Re: "forced choice" user agent implementation of DNT


Clearly we can't expect everyone to read the entire spec to figure out all
the nitty gritty details. However, I would personally consider a checkbox
that says "Enable Do Not Track" or "Send a Do Not Track header with my web
requests" to not meet a bar of informed consent. Neither come close to
actually describing any impact in a manner that a user can understand. I
don't propose adding a quiz or anything of the sort, but I think that a
forced user choice goes in the exact opposite direction of informed user

Lorrie Cranor has some related work on how people make decisions w.r.t
security contexts. I'm in a meeting and can't find the best reference right
now (and need to drop offline), but is a
good read.

On Tue, Oct 16, 2012 at 3:23 PM, Dan Auerbach <> wrote:

>  On 10/16/2012 12:54 AM, Ian Fette (イアンフェッティ) wrote:
> I also question whether a single sentence would adequately convey to the
> user the tradeoffs involved in the choice they are making. Further, if you
> are forcing a choice / getting in the user's way when they are just trying
> to get something else done (e.g. see what the heck this program is that
> they just installed, or in the case of an upgrade, "I just want to get to
> my email." I think forced timing like this would probably degrade the
> extent to which whatever signal you collect actually reflects user
> preference as opposed to just "make the dialogs go away!"
> I'm sure we're all in agreement that having the user read several books on
> online advertising will lead to the most accurate choices. In absence of
> this, it seems to me that a forced-choice dialog provides quite a
> reasonable balance. It certainly seems more fair to me than having a
> default.
> As far as degrading the user choice, I'd be very interested in learning
> more if there were literature on the subject. My intuition is that it's
> probably pretty accurate, but we could measure it. Here's an experiment:
> run forced-choice on a neutral issue (e.g. "do you prefer red or blue
> background"), and measure how people choose. Then one could go back and ask
> them questions about their preference over coffee, and match the
> chosen-on-the-spot distribution against the more accurate survey data.
> But perhaps your point is less about degrading user experience, and more
> that users must have some sort of minimum requirement of understanding
> before they can even be trusted to make a choice? I'm certainly not opposed
> to giving the user more information, so long as it is balanced between
> turning DNT on and off. Do you agree? So, for example, if you insist on a
> dialog in which a user takes a quiz before turning DNT on, then a similar
> quiz should exist in any context in which the user can turn DNT off (of
> course including adding exceptions). What I think is unfair is making the
> user jump through hoops to go in one direction, but allowing her to go in
> the other direction without any effort at all.
>  On Oct 16, 2012 3:01 AM, "Roy T. Fielding" <> wrote:
>> On Oct 12, 2012, at 11:04 AM, Dan Auerbach wrote:
>> > There has been a lot of discussion on this list about user agents
>> respecting user preference when it comes to setting DNT:1. As a temperature
>> check, I want to make sure we have consensus about the compliance of a
>> "forced user choice" implementation of DNT. For example, a browser during
>> the installation process would have a screen with three radio buttons, none
>> of which are selected, which respectively denote "turn DNT on", "turn DNT
>> off", and "I do not wish to make a selection regarding DNT". In order to
>> proceed, the user would have to make a selection, and nothing would be
>> selected by default. This implementation could appear in the installation
>> process, or, say, as a splash screen that the user must get through after a
>> browser update.
>> No, not during the installation process.  It makes no sense to
>> say that a user can make a choice during installation when the
>> user we are talking about rarely does browser installations.
>> For example, the IE10 dialogs are never seen by the users of
>> a PC running Windows 8 unless one of those users happens to
>> be the admin who did the installation.
>> What we have talked about is a user choice at any time during the
>> selection or use of the user agent.  For a general-purpose UA,
>> it would be fine to have a dialog presented, with neither "on"
>> nor "off" preselected, when the user's profile is created (or
>> upon first use after the DNT functionality has been upgraded
>> for an existing user profile). That is the natural time for
>> such options, since the choice should be recorded in the user's
>> own configuration, be applicable to all UAs that share that
>> user profile, and not have to be asked again every time the UA
>> is upgraded.
>> If I were to implement such a dialog, the third option would be
>> preselected ("I do not wish to make a selection regarding DNT",
>> a.k.a. "unset").  There is no reason to force a user to make
>> a choice, since they can configure it later.
>> > I think it is important to make sure we have consensus on this issue.
>> If I were an ad network, from a business perspective I think I would care
>> much more about the rate of adoption of DNT:1, instead of respecting user
>> preference.
>> No, that is just machiavellian.  The key is user preference.
>> If an advertiser truly believes that personalizing an ad for
>> a given user is going to upset that user, and that the DNT signal
>> is a reasonably accurate signal of that preference, then it is
>> the advertiser that will force the ad network to adhere to DNT.
>> Most of advertising is about establishing brand awareness, and
>> the advertisers with money have no desire to spend it in a way
>> that makes their brand annoying.
>> The rate of adoption of DNT is irrelevant if it reflects an
>> actual user's preference -- it simply changes the relative
>> value of ad placement for that user, which may in turn result
>> in either more ads being displayed or limitations on non-account
>> use.  The ad networks are not responsible for keeping websites
>> in business -- they can adjust accordingly.
>> However, if DNT does not reflect a user's preference, then there
>> is simply no reason to adhere to it regardless of the signal's
>> deployment.  Advertisers won't care, so ad networks won't care;
>> the existing opt-out mechanisms are more accurate than an invalid
>> DNT signal.
>> ....Roy
> --
> Dan Auerbach
> Staff Technologist
> Electronic Frontier Foundationdan@eff.org415 436 9333 x134

Received on Wednesday, 17 October 2012 08:09:59 UTC