Re: ISSUE-176 (ACTION-301): Requirements on intermediaries/isps and header insertion that might affect tracking

proposed text:

3.7 Network Transaction

A "network interaction" is an HTTP request and response, or any other 
sequence of logically related network traffic.

<TEXT>A party MUST NOT inject a unique ID in the HTTP headers that 
flows between the endpoints of a user agent and a server, for example 
X-SUBSCRIBER_ID=<unique_subscriber_number.</TEXT>



Rob van Eijk schreef op 2012-10-04 23:11:
> On 4-10-2012 12:02, Tracking Protection Working Group Issue Tracker 
> wrote:
>> ACTION-301: Eijk to draft explanation on intermediaries and inserted 
>> headers (Tracking Protection Working Group)
> Non normatieve tekst:
> The issue applies to HTTP headers that flow between the endpoints of
> an user agent and a server. The usecase is that an ISP's injects the
> HTTP header with an unique subscriber ID,  for example
> X-SUBSCRIBER_ID=<unique_subscriber_number>. The subscriber_number is
> (often) the same unique number across sites, time and (mobile) 
> devices
> if the same subscriber's connection to the internet is used .
>
> A possible way forward is: treat the intermediary/isp like a proxy,
> and add normative text i.e restrict/forbid the injection of an unique
> subscriber identifiers in the HTTP header when the HTTP header
> contains a DNT:1 signal. This is an analogy of proxies that must not
> change the value of a valid DNT signal.
>
>  Other ways forward:
> - treat intermediary/isp as third party; or
> - prevent data append.

Received on Friday, 19 October 2012 15:43:43 UTC