Re: Moving "C"onsent from Tracking Status to Permitted Use?

Hi Roy

I think you are answering a poorly raised I unintended question.  I was not suggesting to change your defined semantics for 1st and 3rd party, merely that whether I have consent or not, or claim conformance yet, or not, are orthogonal to those statuses rather than replacements...

Apologies

Sent from my iPad

On Apr 3, 2013, at 5:23 PM, "Roy T. Fielding" <fielding@gbiv.com> wrote:

> On Apr 3, 2013, at 2:52 PM, David Singer wrote:
> 
>> I have previously preferred distinguishing "who I am" from "how I am operating", and I feel that have C and ! as 'status' indicators rather than qualifiers means that I can no longer tell whether I am interacting with someone who thinks of themselves as a 1st or 3rd party.  So I agree, rather than C or ! as the first character, I think that
>> 
>> 1C -- first party with consent
>> 3C -- third party with consent
>> 1!  -- first party under construction
>> 3!  -- third party under construction
>> 
>> seem to make more sense, and be more informative.  As it is, if I get "!" in today's spec I am not able to tell whether the site is trying to construct a 3rd or 1st party experience; similarly for "C".
> 
> It is impossible for the receiving server to know who is the first
> or the third party in any given interaction.  That knowledge exists
> only within the head of the user, and even then only if we assume
> the user has a deliberate intention and awareness of the interacting
> parties and not simply clicking on links because the pictures are
> pretty.
> 
> What an origin server can do is indicate what limitations they adhere
> to during (and promise to adhere to after) a given interaction.
> 
> Neither "C" nor "!" are qualifiers -- they are the relevant answer
> to the tracking status question, in each case.
> 
> "C" indicates the server operates with consent and is limited only
> by the terms of that consent (whatever those terms may be, which
> could be far outside the scope of DNT or even more limited than a 3).
> That answer is not in any way orthogonal to 1 and 3.
> 
> "!" indicates that the server DOES NOT conform.  Such an answer
> cannot in any way shape or form be orthogonal to 1 and 3, both
> of which are explicit statements of conformity to a list of
> requirements specified in TCS.
> 
> There is a reason why I specified it this way.  The answer given
> is being portrayed as a statement of business practice from the
> party answering to the consumer (and, yes, I do use that term
> intentionally here).  As such, it has to be truthful.  And since
> there is no possible way for an origin server to make a truthful
> statement about the intentions of the user, I cannot implement
> a DNT standard that says "I am a first party" without lying to
> the consumer.  Period.
> 
> Nor do I need to -- the privacy benefits of this protocol are
> already accomplished by the design in the spec right now, which
> actually can be implemented by origin servers.  If you think not,
> then please explain why and we can try to fix that.  Otherwise,
> we are certain to not make any progress if we revert to a protocol
> that allows trolls to sue a website owner simply by deliberately
> crafting pages that make subrequests on resources that are only
> designed for first party interaction.
> 
> ....Roy
> 

Received on Thursday, 4 April 2013 00:43:53 UTC