- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Mon, 5 Mar 2012 04:48:15 -0800
- To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Rigo, Thank you for developing this draft language. Outside of smaller subjective edit suggestions I'll save for now, there does appear to be a larger logic issue towards the end of the text which I believe will need to be modified: "Likewise, servers might make use of other preference information outside the scope of this protocol, such as site-specific user preferences or third-party registration services, to inform or adjust their behavior when no explicit preference is expressed via this protocol." In the circumstance of "site-specific user preferences or third-party registration services" I believe we would consider these out-of-band user consent structures and therefore the language around "when no explicit preference is expressed via this protocol" is an incorrect statement as even WITH a preference expressed via this protocol, the out-of-band user consent would trump. I would recommend you remove the last portion of the sentence starting with "when". Result: ""Likewise, servers might make use of other preference information outside the scope of this protocol, such as site-specific user preferences or third-party registration services, to inform or adjust their behavior." Thank you, Shane -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: Monday, March 05, 2012 5:00 AM To: public-tracking@w3.org Subject: ACTION-141: Draft text on DNT Expressing a Tracking Preference Hi all, in our last teleconference I was complaining about the confusion between considerations for user agents and considerations for services. I got an action to write the changes I had in mind into concrete text. This is what I've done below. I've tweaked the wording to the user agent implementers and added wording on assumptions for the services receiving or not receiving a DNT header. IMHO, both things follow fundamentally different considerations. And this justifies to address user agents on the one side and services on the other side in two different sections. Best, Rigo ============================================= <h2>Expressing a Tracking Preference</h2> <section id='expression-format'> <h3>Expression Format</h3> <p> The tracking preference has two centers of attention: The user agent administrating the user's preference and interfacing as needed. And the service who implements its reaction to the expression or non-expression of a tracking preference. </p> <h4>User agent considerations</h4> <p> When a user has <a>enabled</a> a tracking preference, that preference needs to be expressed to all mechanisms that might perform or initiate tracking by third parties, including sites that the user agent communicates with via HTTP, scripts that can extend behavior on pages, and plug-ins or extensions that might be installed and activated for various media types. </p> <p> When <a>enabled</a>, a tracking preference is expressed by the user agent as either: <table class="simple" width="80%" align="center"> <tr><th>DNT</th> <th>meaning</th> </tr> <tr><td align="middle">1</td> <td>The user prefers not to be tracked for the target site or range of sites.</td> </tr> <tr><td align="middle">0</td> <td>This user prefers to allow tracking on the target site.<td> </tr> </table> </p> <p> If a tracking preference is <a>not enabled</a>, or hasn't been set by the user, then no preference is sent by the user agent. This means that no expression is sent for each of the following cases: <ul> <li>the user agent does not implement this protocol; or</li> <li>the user agent does implement the protocol, but the user has not yet or does not wish to indicate a preference at this time.</li> </ul> </p> <h4>Service considerations</h4> <p> A service receiving a tracking preference MUST assume the following: <table class="simple" width="80%" align="center"> <tr> <th>DNT</th> <th>meaning</th> </tr> <tr> <td align="middle">1</td> <td>This user prefers not to be tracked on the requested site.</td> </tr> <tr> <td align="middle">0</td> <td>This user allows tracking on the requested site.</td> </tr> </table> </p> <p> If a service does not receive a DNT header or if the DNT header doesn't contain the appropriate values as specified herein, the service can not assume any preference out of that interaction. </p> <p> Nevertheless, in the absence of regulatory, legal, or other requirements, servers MAY interpret the lack of an expressed tracking preference as they find most appropriate for the given user, particularly when considered in light of the user's privacy expectations and cultural circumstances. Likewise, servers might make use of other preference information outside the scope of this protocol, such as site-specific user preferences or third-party registration services, to inform or adjust their behavior when no explicit preference is expressedvia this protocol. </p> <p> In the absence of a preference expressed by the user, services are encouraged to use the <a href="#javascript_api_to_prompt_for_exceptions"> JavaScript API to prompt for exceptions</a> to determine the user's preference for further interactions. </p>
Received on Monday, 5 March 2012 12:49:05 UTC