Re: Confused by DAA's messages. Please explain

On Jul 9, 2013, at 14:11 , Peter Cranstone <peter.cranstone@gmail.com> wrote:

> David,
> 
>>> in your opinion, which I think is flawed.
> 
> I went back again and reviewed the TPE – my personal opinion is that Apple is walking a very fine line here with the spec. The TPE spec requires a minimum of two choices –  DNT:Unset (null) or DNT:1 – it MAY offer a third choice DNT:0
> 
> So if go with the 'broadest' possible view of the spec I'd say that you're right on the edge. In Safari iOS there is NO warning, notification or whatever that DNT has been enabled. It's assumed that because I want 'Private Browsing' that I also don't want to be tracked. That's a VENDOR choice but you're including it as a CONSUMER choice. Again a very fine line.

As I say, the documentation, messaging, help and so on are a work in progress.  This small feature change was planned a long time ago, well before we had even specs we could point at, let alone agreed shared help text.

> Lets talk about DNT:0 for a moment. This is required in the EU - currently it's not in iOS 6 which means that 'technically' any iPhone used overseas is not compliant.

Please be careful with the use of words; compliance is a statement about the spec., and the spec. doesn't require being able to send DNT:0.  Whether our EU users (or others) would find it desirable, necessary, or useful is something we're evaluating.  We're compliant; whether a DNT:0 choice is needed for some users is another question.

> Which makes me wonder how you intend to solve that one, especially if I'm traveling between the US and EU. Where do I change MY choice - currently you can't.

You can turn on or off both DNT (naked) and DNT-with-local-privacy as much or as often as you like.  I don't understand your problem here.

> In the US IMO you're borderline compliant - in the EU you're not compliant. To solve the problem in an unambiguous manner there must be a clear choice for the consumer, not a vendor imposed assumption.

The user chooses privacy or not.  There is no 'assumption' here.  Indeed, if we find a need for local privacy protection (the 'clean slate' we establish in private browsing mode) WITHOUT DNT:1, we'll evaluate that.  I have a hard time envisioning, right now, why it might be needed.  You want to be private, but NOT tell the servers you communicate with?

> Also remember this thread was started because of the whole 'syntactic' issue - until DNT has a method to determine who set the signal then if the content provider says they honor that then they MUST follow the spec. Singling out Microsoft or any other vendor is NOT possible via the spec. If Roy wishes to add another patch to Apache that does that, that's his prerogative, but now IMO he violates the spec again because he's interfering with a signal that he cannot clearly detect was NOT set by a user.   

I agree. If you don't like the reason a product signals something, you honor the signal and complain to the authors.  You don't try (and often fail) to second-guess the user.


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 9 July 2013 13:40:04 UTC