Re: Intermediaries interfering with DNT decision making

On Sep 11, 2012, at 2:11 PM, Roy T. Fielding <fielding@gbiv.com> wrote:

>> That said, this change is harmful to the adoption process for Do Not Track, because it:
>> (1) Treats the text of the TPE spec as unambiguous on an issue where it is highly ambiguous;
> 
> If you think the text is ambiguous, please supply unambiguous text that
> is consistent with the WG decision.  Having ambiguous text is a problem
> we are supposed to solve.  I don't see any ambiguity there, so don't
> expect a proposal from me.

The text is ambiguous because the decision is ambiguous.  There never was consensus on whether this UI is permissible, only consensus on an ambiguous text that resolved simpler cases, but not this one.  I could draft revised text to clean up section 3 and deal with this particular mess, but some members of the group will say that the revised text is consistent with the decision and others will say that it isn't.  It might be valuable to clean up section 3, but that will necessarily expose significant disagreements and inconsistencies in the "consensus" over what it means.

>> (2) Creates an obstacle to DNT adoption on the part of servers; and
> 
> How?  AFAICT, it is the only thing making it possible to deploy DNT
> for Firefox and Safari (and other UAs that implement DNT correctly).

This patch is not necessary for deploying DNT for Firefox and Safari and other UAs, is it?

>> (3) May cause serious regulatory trouble for server operators who do not realize their installation of Apache deliberately ignores IE 10.
> 
> The only regulations I know of in this space are regional, which continue
> to apply after the signal is dropped.  In any case, the current compliance
> specification already makes all HTTP servers non-compliant with DNT, so
> that is not something a server operator can solve without further work
> by the server developers or fixes in compliance.

I am thinking of any regulations based on truthful representations to consumers.  An operator who publicly claims to implement DNT but ignores IE 10 because of this patch takes a risk that the claim will be considered misleading.  (Yes, this would require the regulator to reach a different conclusion than you have about IE 10's compliance or about a server's obligations in dealing with a noncompliant UA, but given the disagreements here, this is hardly out of the question.)  The alternative default -- honoring DNT requests that come from IE 10 -- creates no such risk.  If an operator wants to take the position that IE 10 is noncompliant and can be ignored, it is better for this to be an informed, "deliberate" choice by the operator.

James


--------------------------------------------------
James Grimmelmann   	          Professor of Law
New York Law School                 (212) 431-2864
185 West Broadway       james.grimmelmann@nyls.edu
New York, NY 10013    http://james.grimmelmann.net

Received on Wednesday, 12 September 2012 14:48:04 UTC