W3C home > Mailing lists > Public > public-tracking@w3.org > July 2013

Re: Issue for discussion on Wed - User Agent Compliance

From: Alan Chapell <achapell@chapellassociates.com>
Date: Wed, 10 Jul 2013 10:59:04 -0400
To: Sid Stamm <sid@mozilla.com>
CC: Justin Brookman <jbrookman@cdt.org>, <public-tracking@w3.org>
Message-ID: <CE02ED1A.35251%achapell@chapellassociates.com>
Thanks Sid / Justin - I'm wondering if this addresses things better.

Proposed language:
"A user agent MUST NOT share information related to the network
interaction with parties outside such interaction without consent."

Does that address your concern?


On 7/10/13 10:39 AM, "Sid Stamm" <sid@mozilla.com> wrote:

>I think I get where you're going, but I'm not sure this language is clear.
>On 7/10/13 7:10 AM, Alan Chapell wrote:
>> Proposed language:
>> "A user agent MUST NOT share information related to the network
>> without consent."
>This suggests to me that the user agent must not share information about
>one network interaction (A) with another network interaction (B)....
>which in turn makes me wonder about multi-interaction sites (those with
>first party A and third party B).
>Do UAs stop sending referrers?  That is a direct share of URL from A
>with entity in B.  I don't think we want to go down this path.
>> Rationale: 
>> In reviewing the June draft with colleagues, it occurred to me that some
>> User Agents  technically speaking  could engage in tracking. My sense
>> that it is implicit that User agents would fall under the definition of
>> third party under this spec and therefore would be subject to certain
>> requirements. My goal was to make that more explicit.
>I agree with Ted here: user agents are employed by their users and
>self-collection (tracking ones self) isn't a first or third party
>activity the way we've been discussing them.
>My feel is that we don't need this language at all since "UA company as
>a web property" would already have reason to comply, and no new language
>is required to trigger it.
>But consider the hypothetical situation where the user agent
>automatically transmits my browsing history to some data-collection
>service.  Shouldn't the DNT header be sent along with that transmission,
>requesting that the service respects it?  My concern is that as soon as
>we start requiring the UA to block transmissions of anything, we risk
>creeping into the realm of content blocking instead of signal-sending
>(which I don't think we want to do in this WG).
Received on Wednesday, 10 July 2013 14:59:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:39:52 UTC