Re: Modifying a DNT Header (ISSUE-153, ACTION-285)

On 2012-11-09 21:26, David Wainberg wrote:

>  Now I feel like we're talking past each other. The language you
> proposed previously does, as I said, go in the direction of what I'm
> proposing. Here's Walter's text:
>  _A UA MUST incorporate detection mechanisms for alteration of
> DNT-preferences by third-party software (including third-party
> UA-extensions and plugins) and MUST upon detection of such changes
> verify with the user that they reflect the user's intentions. The UA
> MAY provide the user with the option to ignore future changes in the
> DNT-preferences or to automatically change them back to a user-set
> preference. _

Yes, and I feel that this would require an UA to check whether its 
stored DNT preferences have been changed, just like UAs tend to check 
whether they are the default UA. This does not require an UA to 
guaranteee the DNT preferences have not been changed since one could 
think of several ways of circumventing that. And to probably clarify it 
further, since it is impossible to check for sure that the preference 
transmitted over HTTP is the same as the one stored in the UA, I think 
this should not require an UA to even try to check that.

The reason I proposed this is that I think it is not unreasonable to 
require some diligence as to to ascertain that the DNT preference 
reflects the actual intents of the user. My worries are more about 
DNT:0, yours happen to be about DNT:1, but we both feel that the 
'informed' bit of the expressed consent/lack of consent should be taken 

Where we may have disagreement on is on the question at which point due 
diligence becomes undue diligence. The text as proposed (and perhaps 
after some refinement given the different way you may have read it) puts 
in an, in my opinion, acceptable and feasible level of that. I would 
welcome feedback from UA makers on this, they are likely to have a more 
informed opinion on this than I have.



Received on Saturday, 10 November 2012 10:13:25 UTC