Barring software from altering a DNT signal set by a user agent (ACTION-284)

If multiple pieces of software are trying to set a DNT value, there is a
very real chance that servers will end up with mixed messages. The most
probable instance of this in my opinion is the case where a user agent
sends a particular value of the DNT header, some other entity changes the
value of this DNT header, and then JavaScript running inside of the
UserAgent queries such APIs as may be available to it and receives
indications that are not consistent with the header value they received.

What I would propose as text is the following:

Web servers need to be able to determine whether they are receiving a
request where DNT is enabled or not enabled. This specification provides
multiple ways for a server to make such a determination, including a value
sent in a header as well as various JavaScript APIs. Software (be it a user
agent, intermediary, or any other class of software) MUST NOT change DNT
from enabled to not enabled, or vice versa, unless it can ensure that the
server receives consistent information regardless of which method provided
by this specification the server uses to determine whether DNT is enabled
or not enabled. Specifically, software MUST NOT cause a situation in which
the value of the DNT header disagrees with the DOM interfaces provided for
by this specification.

For user agents that show information related to DNT in their user
interface, confusion is created for the user when this information is not
correct. As an example, a user agent might choose to show an indication
that a website has received an exception from the user and that as a
result, DNT is not enabled for the site. If a second piece of software were
to modify the request in such a way as to enable DNT but the user agent
still showed an indication that DNT was not enabled as a result of an
exception, this would lead to confusion for the user. As such, software (be
it a user agent, intermediary, or any other class of software) MUST NOT
change DNT from enabled to not enabled, or vice versa, unless it can ensure
that there are no indications shown to the user as part of the User Agent
that would be rendered incorrect by this action.


Non-normative text: If the user agent provided APIs to interact with the
state of DNT, this would be one such way to ensure that user agent
indications to both the user and server are consistent in all cases.
Otherwise, software wishing to interact with DNT signals need to take extra
care not to confuse either users or servers by paying particular attention
to the DOM interfaces in Section 4.2 as well as being aware of whatever
user interface a particular version of a particular user agent may provide.


-Ian

Received on Wednesday, 24 October 2012 17:33:00 UTC