- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Wed, 17 Apr 2013 15:21:05 -0700
- To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
- Cc: public-tracking@w3.org
- Message-ID: <2FE2474084F446C9AF51B97355E4F35F@gmail.com>
We've been over this many times: adoption of the documents that we produce will trigger consumer protection law in many jurisdictions. If TPE facilitates selective noncompliance or second-guessing DNT: 1, we'll undercut the enforceability of Do Not Track. Here's my concrete counterproposal: we do not include a "!" or "D" signal. Best, Jonathan On Wednesday, April 17, 2013 at 2:21 AM, Matthias Schunter (Intel Corporation) wrote: > Hi Roy/David/Jonathan, > > > thanks for your inputs! > > I agree that > - the semantics of "!" is well defined in the spec > - Once a site claims "!" we can no longer impose rules (since the site claims not to abide by those rules). > > I believe that for "D", things are different since "D" is part of our compliance regime. > > The concern I see is that sites use "D" far too often (or even always) and thus > having a way to "escape" the compliance rules we create. E.g., without any rules on "D", > a site could always respond "D" while not implementing any part of the compliance rules we create. > I believe that this is not in the spirit of this WG. > > However, I agree with Roy that preventing this is hard in a voluntary standard. > A related goal we cannot achieve is to force people to implement DNT. > > The current resolution is to require that parties who reply "D" are required to > document the conditions under which "D" is sent and are therefore transparent on their practices. > > This documentation can then be used within dialogues (e.g., with regulators or customers or advocacy groups) that is outside the scope > of the protocol and also outside the scope of this WG. > > I believe that if we do not provide the "D", then sites will just ignore certain signals of UAs they deem non-compliant. > This scenario is much worse since > (a) users cannot learn that their signal has been ignored > (b) sites are not required to be transparent about their practices/conditions under which signals are ignored > > ALL: We have a concrete text on the table (within the TPE spec) and the next step for people not agreeing with this text > is to propose improvements / alternatives. Without alternatives, it is likely that this issue will eventually be closed. > > > Regards, > matthias > > > > > On 17/04/2013 10:02, Roy T. Fielding wrote: > > On Apr 17, 2013, at 12:04 AM, Jonathan Mayer wrote: > > > Roy, > > > > > > I entirely fail to see how the semantics of a status indicator "cannot be addressed." Could you please explain your concern? > > > > > > Thanks, > > > Jonathan > > > > > > > > > I don't have a concern. The concern you expressed is a fear that > > sites will be allowed to express some degree of non-conformance, > > rather than an all-or-nothing adherence to some compliance regime > > that simply does not exist. The place to address your concern is > > in that compliance regime, not the protocol. > > > > Some people have a desire for the server to communicate when there > > is a lack of conformance. There are two solutions to that: 1) allow > > them to do so in the protocol; 2) sit by and watch them do so > > outside the protocol. There is no third option of "require them > > to always conform" because non-conformance is outside our scope. > > > > Failure to provide a means for communicating "D" inside the protocol > > just means that it will be expressed as either a non-standard > > extension or within the privacy policy of each site. > > > > Failure to provide a means for testing ("!") inside the protocol > > just means everyone will invent their own means for pre-deployment > > testing (e.g., use different field and WKR names), and then they > > will have a legitimate excuse for implementing it wrong the first > > few times. > > > > The protocol can't place limits on how long or how often the > > testing periods might be, nor is there any reason to believe > > that sites will game an explicit indication on non-conformance. > > Compliance regimes can do that, either in the form of regulations > > or self-regulatory guidelines. I am not writing either one, so > > I will not be addressing your concern in TPE. > > > > Cheers, > > > > ....Roy > > >
Received on Wednesday, 17 April 2013 22:21:31 UTC