- From: David Singer <singer@apple.com>
- Date: Wed, 03 Apr 2013 14:52:32 -0700
- To: Matthias Schunter <mts-std@schunter.org> (Intel Corporation)
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
I have previously preferred distinguishing "who I am" from "how I am operating", and I feel that have C and ! as 'status' indicators rather than qualifiers means that I can no longer tell whether I am interacting with someone who thinks of themselves as a 1st or 3rd party. So I agree, rather than C or ! as the first character, I think that 1C -- first party with consent 3C -- third party with consent 1! -- first party under construction 3! -- third party under construction seem to make more sense, and be more informative. As it is, if I get "!" in today's spec I am not able to tell whether the site is trying to construct a 3rd or 1st party experience; similarly for "C". On Mar 28, 2013, at 4:47 , Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote: > Hi Team, > > > I discussed our approach to consent (in-band and out of band) with Rigo. > > We observed that the fact that you have consent is orthogonal to the overall tracking status. > As a consequence, we believe that "C"onsent should be signaled as a qualifier (similar to a permitted use). > > If we introduce this change, the scenario/flow for in-band exceptions would not change: > 1. - The site has an exception and has therefore received DNT;0 from the browser > 2. - The site responds with "1" or "3" to indicate that they comply with DNT > > However, the flow for out-of-band exception would get clearer: > > OLD: > 1. - The site receives DNT;1 > 2. - The site (somehow) reliably determines _in real time_ that it has out of band consent > 3. - The site responds with "C" thus indicating that it has out of band consent > and provides a control link. > > NEW: > 1. - The site receives DNT;1 > 2. - The site (somehow) reliably determines _in real time_ that it has out of band consent > 3. - The site responds with "3C" thus indicating that > - It acts as a 3rd party > - It will use the data in ways that are beyond the usages permitted by DNT;1 since > it has obtained out of band consent. A control link is still required. > > I think that modeling out of band consent as a permitted us is cleaner than the current approach > that models it as a special tracking status. > > Note: This discussion is orthogonal to the discussion what to do if the site cannot determine the consent in real time. > > > Opinions/Feedback? > > > Regards, > matthias > > David Singer Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 3 April 2013 21:53:06 UTC