RE: action-231, issue-153 requirements on other software that sets DNT headers

Hello Nick,

  The updated language indicates simply that either class of intermediary must manage user preferences, and does not require (or recommend, or even indicate as optional) the coordination between intermediaries and UAs.  

  This means that neither the antivirus software that installs a "privacy shield" plugin, nor the ad supported toolbar that is, well, a toolbar, need work with the UA to modify the setting there - they just have to make sure the user's preference is reflected.  However, since the act of installing and enabling that extension can (in some cases) be considered an explicit choice by the user for a specific tracking preference, they needn't even provide a UI of their own.  

  Does the above sound like a correct, technical understanding?  

  The issues 153 and 150 are both still "raised", and the discussion has veered significantly off issue for both.  Issue-153 asks specifically "What are the implications on software that changes requests but does not necessarily initiate them" - in other words, does an intermediary need to surface its own UI, or work with the UA, or is the act of installing it sufficient, and I'm trying to understand exactly this.  Issue-150 discusses multiple occurrences of the DNT header in one set of headers, which is something of a potential byproduct of lack of clarity around the functional responsibilities of intermediaries - it's potentially a subset of 153.  


-----Original Message-----
From: Nicholas Doty [] 
Sent: Tuesday, September 18, 2012 9:36 PM
To: Brendan Riordan-Butterworth
Cc: David Singer;
Subject: Re: action-231, issue-153 requirements on other software that sets DNT headers

On Sep 18, 2012, at 9:56 AM, Brendan Riordan-Butterworth <> wrote:

> I think we're on a very similar page, but that I'm looking at the text as it stands (at as of Sept 18th), and you're talking about how it should work.  

It might be the case that the draft/issue tracker don't fully reflect our discussions of this topic. I believe issues 153 (and perhaps also 150, we have tended to conflate them) should properly be open as we have actions and ongoing discussion of them.

Dave Singer and I proposed text six weeks ago [0] that would add a new requirement on software other than the user agent:
> Software outside of the user agent that causes a DNT header to be sent (or modifies existing headers) MUST NOT do so without following the requirements of this section; such software is responsible for assuring the expressed preference reflects the user's intent.

Adding that requirement to the text might resolve the gap between your common understanding with dsinger and the current text. Dave Wainberg seemed tentatively supportive, though he provided additional text on resolving conflicts that we didn't have agreement on. 

I think the proposed text quoted above would be sufficient to close ISSUE-153 (and address many of the concerns on 150). We don't currently have requirements on the UA on what UI they use to tell the user the current state of the DNT signal being sent; I don't think we want to add such requirements or requirements on the UI interactions with other software, which I expect would be unenforceable.



Received on Thursday, 20 September 2012 20:00:29 UTC