- From: Nicholas Doty <npdoty@w3.org>
- Date: Thu, 25 Apr 2013 16:40:48 -0700
- To: David Singer <singer@apple.com>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
I think in-band user-granted exceptions have at least two advantages over use of cookies in storing exception consent: * DNT:0 can be sent even when there is no cookie or cookies are not sent * user-agent-managed exceptions can be reviewed and cleared from a centralized store I think perhaps the SHOULD text is a little too specific; browsers are taking different approaches to clearing client-side state and while I think there probably always should be an option to clear all client-side state simultaneously, there will also very likely be implementations that clear cookies or other caches separately. I think the general principle of clearing state set and then subsequently accessible by JavaScript is an important one, and worth noting in the spec. That would be a third advantage for using in-band exceptions: exceptions may be retained when a user chooses to clear cookies but not other client-side state. Thanks, Nick On Apr 17, 2013, at 7:44 PM, David Singer <singer@apple.com> wrote: > This text was part of the resolution to issue-114 > > <http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0608.html> > > and added in. Sometime later it had minor changes (from 'consider clearing' to 'clear'). > > I agree with your concern. > > On Apr 18, 2013, at 1:23 , Roy T. Fielding <fielding@gbiv.com> wrote: > >> I just noticed this sentence in section 6.11 (Fingerprinting): >> >> "User agents SHOULD clear stored user-granted exceptions when >> the user chooses to clear cookies or other client-side state." >> >> IMO, this would make UGEs have no value over cookies for storing >> consent. Is that intentional? >> >> ....Roy >> >> > > David Singer > Multimedia and Software Standards, Apple Inc.
Received on Thursday, 25 April 2013 23:40:57 UTC