RE: any additional Proposals on UA requirement to handle exceptions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I know the rules about UAs are getting mixed up with  those on intermediaries (users do not care about the difference anyway), but I thought of another use-case where this is relevant.  

In the EU and the US parental consent is required before children can be tracked so a router that can override DNT:0 on some devices would have a market. A child might click a tracking consent checkbox but below an age level this cannot be relied upon, and a parent might want to enforce that. 

So an intermediary in some circumstances should be able to override DNT:0 as well as DNT unset. For "balance" it would also be logical to allow overriding of DNT:1 say by JS capable intermediaries for a UA like Lynx (obscure I know). 

This complexity points to the spec. staying silent about this. I think we can all agree that a UA should implement the UA and leave it at that. The market will take care of the rest, and the earlier we can get to LC the more chance that the majority of UAs will support it.

Mike


> -----Original Message-----
> From: Walter van Holst [mailto:walter.van.holst@xs4all.nl]
> Sent: 06 December 2013 17:51
> To: public-tracking@w3.org
> Subject: Re: any additional Proposals on UA requirement to handle exceptions
> 
> On 06/12/2013 18:35, Shane M Wiley wrote:
> > Walter,
> >
> > If Web Browsers can not fully implement DNT TPE, why are Servers required to
> fully implement?  It's this balance that's completely missing in your argument.
> 
> I don't see any reasonable equivalence here that would warrant such a
> comparison. Ultimately DNT tries to address a server-side problem, so I
> don't see a need to 'balance' the standard by adding burdens on the UA
> side of things. The basic principle is simple: if you have no proof that
> the DNT signal you receive is a misrepresentation of the user's
> intentions, then you should honour it.
> 
> What I do perceive however is several parties at the table doing their
> utmost not to create a standard and if there must be a standard a
> standard without consequences and if there must be consequences then the
> standard must allow for as many pretexts to ignore a DNT:1 signal as
> possible. Or to make it otherwise as convoluted as possible. Even if
> that means that the visually impaired get no say in their online privacy.
> 
> > As far as your questions, perhaps I missed those - can you please resend?
> 
> >From my earlier message, which you answered:
> 
> "Or even a more likely use case:
> 
> A visually impaired person uses a screenreader and a text-only web
> browser such as lynx. He or she has a router configured to insert DNT:1
> for any network interaction that has DNT unset, as configured per the
> explicit wishes of the user.
> 
> a) how would this not be an informed opt-out?
> b) how is this fundamentally different from a user that uses a UA that
> meets your requirements but just never grants an exception?
> c) how is this different from a user that uses a UA that has javascript
> turned off by default and keeps it turned off for third-party content?
> d) how is the server going to know that there is no UGE support at all
> other than through discrimination based on user agent strings?"
> 
> Please answer each of them.
> 
> Regards,
> 
>  Walter
> 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/
Charset: utf-8

iQEcBAEBAgAGBQJSoiaQAAoJEHMxUy4uXm2JvUgIAJLtJqNmgoaQPqtvDZj5FnFG
GpzmIwCUWkV0KizmMiYcF+f6QJQVMMTCBeDO3X/HC1bMqDNT2LQSTAxBUCEj/vJM
MNwn+O+ZRTh4Ig9DGYKjc0O7tn0TpDne2Gv2kpVa9oR0gvQVyCwJHm8Bv/apEE+F
2IblyycbMGN8Zn0Dl1M0UFZMKC2wOc5MnpWxxOGj9g+vQy21KQfkg9EUzJL1bihh
/b55888azOv7a/8ILIHWqhVbZGya1xK+psyB/HMrC9BfXGrYwK9pRgb8nzZkhQSo
aF57Y0tx+YUIARVkkDjg6zShihxFSC/oqpp5t7TUwhAPs7oT7bK7AGe0aIE/xa4=
=9Fle
-----END PGP SIGNATURE-----

Received on Friday, 6 December 2013 19:34:13 UTC