RE: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal

Matthias,

I believe the "devil in the details" is in the 3rd step.  Much as many argued obtaining consent for a user granted exception cannot be buried in a EULA, I believe the same is true here.  The text we develop in this situation should be reciprocal for both activation and user granted exception interactions.  Justin and I took a pass at attempting to find middle-ground here and decided to remain silent as an end-point.  Perhaps with this new perspective (reciprocal application) we can take another stab at that language.

If Servers feel the UA did not meet this bar, they should feel free to ignore the signal from that UA.  Similarly, if a Server claims user granted exceptions but did not meet this bar, then UAs can take other steps.  I believe the ever present threat of UA action above and beyond DNT will help keep this dynamic in check.  It's important to note there will be bad actors; with DNT and user granted exceptions we'll have the tools necessary to identify them and deal with the appropriately.

- Shane

From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
Sent: Wednesday, October 31, 2012 11:02 AM
To: public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: ACTION-212: Draft text on how user agents must obtain consent to turn on a DNT signal

Hi Shane,


thanks for this input.

Am I correct to assume that the following scenario would satisfy the requirements put forward:
- A user installs a browser (without DNT support) [the user agent]
- A user installs a "do not track me" plugin [expression of tracking preference]
- The "do not track me" displays a cover page with explanatory text (similar to an EULA) and asks the user "do you want to install" [explanatory text]


Regards,
matthias



On 31/10/2012 11:19, Shane Wiley wrote:
[Proposed, New Text in Quotes " "]

Section 5.  User Agent Compliance

A user agent must offer a control to express a tracking preference to third parties. The control must communicate the user's preference in accordance with the [TRACKING-DNT] recommendation and otherwise comply with that recommendation. A user agent must not express a tracking preference for a user unless the user has given express and informed consent to indicate a tracking preference.

"The User Agent MUST make available explanatory text to provide more detailed information about DNT functionality within easy and direct access for the particular environment prior to DNT being enabled."

Received on Wednesday, 31 October 2012 15:12:17 UTC