Re: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal

On Nov 1, 2012, at 4:10 PM, John Simpson wrote:
> On Nov 1, 2012, at 3:32 PM, Roy T. Fielding wrote:
>> If automated transparency is desired, then the solution is to provide
>> a means for the server to say that it won't comply with an invalid signal.
>> In order for that to be required, it must be a mechanism usable
>> by servers that have no direct access to the GUI, including redirect
>> handlers and beacons, which means it must be in the tracking status
>> value.
> Is there a problem with it being in the tracking status value?

I am not aware of any problem -- I was just trying to describe
all options.

>> If no protocol mechanism is provided, then it is likely that users
>> will be notified via the privacy policy, assuming that the server
>> adheres to any DNT signals.
> 
> A privacy policy that is rarely read by anyone doesn't seem to be an adequate means of notification.

Yes, it would not be my first choice.  A third party that is
supplying page content could notify the user directly.

....Roy

Received on Friday, 2 November 2012 09:29:48 UTC