Re: Agenda for 21 December 2012 TPE call - V02 from David Singer on 2013-01-22 (public-tracking@w3.org from January 2013)

From: David Singer <singer@apple.com>
Date: Tue, 22 Jan 2013 12:36:56 +0100
To: David Wainberg <david@networkadvertising.org>
Cc: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <13C7BCD8-CE40-4D71-A06E-97F55128CBC4@apple.com>

On Jan 21, 2013, at 23:27 , David Wainberg <david@networkadvertising.org> wrote:

> Hi Matthias,
> 
> On 1/21/13 2:56 PM, Matthias Schunter (Intel Corporation) wrote:
>> ISSUE-153: What are the implications on software that changes requests but does not necessarily initiate them?
>> https://www.w3.org/2011/tracking-protection/track/issues/153
>>      Proposed text (by david and nick): "Software outside of the user agent that causes a DNT header to be sent (or modifies existing headers) MUST NOT
>>   do so without following the requirements of this section; such software is responsible for assuring the expressed preference reflects the user's intent." 
> 
> I have pointed out previously (multiple times) that there are proposed alternatives to this language. http://lists.w3.org/Archives/Public/public-tracking/2012Dec/0030.html
> 
> Is there something else I need to do to ensure those alternatives stay with this issue?

Hi David

one problem is that the two alternatives both have issues:

"A UA that allows or enables other software to alter the DNT setting
MUST ensure that such alteration reflects the user's intent."

The UA doesn't "allow" a proxy or other gateway to insert or modify headers; it's just something that happens.  There is no control that the UA has of the proxy.

And Walter suggested this, which I could accept in lieu of my proposal:

"A UA MUST incorporate detection mechanisms for alteration of
DNT-preferences by third-party software (including third-party
UA-extensions and plugins) and MUST upon detection of such changes
verify with the user that they reflect the user's intentions. The UA MAY
provide the user with the option to ignore future changes in the
DNT-preferences or to automatically change them back to a user-set
preference."

Since the UA can't currently tell what DNT header (if any) is actually reaching the sites, it has no way to detect if it's different from the one it thought it sent, so the MUST is unachievable, alas.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 22 January 2013 11:37:45 UTC