Re: TPE sec 6.11 on clearing granted exceptions

I think in-band user-granted exceptions have at least two advantages over use of cookies in storing exception consent:
* DNT:0 can be sent even when there is no cookie or cookies are not sent
* user-agent-managed exceptions can be reviewed and cleared from a centralized store

I think perhaps the SHOULD text is a little too specific; browsers are taking different approaches to clearing client-side state and while I think there probably always should be an option to clear all client-side state simultaneously, there will also very likely be implementations that clear cookies or other caches separately. I think the general principle of clearing state set and then subsequently accessible by JavaScript is an important one, and worth noting in the spec.

That would be a third advantage for using in-band exceptions: exceptions may be retained when a user chooses to clear cookies but not other client-side state.

Thanks,
Nick

On Apr 17, 2013, at 7:44 PM, David Singer <singer@apple.com> wrote:

> This text was part of the resolution to issue-114
> 
> <http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0608.html>
> 
> and added in.  Sometime later it had minor changes (from 'consider clearing' to 'clear').
> 
> I agree with your concern.
> 
> On Apr 18, 2013, at 1:23 , Roy T. Fielding <fielding@gbiv.com> wrote:
> 
>> I just noticed this sentence in section 6.11 (Fingerprinting):
>> 
>> "User agents SHOULD clear stored user-granted exceptions when
>>  the user chooses to clear cookies or other client-side state."
>> 
>> IMO, this would make UGEs have no value over cookies for storing
>> consent.  Is that intentional?
>> 
>> ....Roy
>> 
>> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.

Received on Thursday, 25 April 2013 23:40:57 UTC