On 11/7/12 1:48 AM, Nicholas Doty wrote: > Hi David, > >> I'm not clear on what this is describing: >> >> * /A third-party could provide transparency about their own data >> practices in order to persuade users to pre-emptively provide >> user-granted exceptions. A third-party tracker might use a >> machine-readable policy (for example, P3P) or some indication of >> compliance with a self-regulatory program or auditing practice . >> Users that care to might configure their user agents to grant >> exceptions (and thus send DNT:0 signals) to trackers with such >> practices./ >> >> Is this a suggested implementation for UA's to grant exceptions based >> on p3p or on participation in self-reg programs? > > I was trying to get at the more general point that a user might > configure their browser to send DNT:0 to a set of domains or resources > based on some other signal besides a JavaScript-initiated exception > request. This text isn't meant to recommend any particular UA > implementation (this is non-normative text), but to note the > possibility of UAs that granted exceptions based on the presence of a > particular P3P policy, an indication of participation in an industry > self-regulatory program, or some other insight into the relevant data > handling practices. > > Happy to accept a suggestion of clearer text on this point, or to > explain further. > It's confusing because it talks about what a third-party might do, but in fact is alluding to possible UA implementations. Without UA additional UA features, third-parties will be limited to the JS API and UA exception storage, or out of band exceptions in a cookie or something, right?
Received on Wednesday, 7 November 2012 14:44:31 UTC