- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 30 May 2012 17:57:24 -0700
- To: David Singer <singer@apple.com>
- Cc: Tracking Protection Working Group <public-tracking@w3.org>
On May 30, 2012, at 5:00 PM, David Singer wrote: >> Second, due to multiple addons that support Do Not Track, there could be conflicts. For example, a user could turn off DNT (not unset, actually off, sending DNT:0) in Firefox, yet install Abine's "Do Not Track Plus" addon (which sends DNT:1). More fun, users could have three different addons, each with a different value. Do we have either best practices or requirements for user agents here? > > Ah, I suspect the TPE spec. needs to say that there may be at most one DNT header? More than one DNT header field is not allowed by the syntax. HTTP only allows header fields to be repeated if the value is defined as a comma-separated list. >> Third, while we have documented DNT as being on / off / unset, do we want to write that as a requirement for user agents? User interface is out of scope by charter, but we could require user agents to offer all three options. Currently we only state all three are possible values (which we do document well.) > > Unless DNT:0 means something other than no DNT, for server behavior, I think the user only needs to be asked "DNT with that, sir?". DNT:0 is an artefact of the way that exceptions (user-granted) work, not a third choice. I hope. It was proposed that DNT:0 be configurable as a web-wide opt-in, as a means of allowing users to bypass endless pop-ups and display-overs asking them to give consent on each new site. ....Roy
Received on Thursday, 31 May 2012 00:57:49 UTC