Re: JS Exception API [ISSUE-112]

On Mar 1, 2012, at 3:36 PM, Kevin Smith wrote:
>> ISSUE: Should a request for a tracking exception apply to all subdomains of the first party making the request? Or should a first party explicitly list the subdomains that it's asking for? Similarly, should third party subdomains be allowed (e.g. *
>> **Proposal** Exceptions are requested for fully-qualified domain names.
> I understand and somewhat agree with the reasoning behind this.  However, this will greatly increase the number of exception request popups that user's experience.  I am concerned that this will make the experience so poor that it will actual drive users to turn off DNT.  More importantly - I suggest that we do not keep trying to reinvent our own wheels.  Whatever definition we come to for 1st parties (brand based, affiliation based etc) - let's use that here as well.  If we define two or more different ways to define a 1st party, we will confuse users even more.  

I understand the motivation for not duplicating definitions. But however we define the extent of a party in the compliance doc, user-agent-managed site-specific exceptions will need to maintain lists of domain name pairs to which a DNT:0 header should be sent and there's no guarantee that branding/affiliation/user expectation will have a deterministic mapping to domain names.

I agree with Matthias that good user agent UI can intelligently collapse long lists of exceptions. The user agent could also provide the option (even a default) to persist this permission for all subdomains of the current domain in order to decrease the number of questions the user is explicitly asked. It's even been suggested that the dnt-sites.txt list (or other implementations of that list) could be used to intelligently persist exceptions.


Received on Wednesday, 7 March 2012 00:52:51 UTC