Re: Confused by DAA's messages. Please explain from Peter Cranstone on 2013-07-08 (public-tracking@w3.org from July 2013)

From: Peter Cranstone <peter.cranstone@gmail.com>
Date: Mon, 08 Jul 2013 12:35:39 -0600
To: David Singer <singer@apple.com>
CC: <public-tracking@w3.org>
Message-ID: <CE00600A.14F6%peter.cranstone@gmail.com>
David,

Thanks for the clarification - but you answer is as ambiguous as Roy's
syntactically DNT argument. Here's why - just do the following on your
iPhone: Settings > Safari > Turn On Private Browsing.

Next please tell me where I get the 'conscious choice' to enable a DNT
setting? I don't even see DNT listed  in fact you wouldn't even know it's
actually been set UNLESS you hit a server echo page. How does that align
with the spec?

So I went and checked the latest spec:

> Key to that notion of expression is that the signal sent must reflect the
> user's preference, not the choice of some vendor, institution, site, or any
> network-imposed mechanism outside the user's control; this applies equally to
> both the general preference and exceptions. The basic principle is that a
> tracking preference expression is only transmitted when it reflects a
> deliberate choice by the user. In the absence of user choice, there is no
> tracking preference expressed. A user agent must offer users a minimum of two
> alternative choices for a Do Not Track preference: unset or DNT:1. A user
> agent may offer a third alternative choice: DNT:0.

Apple has imposed a choice on the user. By selecting Private Browsing you
MUST accept a DNT setting of 1. There is no choice in the matter.
Semantically your argument is correct because what you're saying is that 'I
want private browsing therefore I MUST want DNT=1'. Well in that case why
doesn't the spec reflect that if a user wants to 'privately browse' from any
web browser (which we all do) then the default setting becomes a 1.

You can't have it both ways  IE10 asks the user to select a privacy setting
whereby a DNT signal is sent. Currently Apple doesn't offer a Privacy
setting where there is a choice of what is sent which can be selected by the
user. (No way to send a DNT=0).

Apple's Mobile Safari implementation of the TPWG spec does NOT meet the
correct guidelines  you can argue all you want, but until I can set a
signal value myself where I actually get to click on something (just like
firefox does) then 'syntactically' you're not in compliance with the spec.




Peter
_________________________
Peter J. Cranstone
Cell: 720.663.1752


CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files
or previous e-mail messages attached to it may contain information that is
confidential or legally privileged. Any unauthorized review, use, disclosure
or distribution of such information is prohibited. If you are not the
intended recipient, please notify the sender by telephone or return e-mail
and delete the original transmission and its attachments and destroy any
copies thereof. Thank you.









On 7/8/13 12:24 PM, "David Singer" <singer@apple.com> wrote:

> 
> On Jul 8, 2013, at 19:06 , Peter Cranstone <peter.cranstone@gmail.com> wrote:
> 
>>  David,
>>  
>>  Sadly Roy MUST now add Mobile Safari on iOS to the list of syntactically
>> challenged browsers. If I turn on 'Private Browsing' in Mobile Safari the
>> 'DEFAULT' is to set DNT=1 which is now a violation of the standard because as
>> a user I MUST be able to control that setting individually as in I want
>> Private Browsing by I want to be tracked. (I know crazy  but there you go).
> 
> No, we don't require that it be set 'individually' we say it has to be the
> result of a conscious choice by the user.  The user indicating that they want
> 'private browsing', which requests BOTH local and remote behavior (a new local
> context, and DNT sent) is entirely consistent with an explicit user choice.
> 
> Please try to distinguish your reading from factsŠRoy could think about it,
> for user, but he's not required, and I would advise him against it.
> 
>>  
>>  So it looks like IE10 and iOS 6/7 are now out of the running on this spec. I
>> believe that wipes out several hundred million devices. But there you go  to
>> do otherwise would be to promote the incorrect implementation of open Web
>> standards.
>>  
>>  
>>  
>>  
>>  Peter
>>  _________________________
>>  Peter J. Cranstone
>>  Cell: 720.663.1752
>>  
>>  
>>  
>>  On Jul 8, 2013, at 18:40 , "Roy T. Fielding" <fielding@gbiv.com
>>>  > wrote:
>>  
>>>  > By testing the behavior of the client. For example, it takes about five
>>> minutes to determine that IE10 violates those semantics. IE11 could fix that
>>> easily.
>>  
>>  I think you may be able to determine by inspection that a user-agent has a
>> default, in violation of the spec.  Is that what you mean?
>>  
>>  I don't think you can determine which users explicitly confirmed that
>> setting, and want it, which I think is your paragraph below.
>>  
>>>  >
>>>  > David, I am not interested in the philosophical discussion about whether
>>> a user might have set the option. Any client that sends a preference when no
>>> such preference has been set will be ignored, just like we ignore other
>>> fields that have been incorrectly implemented, until it has been shown to be
>>> fixed by a new release or the field definition matches the implementation.
>>> To do otherwise would encourage the incorrect implementation of open Web
>>> standards.
>>>  >
>>>  > ....Roy
>>>  >
>>>  >
>>>  > On Jul 8, 2013, at 7:10 AM, David Singer <
>>  singer@apple.com
>>>  > wrote:
>>>  >
>>>>  >>
>>>>  >> On Jul 8, 2013, at 2:36 , "Roy T. Fielding" <
>>  fielding@gbiv.com
>>>  > wrote:
>>>>  >>
>>>>>  >>> On Jul 6, 2013, at 5:29 PM, David Singer wrote:
>>>>>>  >>>> On Jul 6, 2013, at 10:20 , Roy T. Fielding <
>>  fielding@gbiv.com
>>>  > wrote:
>>>>>>  >>>>
>>>>>>>  >>>>> I can't speak to the DAA proposal (having not even read it yet
>>>>>>> while on vacation), but I can say that I will continue disregarding
>>>>>>> semantically invalid HTTP signals no matter what anyone else's opinion
>>>>>>> might be.
>>>>>>  >>>>
>>>>>>  >>>> syntactically invalid I understand.
>>>>>>  >>>>
>>>>>>  >>>> what do you mean by 'semantically invalid'?  contradictory?  or you
>>>>>> believe I don't mean what I am saying?  or something else?
>>>>>  >>>
>>>>>  >>> DNT:1 has a defined semantic.  If it is sent by a client when that
>>>>>  >>> semantic is not true, then it is an invalid use of HTTP.
>>>>  >>
>>>>  >> And which semantics can be ascertained to be true or not, remotely?  I
>>>> am genuinely curious.
>>>>  >>
>>>>>  >>>
>>>>>  >>> ....Roy
>>>>  >>
>>>>  >> David Singer
>>>>  >> Multimedia and Software Standards, Apple Inc.
>>>>  >>
>>  
>>  David Singer
>>  Multimedia and Software Standards, Apple Inc.
>>  
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
>
Received on Monday, 8 July 2013 18:36:14 UTC