- From: Rob van Eijk <rob@blaeu.com>
- Date: Fri, 19 Oct 2012 17:43:09 +0200
- To: <public-tracking@w3.org>
proposed text: 3.7 Network Transaction A "network interaction" is an HTTP request and response, or any other sequence of logically related network traffic. <TEXT>A party MUST NOT inject a unique ID in the HTTP headers that flows between the endpoints of a user agent and a server, for example X-SUBSCRIBER_ID=<unique_subscriber_number.</TEXT> Rob van Eijk schreef op 2012-10-04 23:11: > On 4-10-2012 12:02, Tracking Protection Working Group Issue Tracker > wrote: >> ACTION-301: Eijk to draft explanation on intermediaries and inserted >> headers (Tracking Protection Working Group) > Non normatieve tekst: > The issue applies to HTTP headers that flow between the endpoints of > an user agent and a server. The usecase is that an ISP's injects the > HTTP header with an unique subscriber ID, for example > X-SUBSCRIBER_ID=<unique_subscriber_number>. The subscriber_number is > (often) the same unique number across sites, time and (mobile) > devices > if the same subscriber's connection to the internet is used . > > A possible way forward is: treat the intermediary/isp like a proxy, > and add normative text i.e restrict/forbid the injection of an unique > subscriber identifiers in the HTTP header when the HTTP header > contains a DNT:1 signal. This is an analogy of proxies that must not > change the value of a valid DNT signal. > > Other ways forward: > - treat intermediary/isp as third party; or > - prevent data append.
Received on Friday, 19 October 2012 15:43:43 UTC