On 11/7/12 1:48 AM, Nicholas Doty wrote:
> Hi David,
>
>> I'm not clear on what this is describing:
>>
>> * /A third-party could provide transparency about their own data
>> practices in order to persuade users to pre-emptively provide
>> user-granted exceptions. A third-party tracker might use a
>> machine-readable policy (for example, P3P) or some indication of
>> compliance with a self-regulatory program or auditing practice .
>> Users that care to might configure their user agents to grant
>> exceptions (and thus send DNT:0 signals) to trackers with such
>> practices./
>>
>> Is this a suggested implementation for UA's to grant exceptions based
>> on p3p or on participation in self-reg programs?
>
> I was trying to get at the more general point that a user might
> configure their browser to send DNT:0 to a set of domains or resources
> based on some other signal besides a JavaScript-initiated exception
> request. This text isn't meant to recommend any particular UA
> implementation (this is non-normative text), but to note the
> possibility of UAs that granted exceptions based on the presence of a
> particular P3P policy, an indication of participation in an industry
> self-regulatory program, or some other insight into the relevant data
> handling practices.
>
> Happy to accept a suggestion of clearer text on this point, or to
> explain further.
>
It's confusing because it talks about what a third-party might do, but
in fact is alluding to possible UA implementations. Without UA
additional UA features, third-parties will be limited to the JS API and
UA exception storage, or out of band exceptions in a cookie or
something, right?