject: Defaults and compliance Resent-From: W3 Tracking <public-tracking@w3.org> Resent-Date: Wed, 20 Jun 2012 08:24:57 +0000 >I've been following with concern the discussions on the list about the >threshold of user consent required for a user agent to set a DNT: 1 >header. >In particular, I'm worried by suggestions that the standard might invite >websites receiving the header to second-guess the process by which it was >set. I've written up a blog post explaining my concerns: > >http://laboratorium.net/archive/2012/06/19/the_sabotage_of_do_not_track > >Here is the core of the argument: > >"But once websites have an excuse to look beyond the header they receive, >Do >Not Track is dead as a practical matter. A DNT:1 header is binary: it is >present or it is not. But second-guessing interface decisions is a >completely open-ended question. Was the check box to enable Do Not Track >worded clearly? Was it bundled with some other user preference? Might the >header have been set by a corporate network rather than the user? These >are >the kind of process questions that can be lawyered to death. Being able to >question whether a user really meant her Do Not Track header is a license >to >ignore what she does mean. > >Return to my point above about tools. I run a browser with multiple >plugins.. At the end of the day, these pieces of software collaborate to >set >a Do Not Track header, or not. This setting is under my control: I can >install or uninstall any of the software that was responsible for it. The >choice of header is strictly between me and my user agent. As far as the >Do >Not Track specification is concerned, websites should adhere to a >presumption of user competence: whatever value the header has, it has with >the tacit or explicit consent of the user." > >James > >-------------------------------------------------- >James Grimmelmann Professor of Law >New York Law School (212) 431-2864 >185 West Broadway james.grimmelmann@nyls.edu >New York, NY 10013 http://james.grimmelmann.net > >
Received on Wednesday, 20 June 2012 13:48:51 UTC