- From: David Singer <singer@apple.com>
- Date: Tue, 27 Mar 2012 16:45:10 -0700
- To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
I tend to wonder whether we've got the right model here. As I see it (maybe askew), we're saying that roughly: * the user visits a 1st party site with DNT on, and the first party loads some scripts into the UA, which then "asks the user" (actually the UA) to get some kind of exception for this 1st party site's 3rd parties. If granted, the UA will then send DNT:0 to those 3rd parties when present on that 1st party. In some sense, we're asking that the UA remember something and return it later - which is what cookies do. I think it equally likely, and rather easier to engineer, that the 1st party site sees the DNT header and takes the user to a page, where it can explain * either accept the reduced site for DNT-users * or pay for the premium tracking-and-advertising free site; * or grant my third parties an exception. If the user chooses the last, the 1st party does an "out of band" signal to the 3rd party (e.g. by using a special URL form) that they has the exception, and the 3rd party can then use a cookie to remember that. All that remains is when the UA sees the [response header | well-known resource] saying "this 3rd party claims a user exception on this 1st party site" the UA can check with the user, if it likes, and then remember that. In this case, the 3rd party would get the 'blanket' DNT:1 from the UA, and the cookie that it set saying "but this user gave me an exception". It seems that using regular pages to do the explanation and interaction could be more pleasant than scripts. In this scenario, the UA can still allow the user to configure 'trusted third parties' or 'trusted 3rd parties when on specific 1st parties' if it likes, as well (and send them DNT:0). David Singer Multimedia and Software Standards, Apple Inc.
Received on Tuesday, 27 March 2012 23:45:39 UTC