- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 3 Apr 2013 17:23:29 -0700
- To: David Singer <singer@apple.com>
- Cc: Matthias Schunter <mts-std@schunter.org> (Intel Corporation), "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Apr 3, 2013, at 2:52 PM, David Singer wrote: > I have previously preferred distinguishing "who I am" from "how I am operating", and I feel that have C and ! as 'status' indicators rather than qualifiers means that I can no longer tell whether I am interacting with someone who thinks of themselves as a 1st or 3rd party. So I agree, rather than C or ! as the first character, I think that > > 1C -- first party with consent > 3C -- third party with consent > 1! -- first party under construction > 3! -- third party under construction > > seem to make more sense, and be more informative. As it is, if I get "!" in today's spec I am not able to tell whether the site is trying to construct a 3rd or 1st party experience; similarly for "C". It is impossible for the receiving server to know who is the first or the third party in any given interaction. That knowledge exists only within the head of the user, and even then only if we assume the user has a deliberate intention and awareness of the interacting parties and not simply clicking on links because the pictures are pretty. What an origin server can do is indicate what limitations they adhere to during (and promise to adhere to after) a given interaction. Neither "C" nor "!" are qualifiers -- they are the relevant answer to the tracking status question, in each case. "C" indicates the server operates with consent and is limited only by the terms of that consent (whatever those terms may be, which could be far outside the scope of DNT or even more limited than a 3). That answer is not in any way orthogonal to 1 and 3. "!" indicates that the server DOES NOT conform. Such an answer cannot in any way shape or form be orthogonal to 1 and 3, both of which are explicit statements of conformity to a list of requirements specified in TCS. There is a reason why I specified it this way. The answer given is being portrayed as a statement of business practice from the party answering to the consumer (and, yes, I do use that term intentionally here). As such, it has to be truthful. And since there is no possible way for an origin server to make a truthful statement about the intentions of the user, I cannot implement a DNT standard that says "I am a first party" without lying to the consumer. Period. Nor do I need to -- the privacy benefits of this protocol are already accomplished by the design in the spec right now, which actually can be implemented by origin servers. If you think not, then please explain why and we can try to fix that. Otherwise, we are certain to not make any progress if we revert to a protocol that allows trolls to sue a website owner simply by deliberately crafting pages that make subrequests on resources that are only designed for first party interaction. ....Roy
Received on Thursday, 4 April 2013 00:23:56 UTC