Re: Intermediaries interfering with DNT decision making

On Sep 12, 2012, at 2:03 PM, Rob van Eijk wrote:

> From an EU perspective, the legal analysis of the express flow of IE-10 at install/update is not part of the scope of the DNT standard. If the express flow meets the criteria of consent in the EU, it will be a valid expression of user's consent, likewise if it does not meet the criteria of consent in the EU, it won't.

The criteria for consent in the EU is pretty clear that a user never
informed of the choice has never given consent.  Would you disagree?
It is also pretty clear, at least by the WP statements, that the consent
has to be explicit.

> It is not up to a server to do it's own legal assertion of the validity of a user's whishes. My conclusion is, that based on the DNT standard alone, it is impossible to claim that IE-10 is a non-comliant UA, stemming from a DNT setting that is on by default.

Then why do we have any requirements in the specification?  If it is WG
opinion that a user agent can do whatever it likes and the server just
has to accept it as fact, then we are done here.  DNT is DOA.

> The current text was indeed intended for user agents. No disagreement there. I propose to extend it to servers as well. In a dialogue there are two roles: senders and receivers. User agents and servers switch these roles frequently in a dialoque. I do not see a possibility for a meaningful DNT dialogue between user agent and server if the server that claims to be DNT compliant can drop a DNT signal at will.

I agree with that.

> An HTTP endpoint must also be held accountable to the DNT signal. I think it is important to not loose sight of an important function of DNT, which is that DNT is an important technical buildingblock for a meaningful DNT dialog between user agent and server. That dialogue starts with the expression of a user's personal preference and includes the respons on a server without discriminating user agents able to talk DNT.

I agree with that also.  It depends on the user's personal preference,
and servers will not indicate compliance with a standard that allows
user agents to lie about the user's preference.  The goal here, naturally,
is to find a way for servers to comply that doesn't require further
legislation.

> Bottom line is that in my opinion a server must respect the DNT signal, if it stems from a user agent capable of talking DNT. Asserting IE-10's legal validity of a valid expression of the user's whishes is irrelevant.

A general purpose user agent that has not asked the user for their
preference is not capable of talking DNT.  HTTP semantics are
important, and the only way to ensure that user agents respect them
is if the server has the ability to say "no, you'll have to indicate
preferences via some other means because your UA is broken".
Otherwise, every UA will be broken in short order.

....Roy

Received on Wednesday, 12 September 2012 23:19:37 UTC