- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 15 Apr 2013 11:49:16 +0100
- To: "'Matthias Schunter \(Intel Corporation\)'" <mts-std@schunter.org>
- Cc: <public-tracking@w3.org>
- Message-ID: <078501ce39c6$e0dc87e0$a29597a0$@baycloud.com>
OK Matthias, that's fine. I will start to use issue-194 for this discussion, so I have no objection to you closing 185. Mike From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org] Sent: 15 April 2013 11:13 To: Mike O'Neill Cc: public-tracking@w3.org (public-tracking@w3.org) Subject: Re: Batch closing of TPE-related issues (response by April 16) Hi Mike, thanks for pointing out this valid concern. I agree with your concern that if sites frequently register exceptions (web-wide or site-wide) invisibly, then this would weaken our standard. However, I believe that this discussion is currently "hosted" in another issue: - ISSUE-194: How do we ensure consent for exceptions My reading is that "invisible" exceptions should not meet our consent requirements that we will define in ISSUE-194. Another (market-driven) mitigation that I expect is that once bogus sites get common, then user agents will start second-guessing the exceptions (i.e., reconfirming consent or providing feedback with baloons). SUGGESTION: Is it OK for you to continue this discussion within ISSUE-194 and close ISSUE-185? Regards, matthias On 12/04/2013 15:21, Mike O'Neill wrote: Hi Matthias, The reason for issue-185 was to address the danger of web-wide consent being registered invisibly (bad actors or accidentally). This was not a problem with the old API because the UA could intervene and notify the user, and is not a problem with the new site-specific API because of the limited scope. We should still keep it open to discuss ways to mitigate this, for example requiring web-wide exceptions to be executed in user click context or requiring a data-controller string to be present in the TR. If illicitly registered web-wide exceptions are too easy and become common it could weaken the authority of the standard. Mike From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org] Sent: 12 April 2013 14:00 To: public-tracking@w3.org (public-tracking@w3.org) Cc: public-tracking-announce@w3.org Subject: Batch closing of TPE-related issues (response by April 16) Hi Folks, as part of our final cleanup in preparation of our next working draft, I suggest to close the issues listed below. Please respond by April 16 if you cannot live with the proposed resolution of those issues. If you do so, please include a justification and describe what concern of yours is not addressed in the currently documented draft of the TPE. Regards, matthias -------------- ISSUE-112 <http://www.w3.org/2011/tracking-protection/track/issues/112> <http://www.w3.org/2011/tracking-protection/track/issues/112/edit> (edit) OPEN How are sub-domains handled for site-specific exceptions? <http://www.w3.org/2011/tracking-protection/track/issues/112> http://www.w3.org/2011/tracking-protection/track/issues/112 REASON: - We agreed to use cookie-matching-like wildcards and rules to allow for code-reuse in user agents - This is reflected in the spec ISSUE-144 <http://www.w3.org/2011/tracking-protection/track/issues/144> <http://www.w3.org/2011/tracking-protection/track/issues/144/edit> (edit) User-granted Exceptions: Constraints on user agent behavior while granting and for future requests? <http://www.w3.org/2011/tracking-protection/track/issues/144> http://www.w3.org/2011/tracking-protection/track/issues/144 REASON: In the new exception model, user agents are required to communicate the status of an exception. The status may be changed by end users and no further requirements are needed. This is reflected in the spec. NOTE: We still have an open issue whether user agents are required to implement the exception API. ISSUE-161 <http://www.w3.org/2011/tracking-protection/track/issues/161> <http://www.w3.org/2011/tracking-protection/track/issues/161/edit> (edit) o we need a tracking status value for partial compliance or rejecting DNT? <http://www.w3.org/2011/tracking-protection/track/issues/161> http://www.w3.org/2011/tracking-protection/track/issues/161 RESOLUTION: - We defined a "!" indicator that says that the site is not claiming to comply (e.g., maintenance / under construction) ISSUE-185 <http://www.w3.org/2011/tracking-protection/track/issues/185> <http://www.w3.org/2011/tracking-protection/track/issues/185/edit> (edit) WebWide Not There should not be an API for web-wide exceptions <http://www.w3.org/2011/tracking-protection/track/issues/185> http://www.w3.org/2011/tracking-protection/track/issues/185 RESOLUTION: - We reached agreement that there will be an API for web-side exceptions ISSUE-143 <http://www.w3.org/2011/tracking-protection/track/issues/143> <http://www.w3.org/2011/tracking-protection/track/issues/143/edit> (edit) Reciprocal Consent Activating a Tracking Preference must require explicit, informed consent from a user <http://www.w3.org/2011/tracking-protection/track/issues/143> http://www.w3.org/2011/tracking-protection/track/issues/143 REASON: - We will have this discussion as part of ISSUE-194.
Attachments
- image/png attachment: image001.png
Received on Monday, 15 April 2013 10:49:55 UTC