- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 05 Mar 2012 10:59:41 +0100
- To: "public-tracking@w3.org" <public-tracking@w3.org>
Hi all,
in our last teleconference I was complaining about the confusion between
considerations for user agents and considerations for services. I got an
action to write the changes I had in mind into concrete text. This is what
I've done below.
I've tweaked the wording to the user agent implementers and added wording on
assumptions for the services receiving or not receiving a DNT header. IMHO,
both things follow fundamentally different considerations. And this justifies
to address user agents on the one side and services on the other side in two
different sections.
Best,
Rigo
=============================================
<h2>Expressing a Tracking Preference</h2>
<section id='expression-format'>
<h3>Expression Format</h3>
<p>
The tracking preference has two centers of attention: The user agent
administrating the user's preference and interfacing as needed. And the
service who implements its reaction to the expression or non-expression
of a tracking preference.
</p>
<h4>User agent considerations</h4>
<p>
When a user has <a>enabled</a> a tracking preference, that
preference needs to be expressed to all mechanisms that might perform
or initiate tracking by third parties, including sites that the user
agent communicates with via HTTP, scripts that can extend behavior on
pages, and plug-ins or extensions that might be installed and
activated for various media types.
</p>
<p>
When <a>enabled</a>, a tracking preference is expressed by the user
agent as either:
<table class="simple" width="80%" align="center">
<tr><th>DNT</th>
<th>meaning</th>
</tr>
<tr><td align="middle">1</td>
<td>The user prefers not to be tracked for the target site or
range of sites.</td>
</tr>
<tr><td align="middle">0</td>
<td>This user prefers to allow tracking on the target site.<td>
</tr>
</table>
</p>
<p>
If a tracking preference is <a>not enabled</a>, or hasn't been set
by the user, then no preference is sent by the user agent. This
means that no expression is sent for each of the following cases:
<ul>
<li>the user agent does not implement this protocol; or</li>
<li>the user agent does implement the protocol, but the user has
not yet or does not wish to indicate a preference at this time.</li>
</ul>
</p>
<h4>Service considerations</h4>
<p>
A service receiving a tracking preference MUST assume the following:
<table class="simple" width="80%" align="center">
<tr>
<th>DNT</th>
<th>meaning</th>
</tr>
<tr>
<td align="middle">1</td>
<td>This user prefers not to be tracked on the requested site.</td>
</tr>
<tr>
<td align="middle">0</td>
<td>This user allows tracking on the requested site.</td>
</tr>
</table>
</p>
<p>
If a service does not receive a DNT header or if the DNT header doesn't
contain the appropriate values as specified herein, the service can not
assume any preference out of that interaction.
</p>
<p>
Nevertheless, in the absence of regulatory, legal, or other
requirements, servers MAY interpret the lack of an expressed tracking
preference as they find most appropriate for the given user,
particularly when considered in light of the user's privacy
expectations and cultural circumstances. Likewise, servers might make
use of other preference information outside the scope of this
protocol, such as site-specific user preferences or third-party
registration services, to inform or adjust their behavior when no
explicit preference is expressedvia this protocol.
</p>
<p>
In the absence of a preference expressed by the user, services are
encouraged to use the <a
href="#javascript_api_to_prompt_for_exceptions"> JavaScript API to
prompt for exceptions</a> to determine the user's preference for
further interactions.
</p>
Received on Monday, 5 March 2012 10:00:14 UTC