- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Wed, 10 Jul 2013 10:59:04 -0400
- To: Sid Stamm <sid@mozilla.com>
- CC: Justin Brookman <jbrookman@cdt.org>, <public-tracking@w3.org>
Thanks Sid / Justin - I'm wondering if this addresses things better. Proposed language: "A user agent MUST NOT share information related to the network interaction with parties outside such interaction without consent." Does that address your concern? -a On 7/10/13 10:39 AM, "Sid Stamm" <sid@mozilla.com> wrote: >Alan, > >I think I get where you're going, but I'm not sure this language is clear. > >On 7/10/13 7:10 AM, Alan Chapell wrote: >> Proposed language: >> "A user agent MUST NOT share information related to the network >>interaction >> without consent." > >This suggests to me that the user agent must not share information about >one network interaction (A) with another network interaction (B).... >which in turn makes me wonder about multi-interaction sites (those with >first party A and third party B). > >Do UAs stop sending referrers? That is a direct share of URL from A >with entity in B. I don't think we want to go down this path. > >> Rationale: >> In reviewing the June draft with colleagues, it occurred to me that some >> User Agents ¡© technically speaking ¡© could engage in tracking. My sense >>is >> that it is implicit that User agents would fall under the definition of >> third party under this spec and therefore would be subject to certain >> requirements. My goal was to make that more explicit. > >I agree with Ted here: user agents are employed by their users and >self-collection (tracking ones self) isn't a first or third party >activity the way we've been discussing them. > >My feel is that we don't need this language at all since "UA company as >a web property" would already have reason to comply, and no new language >is required to trigger it. > >But consider the hypothetical situation where the user agent >automatically transmits my browsing history to some data-collection >service. Shouldn't the DNT header be sent along with that transmission, >requesting that the service respects it? My concern is that as soon as >we start requiring the UA to block transmissions of anything, we risk >creeping into the realm of content blocking instead of signal-sending >(which I don't think we want to do in this WG). > >-Sid > >
Received on Wednesday, 10 July 2013 14:59:39 UTC