- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 23 Apr 2013 15:01:17 +0200
- To: Adrian Bateman <adrianba@microsoft.com>
- Cc: "public-tracking@w3.org Working Group" <public-tracking@w3.org>
Adrian, On Wednesday 20 March 2013 15:26:44 Adrian Bateman wrote: > I don't believe most "everyday" browsers will take the performance hit > of downloading the TSR. For sites with resources from dozens of > different origins this would add a significant overhead to browsing. > In an environment where we are competing on millisecond differences > in page loading it is hard to imagine adding a few dozen extra > network requests to the flow. This was precisely (near verbatim) the argument used by MS 10 years ago to create the P3P compact tokens that created so many issues. As in the past, it hardly masks the unwillingness to implement the real concept. MS is free not to implement, but they should be open about it. Currently IE takes the performance hit of loading hundreds of trackers and even wait for an entire ad - auction to happen and it can't load TSR or look at the DNT response headers? So all performance hit for tracking is ok, but no performance hit for Privacy is ok? MS can't claim privacy championship with the above argumentation. By avoiding a cornerstone of the legal concept behind DNT, you implement something, but I would really question whether you could call that W3C Tracking Preference Expression. MS' implementation will break the legal concept behind the TPE. I send a service a DNT:1 header and I'm not able to see/read/understand the response. Go to the shop and shout "I want ice" and pay $2. They respond "no". You can't hear that because your browser is deaf. You continue to shout "ice" and pay $2 despite getting nothing back. I know you will make the argument that a service would respond to the DPA's browser. But legally it doesn't hold: 1/ There will be no DPA browser as the DPAs don' t know how to make a browser 2/ The legal system is not looking at how things look in general. The legal system wants to know whether THIS service is in THIS interaction lying to THIS user. Which means that pushing back users to someone who may or may not check responses is completely orthogonal to the user's need for privacy and her need for a meaningful interaction that allows for legal claims. 3/ You would not need any TPE implementation at all as the only meaningful interaction takes place with the DPA browser. Everything else is the expression of a nice wish. DSL modems with default header injection are as good. But there is nothing binding the user can rely on. So there no advantage compared to the current situation where tools spawn DNT:1 headers and nobody knows what it means or whether it is followed. 4/ I doubt that Roy's claim is right that a service would never react on a user. At least in the EU that would mean cookies are dead because a service can't react on a user's DNT:0 signal. To be meaningful, you need at least look at the response header that you get anyway. It may mean that the response headers will dominate over the WKL despite the fact that the spec says the other way around. But I was always of the opinion that the WKL is adding overhead. Without meaningful TPE/TCS we will go further down the blocking tools. The transparency MS refuses to implement is key to the building of trust that the market place needs. So please re-consider. --Rigo
Received on Tuesday, 23 April 2013 13:01:46 UTC