- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 26 Apr 2013 01:31:29 -0700
- To: Nicholas Doty <npdoty@w3.org>
- Cc: David Singer <singer@apple.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Apr 25, 2013, at 4:40 PM, Nicholas Doty wrote: > I think in-band user-granted exceptions have at least two advantages over use of cookies in storing exception consent: > * DNT:0 can be sent even when there is no cookie or cookies are not sent > * user-agent-managed exceptions can be reviewed and cleared from a centralized store So can a specialized cookie (a standard name that can optionally be manipulated by an additional set of tools on the browser). If a user agent is not sending any cookies, sending DNT:0 is not going to help much. > I think perhaps the SHOULD text is a little too specific; browsers are taking different approaches to clearing client-side state and while I think there probably always should be an option to clear all client-side state simultaneously, there will also very likely be implementations that clear cookies or other caches separately. I think the general principle of clearing state set and then subsequently accessible by JavaScript is an important one, and worth noting in the spec. > > That would be a third advantage for using in-band exceptions: exceptions may be retained when a user chooses to clear cookies but not other client-side state. > > Thanks, > Nick I don't think I was clear. Currently, the only advantage the UGE framework has is that it doesn't get cleared when cookies get cleared. If that isn't true, we should delete the entire framework and replace it with a named cookie that is sent along with the DNT:1 signal. Then we wouldn't have to wait until all browsers implement UGEs and we wouldn't have to implement two different opt-in consent mechanisms. ....Roy
Received on Friday, 26 April 2013 08:32:17 UTC