Re: Modifying a DNT Header (ISSUE-153, ACTION-285)

On 11/7/12 3:42 PM, David Singer wrote:

>> The consequence would be that all current extension mechanisms of
>> popular UAs such as Firefox, Chrome and IE would fail to meet this
>> criterium.
> I don't believe that's true.  The UA is *not* just the core code base
> of the browser as distributed by the manufacturer.  The UA is the
> entire 'opaque box' that terminates the HTTP protocol.  A browser
> that allows plug-ins allows them *inside* that box;  from our point
> of view, the plug-ins are part of the UA, and that collection of
> software is responsible for making sure that they follow the rules.

I would agree that the UA is that collection and that the whole of that
collection should meet the specification. And even if I were to
disagree, you have probably more forgotten about UAs than I will ever
learn, so let's not get there anyway.

> We have requirements (reflecting the user intent) on what comes out
> of the box.  I still do not believe we need to say more.  If, like
> Bryan, you want to be able to make that box out of a cloud of
> entities co-operating over a network, then you can do that as well.

Here is were we may be in disagreement on: who bears the responsibility
for meeting that requirement. If we are to consider the UA the whole of
the termination point of HTTP-traffic, then it is not reasonable to
expect the supplier of a single part of that whole to responsible for
it. Simply because the other parts are quite likely chosen by the user
and unless we want to impose through this standard on browser suppliers
the requirement to make their extension  and plug-in ecosystem a walled
garden I don't see that as a fair requirement.

And even if we are to impose that requirement, I would be vehemently
opposed to it, since it would exclude open source browsers such as
Mozilla, Chromium and lesser known others from ever being compliant with
the spec. Their licensing model would never make any walled garden feasible.

Moreover, it would be against at least the spirit of the W3C policies
which stipulate maximum room for implementation of every W3C standard.

Lastly, it would not be effective since we still have proxies, even at
desktop equipment who may be modifying a DNT header per the user's
request without touching the browser configuration.

So all in all I would be fine with a requirement to check changes in
stored user preferences with the user to make sure that the user's
intentions are being expressed if it is detected that they have been
changed by third-party components (either inside or outside the UA
'box'), but nothing further than that.



Received on Wednesday, 7 November 2012 19:59:54 UTC