- From: Rob van Eijk <rob@blaeu.com>
- Date: Wed, 12 Sep 2012 23:03:28 +0200
- To: <public-tracking@w3.org>
Hi Roy, >> Or, are you trying to accomplish something else? (...) >> You would have to request a change to DNT's semantics that would >> allow its tracking expression to not be the user's personal >> preference. From an EU perspective, the legal analysis of the express flow of IE-10 at install/update is not part of the scope of the DNT standard. If the express flow meets the criteria of consent in the EU, it will be a valid expression of user's consent, likewise if it does not meet the criteria of consent in the EU, it won't. It is not up to a server to do it's own legal assertion of the validity of a user's whishes. My conclusion is, that based on the DNT standard alone, it is impossible to claim that IE-10 is a non-comliant UA, stemming from a DNT setting that is on by default. The current text was indeed intended for user agents. No disagreement there. I propose to extend it to servers as well. In a dialogue there are two roles: senders and receivers. User agents and servers switch these roles frequently in a dialoque. I do not see a possibility for a meaningful DNT dialogue between user agent and server if the server that claims to be DNT compliant can drop a DNT signal at will. An HTTP endpoint must also be held accountable to the DNT signal. I think it is important to not loose sight of an important function of DNT, which is that DNT is an important technical buildingblock for a meaningful DNT dialog between user agent and server. That dialogue starts with the expression of a user's personal preference and includes the respons on a server without discriminating user agents able to talk DNT. Bottom line is that in my opinion a server must respect the DNT signal, if it stems from a user agent capable of talking DNT. Asserting IE-10's legal validity of a valid expression of the user's whishes is irrelevant. Rob Roy T. Fielding schreef op 2012-09-12 21:44: > On Sep 12, 2012, at 12:06 PM, Rob van Eijk wrote: > >>> As I've said multiple times now, if the WG disagrees with the text >>> in the spec, then the right way to do so is to object to the text >>> with a specific change proposal, in writing, on what must be >>> changed >>> to resolve that objection. Nobody has done that. >> >> I submitted text already. > > Text which has nothing to do with the default issue, but appreciated > nonetheless. > >> >> http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0136.html >> >> I propose text in the TPE in chapter 3 that is clear enough, for >> example: >> >> "Implementations of HTTP that are not under control of the user, >> including Web Servers, MUST not drop or modify a tracking >> preference". > > The current text says > > "Implementations of HTTP that are not under control of the user > MUST NOT generate or modify a tracking preference." > > I am pretty sure that was intended just for user agents and things > that might alter the user agent configuration, but I'll have no > objection to making it similar to the intermediary requirement if > we make it clear that an HTTP endpoint doesn't have to hold onto its > messages forever. In other words, all messages get dropped at the > conclusion of processing, so please be specific. > > Or, are you trying to accomplish something else? > > The signal sent by IE 10.0 is not a tracking preference because it > fails to match the semantics for DNT. If you want to forbid the way > that Apache addressed that issue, this change won't accomplish it. > You would have to request a change to DNT's semantics that would > allow its tracking expression to not be the user's personal > preference. > > ....Roy
Received on Wednesday, 12 September 2012 21:03:57 UTC