- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Mon, 29 Jul 2013 08:56:59 +0200
- To: public-tracking@w3.org
On 2013-07-29 08:33, SULLIVAN, BRYAN L wrote: > <Bryan> I don't think there is such a principle in IETF. Otherwise > there would be no role for HTTP proxies and other elements described > in RFCs. Networks must be allowed to be intelligent and an active > participant in serving verifiable user preferences. Actually, it is a long standing engineering principle of the internet that the network's intelligence is at its edges. I would agree with Shane that by and large having any signals inserted or manipulated by intermediate routers is less desirable the further away you get from the edges. I do disagree however that this standard should try to fix a problem that it can't fix: that of unduly inserted DNT headers. As long as you can't control both ends of the transaction (in the case of HTTPS) and all intermediate routers, you're going to have no guarantee that you can trust what you receive. Just like the users are expected to trust a website that says it will respect a DNT signal, the websites can be expected to trust a user's DNT signal. The proposed UGE mechanism may be helpful to detect non-compliant UAs or insertion of non-compliant DNT signals, but up to a point. I can foresee privacy-enhancing UA-extensions that will support the UGE API and just revoke any exceptions granted by default and/or decline exception requests. As I have said before: any attempt to redress this is repeating the fundamental mistakes in DRM. Out of band consent is the only way to go if you want to be able to ignore DNT:1. Regards, Walter
Received on Monday, 29 July 2013 06:57:27 UTC