- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Tue, 6 Mar 2012 10:44:39 -0800
- To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- CC: Matthias Schunter <mts@zurich.ibm.com>
Rigo, We're on the same page - they would be able to query for exception only "of _that_ service". - Shane -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: Tuesday, March 06, 2012 1:43 PM To: public-tracking@w3.org Cc: Shane Wiley; Matthias Schunter Subject: Re: Work ahead; volunteers? Shane, only to be sure I understand: I think you're addressing an issue of the user agent. And I think a user agent should communicate with the service about the exceptions of _that_ service. This is a necessary communication channel IMHO if we want consent building and adaptive services. So if you're arguing for that, I'm with you. But this shouldn't mean that anybody can just query all exceptions which could be a privacy disaster if you go to health.insurance.example.com and they discover you have a DNT exception entry for contentious.health.form.example.org. Kevin, IMHO this is needed for human reasons because the service wants to know whether their opt-back-in strategy worked or on which page users are tripping and put on DNT etc. Just social experience from DNT and no strong feeling from me about whether to allow or not. IMHO it is just better with such a query system. Rigo On Tuesday 06 March 2012 06:59:18 Shane Wiley wrote: > I don't believe the following issue is closed (or if it is, I'll propose we > reopen the issue as Server-Side interrogation of site-specific exceptions > will be an important option -- bad actors can find numerous other ways to > digitally fingerprint a user's system and I believe we've agreed to not > cripple the DNT standard in attempts to manage bad actors). > > "- we decided not to provide an API for retrieving the set > of exceptions for a server due to the resulting finger > printing risks"
Received on Tuesday, 6 March 2012 18:45:28 UTC