Re: Issue for discussion on Wed - User Agent Compliance

Alan,

I think I get where you're going, but I'm not sure this language is clear.

On 7/10/13 7:10 AM, Alan Chapell wrote:
> Proposed language:
> "A user agent MUST NOT share information related to the network interaction
> without consent."

This suggests to me that the user agent must not share information about
one network interaction (A) with another network interaction (B)....
which in turn makes me wonder about multi-interaction sites (those with
first party A and third party B).

Do UAs stop sending referrers?  That is a direct share of URL from A
with entity in B.  I don't think we want to go down this path.

> Rationale: 
> In reviewing the June draft with colleagues, it occurred to me that some
> User Agents ­ technically speaking ­ could engage in tracking. My sense is
> that it is implicit that User agents would fall under the definition of
> third party under this spec and therefore would be subject to certain
> requirements. My goal was to make that more explicit.

I agree with Ted here: user agents are employed by their users and
self-collection (tracking ones self) isn't a first or third party
activity the way we've been discussing them.

My feel is that we don't need this language at all since "UA company as
a web property" would already have reason to comply, and no new language
is required to trigger it.

But consider the hypothetical situation where the user agent
automatically transmits my browsing history to some data-collection
service.  Shouldn't the DNT header be sent along with that transmission,
requesting that the service respects it?  My concern is that as soon as
we start requiring the UA to block transmissions of anything, we risk
creeping into the realm of content blocking instead of signal-sending
(which I don't think we want to do in this WG).

-Sid

Received on Wednesday, 10 July 2013 14:40:14 UTC