- From: Sid Stamm <sid@mozilla.com>
- Date: Wed, 10 Jul 2013 07:39:41 -0700
- To: Alan Chapell <achapell@chapellassociates.com>
- CC: Justin Brookman <jbrookman@cdt.org>, public-tracking@w3.org
Alan, I think I get where you're going, but I'm not sure this language is clear. On 7/10/13 7:10 AM, Alan Chapell wrote: > Proposed language: > "A user agent MUST NOT share information related to the network interaction > without consent." This suggests to me that the user agent must not share information about one network interaction (A) with another network interaction (B).... which in turn makes me wonder about multi-interaction sites (those with first party A and third party B). Do UAs stop sending referrers? That is a direct share of URL from A with entity in B. I don't think we want to go down this path. > Rationale: > In reviewing the June draft with colleagues, it occurred to me that some > User Agents technically speaking could engage in tracking. My sense is > that it is implicit that User agents would fall under the definition of > third party under this spec and therefore would be subject to certain > requirements. My goal was to make that more explicit. I agree with Ted here: user agents are employed by their users and self-collection (tracking ones self) isn't a first or third party activity the way we've been discussing them. My feel is that we don't need this language at all since "UA company as a web property" would already have reason to comply, and no new language is required to trigger it. But consider the hypothetical situation where the user agent automatically transmits my browsing history to some data-collection service. Shouldn't the DNT header be sent along with that transmission, requesting that the service respects it? My concern is that as soon as we start requiring the UA to block transmissions of anything, we risk creeping into the realm of content blocking instead of signal-sending (which I don't think we want to do in this WG). -Sid
Received on Wednesday, 10 July 2013 14:40:14 UTC