RE: tracking-ISSUE-185 (WebWide Not): There should not be an API for web-wide exceptions [Tracking Preference Expression (DNT)]

Disagree - and the working group already reviewed this area in Amsterdam.  This an area NOT likely to be abused as it creates a record of a Server's activities.  Bad actors would simple NOT implement DNT not instead say they do and then create an audit trail of their bad activities.  Rather than make the standard more complex than it needs to be, I continue to support Adrian's original proposal.

Mike - could you please work with the co-chairs when opening new issues?  We've tried to halt opening new issues where possible and opening actions against existing issues where appropriate.  As this discussion has an active issue on this topic, it would be more appropriate to create an action for yourself to develop draft text that supports your point of view.

Nick - could you please close out the last few issues opened by Mike and instead open actions against Mike to the issues that already exist on these topics?

Thank you,
Shane

-----Original Message-----
From: Craig Spiezle [mailto:craigs@otalliance.org] 
Sent: Sunday, October 28, 2012 10:06 AM
To: Tracking Protection Working Group
Subject: Re: tracking-ISSUE-185 (WebWide Not): There should not be an API for web-wide exceptions [Tracking Preference Expression (DNT)]

+ huge issue for abuse or exploit

Sent from my phone

On Oct 28, 2012, at 8:05 AM, "Tracking Protection Working Group Issue Tracker" <sysbot+tracker@w3.org> wrote:

> tracking-ISSUE-185 (WebWide Not): There should not be an API for web-wide exceptions [Tracking Preference Expression (DNT)]
> 
> http://www.w3.org/2011/tracking-protection/track/issues/185
> 
> Raised by: Mike O'Neill
> On product: Tracking Preference Expression (DNT)
> 
> We should not have a "silent" web-wide exception API, to accompany the suggested site-wide one.
> As there is now no safety check UI for the site-wide API ,or potential for one as it is now synchronous, it would be very easy for a 1st party site to maliciously or accidentally set a web-wide API, without the user being informed.
> I agree that new site-wide API is a good idea, as it will be simpler to implement and does not have the problem of bombarding users with exception dialogs, but it would be a bad idea to project this onto the web-wide one.
> I therefore suggest we either remove the web-wide API or insist that it is implemented as it was before, with a browser UI informing the user and getting agreement.
> 
> 
> 

Received on Sunday, 28 October 2012 19:49:00 UTC