- From: Peter Cranstone <peter.cranstone@3pmobile.com>
- Date: Wed, 10 Jul 2013 14:53:40 +0000
- To: Sid Stamm <sid@mozilla.com>, Alan Chapell <achapell@chapellassociates.com>
- CC: Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
The problem becomes one of auditing. Example: I set DNT:1, however for 5 particular web sites I authorize a DNT:0 exception. As long as all of this is stored (somehow) along with my browser history then it can all be transmitted to some third party collection agency assuming I authorize it. The issue becomes one of how do I store in my browser history all of my signal values including the UGE ones. Peter On 7/10/13 8:39 AM, "Sid Stamm" <sid@mozilla.com> wrote: >Alan, > >I think I get where you're going, but I'm not sure this language is clear. > >On 7/10/13 7:10 AM, Alan Chapell wrote: >> Proposed language: >> "A user agent MUST NOT share information related to the network >>interaction >> without consent." > >This suggests to me that the user agent must not share information about >one network interaction (A) with another network interaction (B).... >which in turn makes me wonder about multi-interaction sites (those with >first party A and third party B). > >Do UAs stop sending referrers? That is a direct share of URL from A >with entity in B. I don't think we want to go down this path. > >> Rationale: >> In reviewing the June draft with colleagues, it occurred to me that some >> User Agents ¡© technically speaking ¡© could engage in tracking. My sense >>is >> that it is implicit that User agents would fall under the definition of >> third party under this spec and therefore would be subject to certain >> requirements. My goal was to make that more explicit. > >I agree with Ted here: user agents are employed by their users and >self-collection (tracking ones self) isn't a first or third party >activity the way we've been discussing them. > >My feel is that we don't need this language at all since "UA company as >a web property" would already have reason to comply, and no new language >is required to trigger it. > >But consider the hypothetical situation where the user agent >automatically transmits my browsing history to some data-collection >service. Shouldn't the DNT header be sent along with that transmission, >requesting that the service respects it? My concern is that as soon as >we start requiring the UA to block transmissions of anything, we risk >creeping into the realm of content blocking instead of signal-sending >(which I don't think we want to do in this WG). > >-Sid >
Received on Wednesday, 10 July 2013 14:54:17 UTC