On Nov 15, 2012, at 4:43 PM, Lauren Gelman wrote:

> Roy.  I just don't understand what this means. Your point about an open web relying on servers having some flexibility to reject misconfigured headers was well taken.  But isn't the point of any spec to displace semantics? 

No, the point is to describe semantics and bound the implementation
space to something that hopefully accomplishes the semantics.  I have
yet to see an Internet spec that covered more than 5% of what it is
required to actually implement the semantics.  Generally, we limit
our requirements to known interoperability concerns.  There are
very few useful specs that have no errata, and even those specs will
become obsolete over time if not maintained.  The semantics, in
contrast, are not supposed to change over time.

> Whether a **server** and a **UA** are accurately communicating with each other only depends on whether each knows what signals to send and what actions to take in response. The spec should describe that.

Sorry, that simply isn't true of HTTP.  It would take us years just
to discuss the full array of implementations that communicate via

> Whether a UA accurately describes to **users** what a **feature** does is a problem we know how to address using messaging and where that fails, legally under misrepresentation.   This group should pass on that.

I agree with that, assuming we have some standard by which accuracy
can be determined.

> Please, someone.  Do a find/replace "tracking" with "froobalicious" in the documents.  Make sure all the actors affected by the doc will know what to do in the absence of any reliance on shared semantics about privacy or the meaning of the word tracking.  Even add a sentence to the intro that explicitly states "Tracking means many things to many people and this spec does not attempt to define it.  Instead, it describes a technique for users to express a limited preference for how certain data about them is used, a mechanism for recipients to respect that preference, and exceptions that permit certain business functions to continue even if the preference is activated." 

That would be a reasonable solution if it weren't for the minor
details that browsers are advertising this feature to users as a
"do not track" preference, advocates constantly use the word tracking
to accuse industry of evil doings, users are turning the configuration
on because they don't want to be tracked, and this tracking protection
working group was specifically created to address the issue of tracking,
not how to express a preference about how certain data is used.

I am here to define a protocol for turning off tracking, which
I interpret broadly as anything that has the effect of connecting
a user's activity across multiple websites that do not share the
same user-perceived context.  I have no doubt that some people
want DNT to do more than that, and also that some people want
DNT to do less that that.  That's why we need an agreed definition.
If we can't agree on a single definition, then we will not agree
on a single set of requirements for accomplishing that definition.


Received on Friday, 16 November 2012 08:42:38 UTC