- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Thu, 13 Sep 2012 20:13:51 -0700
- To: David Singer <singer@apple.com>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <D235E321D07D421D8699272C932F5EDF@gmail.com>
I strongly object to the Do Not Track protocol facilitating noncompliance with the Do Not Track compliance policy. We've addressed this topic a number of times now; it appears I'm far from alone in my concerns. I'm uncertain why Roy thought there might be "no objections." Jonathan On Thursday, September 13, 2012 at 12:32 PM, David Singer wrote: > I think this is a very pragmatic and prudent approach, and eases deployment, and encourages development. > > For the paranoid, one can simply treat 'P' sites the same as sites that don't say or claim anything. > > Thanks > > On Sep 12, 2012, at 1:25 , Roy T. Fielding <fielding@gbiv.com (mailto:fielding@gbiv.com)> wrote: > > > This is a rough (pre-spec-text) proposal to solve ISSUE-161. > > > > Currently, the TPE draft does not provide a means to supply > > information to the user without also claiming compliance. > > That is a problem for several reasons: > > > > 1) sites that are in the process of deploying DNT but have > > not yet completed deployment (or are simply too scared to > > claim compliance until a third-party audit is complete) > > have no means to test while working through issues; > > > > 2) regulations tend to shift over time, as do standards, and it > > might be necessary to stop claiming compliance on short order > > until something is fixed. For example, there are many companies > > that have a guesswise implementation of DNT:1 already, usually as > > a uniform means of opting out, and they would like to support > > as many of the draft's transparency features as possible, > > right now, even though they don't know what full compliance > > means yet; and, > > > > 3) sites that have not yet implemented DNT but would still like > > to be more transparent to the user by providing links to a > > control resource (for opting out or managing data) and a > > tracking policy (to explain what tracking does occur, and > > possibly what their plans are for future DNT implementation). > > > > In all cases, these would still be considered non-compliant, and > > the expectation would be that a verifying user agent would treat > > them as such. The value proposition is that a verifying user agent > > could still make use of the policy and control links to provide > > uniform access to information and controls to the user. > > > > I will refer to this as partially compliant simply because the > > server would have to comply with many of the TPE requirements > > just to support the expression protocol and syntax, though > > I am open to better ideas for a category name. > > > > The following requirements would be imposed on partially compliant > > origin servers: > > > > a) The server MUST provide the same response WKL and header > > fields as required for compliant servers, except that the > > TSV is "P". All syntax requirements are REQUIRED. > > > > b) The tracking status representation fields for policy and > > control are REQUIRED, since the lack of a claim of compliance > > means that the user can't rely on a DNT:1 being effective. > > > > Note that a partially compliant server might actually be fully > > compliant with the standard in every respect except the TSV, > > which allows sites to switch from testing to full deployment > > by changing a single character value. > > > > If there are no objections, I will work on actual spec changes > > consistent with the above. > > > > > > Cheers, > > > > Roy T. Fielding <http://roy.gbiv.com/> > > Principal Scientist, Adobe Systems <http://adobe.com/enterprise> > > > > > David Singer > Multimedia and Software Standards, Apple Inc. > >
Received on Friday, 14 September 2012 03:14:18 UTC