- From: David Singer <singer@apple.com>
- Date: Fri, 26 Apr 2013 09:35:34 +0900
- To: Nicholas Doty <npdoty@w3.org>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Thanks, Nick perhaps this section should merely point out that exceptions form part of the client-stored state, along with cookies and other technologies, and should be considered for inclusion in any state management tools? On Apr 26, 2013, at 8:40 , Nicholas Doty <npdoty@w3.org> wrote: > I think in-band user-granted exceptions have at least two advantages over use of cookies in storing exception consent: > * DNT:0 can be sent even when there is no cookie or cookies are not sent > * user-agent-managed exceptions can be reviewed and cleared from a centralized store > > I think perhaps the SHOULD text is a little too specific; browsers are taking different approaches to clearing client-side state and while I think there probably always should be an option to clear all client-side state simultaneously, there will also very likely be implementations that clear cookies or other caches separately. I think the general principle of clearing state set and then subsequently accessible by JavaScript is an important one, and worth noting in the spec. > > That would be a third advantage for using in-band exceptions: exceptions may be retained when a user chooses to clear cookies but not other client-side state. > > Thanks, > Nick > > On Apr 17, 2013, at 7:44 PM, David Singer <singer@apple.com> wrote: > >> This text was part of the resolution to issue-114 >> >> <http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0608.html> >> >> and added in. Sometime later it had minor changes (from 'consider clearing' to 'clear'). >> >> I agree with your concern. >> >> On Apr 18, 2013, at 1:23 , Roy T. Fielding <fielding@gbiv.com> wrote: >> >>> I just noticed this sentence in section 6.11 (Fingerprinting): >>> >>> "User agents SHOULD clear stored user-granted exceptions when >>> the user chooses to clear cookies or other client-side state." >>> >>> IMO, this would make UGEs have no value over cookies for storing >>> consent. Is that intentional? >>> >>> ....Roy >>> >>> >> >> David Singer >> Multimedia and Software Standards, Apple Inc. David Singer Multimedia and Software Standards, Apple Inc.
Received on Friday, 26 April 2013 00:36:03 UTC