RE: Multiple DNT Headers (ACTION-283, ISSUE-150)

This subject has nothing to do with Internet Explorer. The question is what happens if a broken user agent sends multiple DNT headers, which violates the definition of the DNT header (which MUST only appear once). Options include a) assume DNT:1; b) assume DNT:0; c) ignore all the headers; d) if the multiple headers all have the same value use that value otherwise one of the previous options; etc.

Personally I don't think we'll be able to enumerate and describe all the ways that people might find to not follow the technical requirements of the standard and so in general I think the spec should be silent on this type of situation. If we do indeed decide to write something down for this then I agree with Shane's proposal: If a server receives conflicting DNT headers, it MAY choose to treat the transaction as if no DNT header had been received.  The Server MAY choose to alert the user about possible user agent configuration issues causing multiple, conflicting DNT header signals to be received.


From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Wednesday, October 10, 2012 4:00 PM
To: Shane Wiley
Cc: Jonathan Mayer; public-tracking@w3.org
Subject: Re: Multiple DNT Headers (ACTION-283, ISSUE-150)

Shane,

I agree that DNT should express the user's intent.  Here we have a case where that intent is muddled.  Like a physician, whose first charge is, "First, do no harm," I am suggesting that the server follow the same course.  Act as if DNT:1 has been sent; tell the UA it's misconfigured and wait for the user to confirm his/her intent.  How does acting responsibly disadvantage the server?

I think a similar solution works with IE 10.  By the way, as I understand it, it is not shipping with DNT:1 as the default, though I've not seen the UI. I believe it now asks the user on installation or first use if she wants to go with express settings which include DNT enabled or custom settings which do not. So there is choice, as I understand it

Seems to me the responsible action for a server that gets a DNT:1 from an IE 10 browser and doubts it is the user's intent, is to tell the UA it doesn't know if the signal represents user intent and then ask what the intent is.  Then there is no doubt and user's respect for the server is increased because it asked what was intended. Mutual respect, questions leading tom clarification are always a good thing.

Cheers,
John

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>

On Oct 10, 2012, at 3:41 PM, Shane Wiley wrote:


John,

I respectfully disagree.  Servers should not be placed at an automatic disadvantage if they receive conflicting signals.  Unless there is asingular, consumer driven signal, then no signal should be considered to have been received.  Its disingenuous (in my opinion) for consumer advocates to on one hand agree that users should have to expressly activate DNT and then on the other hand suggest that non-compliant or conflicting signals must be honored.  You're either on one side or the other - straddling the fence in this manner is not helpful.

- Shane

From: John Simpson [mailto:john@consumerwatchdog.org]
Sent: Wednesday, October 10, 2012 3:22 PM
To: Shane Wiley
Cc: Jonathan Mayer; public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Re: Multiple DNT Headers (ACTION-283, ISSUE-150)

Shane,

What would be the reason for acting as if no DNT header had been received if they conflict?  I'd think if there were a conflict, the consumer/privacy friendly approach would be to assume the user meant to send DNT:1 and somehow misconfigured the UA.  In other words, proceed with caution until you clearly determine what the user intended.  That's why the best practice would be to inform the  user of a possible problem.

Best,
John


----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org<http://www.ConsumerWatchdog.org>
john@consumerwatchdog.org<mailto:john@consumerwatchdog.org>

On Oct 10, 2012, at 2:59 PM, Shane Wiley wrote:



Alternate Text for Conflicting Headers:

If a server receives conflicting DNT headers, it MAY choose to treat the transaction as if no DNT header had been received.  The Server MAY choose to alert the user about possible user agent configuration issues causing multiple, conflicting DNT header signals to be received.

From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Wednesday, October 10, 2012 2:46 PM
To: public-tracking@w3.org<mailto:public-tracking@w3.org>
Subject: Multiple DNT Headers (ACTION-283, ISSUE-150)

Proposed text on duplicate headers:

If a server receives duplicate DNT headers, it MUST act as if it had received a single DNT header.

Proposed text on conflicting headers:

If a server receives conflicting DNT headers, it MUST act as if it had received a single DNT: 1 header. It is a best practice for the server to alert the user about possible user agent misconfiguration.

Received on Friday, 12 October 2012 20:06:05 UTC