Re: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal

On 11/13/12 7:35 PM, David Wainberg wrote:
> Hi Jeff,
> 
> I don't follow your statement that this would rob users of effective
> privacy tools. It merely ensures that DNT signals reflect users'
> deliberate choices, and that users are provided information about the
> effects of their choices. I don't see why that should be controversial.

Dear David,

One doesn't have to look too far ahead to see practical problems with
such an approach.

For example, Yoyodyne Corporation a fictitious UA developer adapts
Firefox and calls it Stalkerfree Browser, with all sorts of privacy
settings on maximum, and advertises it as such. A user that chooses that
UA does not have to be bothered with a pop-up explaining what he or she
is about to do. For a browser like that DNT:1 is an expectation of the
user already.

Less fictitious, all the major UAs nowadays have a "privacy" or
"incognito" mode. Again, it will be a user expectation that DNT:1 will
be set, even when the normal setting is DNT:0. By invoking the privacy
mode, the user expresses its intention to have DNT:1 set.

In either case it is counterproductive to nag the user with questions
and texts such as proposed.

The furthest I am willing to go is that UAs should take reasonable steps
to ensure that either DNT setting (1 or 0) are expressions of informed
(non-)consent. Having non-normative texts in addition that explains that
the best practice in this regard would be to have DNT:unset as a default
while having user interact through dialog windows that explain that
alleviated privacy settings may affect the browsing experience when
changing this setting.

Regards,

 Walter

Received on Tuesday, 13 November 2012 19:40:08 UTC