Re: Work ahead; volunteers?

Shane, 

only to be sure I understand:

I think you're addressing an issue of the user agent. And I think a user agent 
should communicate with the service about the exceptions of _that_ service. 
This is a necessary communication channel IMHO if we want consent building and 
adaptive services. So if you're arguing for that, I'm with you. 

But this shouldn't mean that anybody can just query all exceptions which could 
be a privacy disaster if you go to health.insurance.example.com and they 
discover you have a DNT exception entry for 
contentious.health.form.example.org. 

Kevin, IMHO this is needed for human reasons because the service wants to know 
whether their opt-back-in strategy worked or on which page users are tripping 
and put on DNT etc. Just social experience from DNT and no strong feeling from 
me about whether to allow or not. IMHO it is just better with such a query 
system. 

Rigo

On Tuesday 06 March 2012 06:59:18 Shane Wiley wrote:
> I don't believe the following issue is closed (or if it is, I'll propose we
> reopen the issue as Server-Side interrogation of site-specific exceptions
> will be an important option -- bad actors can find numerous other ways to
> digitally fingerprint a user's system and I believe we've agreed to not
> cripple the DNT standard in attempts to manage bad actors).
> 
> "- we decided not to provide an API for retrieving the set
>   of exceptions for a server due to the resulting finger
>   printing risks"

Received on Tuesday, 6 March 2012 18:43:16 UTC