Re: ISSUE-138, ACTION-319, exceptions without javascript

On 11/7/12 1:48 AM, Nicholas Doty wrote:
> Hi David,
>> I'm not clear on what this is describing:
>> * /A third-party could provide transparency about their own data 
>> practices in order to persuade users to pre-emptively provide 
>> user-granted exceptions. A third-party tracker might use a 
>> machine-readable policy (for example, P3P) or some indication of 
>> compliance with a self-regulatory program or auditing practice . 
>> Users that care to might configure their user agents to grant 
>> exceptions (and thus send DNT:0 signals) to trackers with such 
>> practices./
>> Is this a suggested implementation for UA's to grant exceptions based 
>> on p3p or on participation in self-reg programs?
> I was trying to get at the more general point that a user might 
> configure their browser to send DNT:0 to a set of domains or resources 
> based on some other signal besides a JavaScript-initiated exception 
> request. This text isn't meant to recommend any particular UA 
> implementation (this is non-normative text), but to note the 
> possibility of UAs that granted exceptions based on the presence of a 
> particular P3P policy, an indication of participation in an industry 
> self-regulatory program, or some other insight into the relevant data 
> handling practices.
> Happy to accept a suggestion of clearer text on this point, or to 
> explain further.
It's confusing because it talks about what a third-party might do, but 
in fact is alluding to possible UA implementations. Without UA 
additional UA features, third-parties will be limited to the JS API and 
UA exception storage, or out of band exceptions in a cookie or 
something, right?

Received on Wednesday, 7 November 2012 14:44:31 UTC