- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 16 Nov 2012 00:42:14 -0800
- To: Lauren Gelman <gelman@blurryedge.com>
- Cc: "public-tracking@w3.org WG" <public-tracking@w3.org>
On Nov 15, 2012, at 4:43 PM, Lauren Gelman wrote: > Roy. I just don't understand what this means. Your point about an open web relying on servers having some flexibility to reject misconfigured headers was well taken. But isn't the point of any spec to displace semantics? No, the point is to describe semantics and bound the implementation space to something that hopefully accomplishes the semantics. I have yet to see an Internet spec that covered more than 5% of what it is required to actually implement the semantics. Generally, we limit our requirements to known interoperability concerns. There are very few useful specs that have no errata, and even those specs will become obsolete over time if not maintained. The semantics, in contrast, are not supposed to change over time. > Whether a **server** and a **UA** are accurately communicating with each other only depends on whether each knows what signals to send and what actions to take in response. The spec should describe that. Sorry, that simply isn't true of HTTP. It would take us years just to discuss the full array of implementations that communicate via HTTP. > Whether a UA accurately describes to **users** what a **feature** does is a problem we know how to address using messaging and where that fails, legally under misrepresentation. This group should pass on that. I agree with that, assuming we have some standard by which accuracy can be determined. > Please, someone. Do a find/replace "tracking" with "froobalicious" in the documents. Make sure all the actors affected by the doc will know what to do in the absence of any reliance on shared semantics about privacy or the meaning of the word tracking. Even add a sentence to the intro that explicitly states "Tracking means many things to many people and this spec does not attempt to define it. Instead, it describes a technique for users to express a limited preference for how certain data about them is used, a mechanism for recipients to respect that preference, and exceptions that permit certain business functions to continue even if the preference is activated." That would be a reasonable solution if it weren't for the minor details that browsers are advertising this feature to users as a "do not track" preference, advocates constantly use the word tracking to accuse industry of evil doings, users are turning the configuration on because they don't want to be tracked, and this tracking protection working group was specifically created to address the issue of tracking, not how to express a preference about how certain data is used. I am here to define a protocol for turning off tracking, which I interpret broadly as anything that has the effect of connecting a user's activity across multiple websites that do not share the same user-perceived context. I have no doubt that some people want DNT to do more than that, and also that some people want DNT to do less that that. That's why we need an agreed definition. If we can't agree on a single definition, then we will not agree on a single set of requirements for accomplishing that definition. ....Roy
Received on Friday, 16 November 2012 08:42:38 UTC