- From: David Wainberg <david@networkadvertising.org>
- Date: Fri, 09 Nov 2012 13:16:06 -0500
- To: "Grimmelmann, James" <James.Grimmelmann@nyls.edu>
- CC: "public-tracking@w3.org wg" <public-tracking@w3.org>
On 11/8/12 4:17 PM, Grimmelmann, James wrote: > If the browser has to certify that an extension has properly obtained user consent, then a browser could comply only by (a) preventing extensions from affecting DNT, (b) taking complete control of the DNT UI, or (c) disabling all extensions. These are all technically feasible, if you want to propose one of them. I understand the problems with monitoring and predicting the outcomes of code. Options a) and b) are more along the lines of what I'm suggesting. Ultimately it's the UA that stores the DNT setting and puts the header in the HTTP request, right? > > I'm not trying to cut off discussion about: > * Asking extensions to conform to the same user-intent standards (whatever they are) as browsers, There are strong incentives to misuse it and few, if any, disincentives. > * Finding ways for users, browsers, and servers to detect and limit exposure to bad-actor extensions, That's what I'm trying to get to. Are there other ways? I'm very interested in hearing ideas around this. > * Finding ways for good-actor extensions to state their bona fides, or > * Suggesting best practices for good-actor extensions See above. Best practices are not enough. > > I'm just trying to head off discussion about computational impossibilities. Asking one program to understand another program is a computer-science dead-end. Agreed. No one's looking for this. -David
Received on Friday, 9 November 2012 18:16:35 UTC