RE: Modifying a DNT Header (ISSUE-153, ACTION-285)

As long as 3rd party changes are recorded and sent to the Server for assessment (Issue-143).  If 3rd party tools can game DNT (activate it with no user interaction and make it appear as if the browser is doing this), then I doubt many Servers will ever implement DNT.  This is a critical issue that needs to be resolved to the satisfaction of both sides of the debate if there is any hope for DNT to be a viable, voluntarily implemented, standard.

- Shane

-----Original Message-----
From: Walter van Holst [mailto:walter.van.holst@xs4all.nl] 
Sent: Wednesday, November 07, 2012 12:59 PM
To: public-tracking@w3.org
Subject: Re: Modifying a DNT Header (ISSUE-153, ACTION-285)

On 11/7/12 3:42 PM, David Singer wrote:

>> The consequence would be that all current extension mechanisms of 
>> popular UAs such as Firefox, Chrome and IE would fail to meet this 
>> criterium.
> 
> I don't believe that's true.  The UA is *not* just the core code base 
> of the browser as distributed by the manufacturer.  The UA is the 
> entire 'opaque box' that terminates the HTTP protocol.  A browser that 
> allows plug-ins allows them *inside* that box;  from our point of 
> view, the plug-ins are part of the UA, and that collection of software 
> is responsible for making sure that they follow the rules.

I would agree that the UA is that collection and that the whole of that collection should meet the specification. And even if I were to disagree, you have probably more forgotten about UAs than I will ever learn, so let's not get there anyway.

> We have requirements (reflecting the user intent) on what comes out of 
> the box.  I still do not believe we need to say more.  If, like Bryan, 
> you want to be able to make that box out of a cloud of entities 
> co-operating over a network, then you can do that as well.

Here is were we may be in disagreement on: who bears the responsibility for meeting that requirement. If we are to consider the UA the whole of the termination point of HTTP-traffic, then it is not reasonable to expect the supplier of a single part of that whole to responsible for it. Simply because the other parts are quite likely chosen by the user and unless we want to impose through this standard on browser suppliers the requirement to make their extension  and plug-in ecosystem a walled garden I don't see that as a fair requirement.

And even if we are to impose that requirement, I would be vehemently opposed to it, since it would exclude open source browsers such as Mozilla, Chromium and lesser known others from ever being compliant with the spec. Their licensing model would never make any walled garden feasible.

Moreover, it would be against at least the spirit of the W3C policies which stipulate maximum room for implementation of every W3C standard.

Lastly, it would not be effective since we still have proxies, even at desktop equipment who may be modifying a DNT header per the user's request without touching the browser configuration.

So all in all I would be fine with a requirement to check changes in stored user preferences with the user to make sure that the user's intentions are being expressed if it is detected that they have been changed by third-party components (either inside or outside the UA 'box'), but nothing further than that.

Regards,

 Walter

Received on Wednesday, 7 November 2012 20:19:22 UTC