Re: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal

Question in text below.

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org

On Nov 1, 2012, at 3:32 PM, Roy T. Fielding wrote:

> On Oct 31, 2012, at 2:32 PM, John Simpson wrote:
> 
>> Not to imply that I agree that a server can ignore a facially valid DNT message, however the WG comes on this, I'd say if server plans to disregard DNT it MUST notify the UA.
> 
> Please understand that it is necessary, for the survival of the Web,
> that a server have the ability to disregard protocol elements that do not
> adhere to their assigned semantics.  It is one of the very few aspects
> of the Web that allow it to survive the tragedy of the commons.
> I cannot emphasize enough that this principle is far more important
> than anything the W3C has worked on, including DNT.
> 
> If automated transparency is desired, then the solution is to provide
> a means for the server to say that it won't comply with an invalid signal.
> In order for that to be required, it must be a mechanism usable
> by servers that have no direct access to the GUI, including redirect
> handlers and beacons, which means it must be in the tracking status
> value.
Is there a problem with it being in the tracking status value?
> 
> If no protocol mechanism is provided, then it is likely that users
> will be notified via the privacy policy, assuming that the server
> adheres to any DNT signals.

A privacy policy that is rarely read by anyone doesn't seem to be an adequate means of notification.
> 
> ....Roy
> 

Received on Thursday, 1 November 2012 23:10:42 UTC