RE: Towards Text for ISSUE-176... (intermediaries) from SULLIVAN, BRYAN L on 2013-01-21 (public-tracking@w3.org from January 2013)

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Mon, 21 Jan 2013 15:40:23 +0000
To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <59A39E87EA9F964A836299497B686C351091EB50@WABOTH9MSGUSR8D.ITServices.sbc.com>

Matthias,

Your proposal is consistent with our view, that we should not prohibit any implementation approaches to DNT, given that the entity participating in the protocol is accurately representing the user's DNT preference. Intermediaries may not be strictly part of the user agent (per our earlier discussions, though I think the application of the term is too strict), but they certainly are valid tools in architecting services (including privacy as a facet of those services) that support a variety of key objectives especially for mobile users, e.g. service ubiquity, usability, efficiency, security, etc.

Thanks,
Bryan Sullivan

From: Matthias Schunter (Intel Corporation) [mailto:mts-std@schunter.org]
Sent: Monday, January 21, 2013 5:29 AM
To: public-tracking@w3.org (public-tracking@w3.org)
Subject: Towards Text for ISSUE-176... (intermediaries)

Hi DNT Team,

The following issue is still open:
- ISSUE-176: Requirements on intermediaries/isps and header insertion that might affect tracking
  http://www.w3.org/2011/tracking-protection/track/issues/176

I believe that we discussed this issue earlier and our spec currently contains this text:

An HTTP intermediary must not add, delete, or modify the DNT header field in requests forwarded through that intermediary unless that intermediary has been specifically installed or configured to do so by the user making the requests. For example, an Internet Service Provider must not inject DNT: 1 on behalf of all of their users who have not expressed a preference.

I believe that this statement is too strong. I suggest to augment it along the line of "If an intermediary wants to add, delete, or otherwise modify any DNT information, it needs to satisfy the constraints for user agents put forward in this document."

This would permit tools to change the information as long as they ensure that the resulting values, e.g., still reflect user preference. It also allows to add DNT support in an intermediary or OS as long as the requirements that we described are met.

Opinions?

Regards,
matthias

Received on Monday, 21 January 2013 15:41:12 UTC