W3C home > Mailing lists > Public > public-tracking@w3.org > June 2013

Re: Batch closing of TPE related issues

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Wed, 12 Jun 2013 15:51:02 +0000
To: Nicholas Doty <npdoty@w3.org>
CC: Shane Wiley <wileys@yahoo-inc.com>, Rob van Eijk <rob@blaeu.com>, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <8F09185F-1EA0-4EFB-9CE0-91DB8A09977F@att.com>

On Jun 12, 2013, at 4:07 PM, "Nicholas Doty" <npdoty@w3.org> wrote:

I didn't understand ISSUE-192 to be about the capability for revocation of user-granted exceptions within the browser, but a question as to whether the API for storing user-granted exceptions in the user agent should include capabilities for cookie semantics, including timed expiration or secure-only. I agree with the resolution that it doesn't seem at this time like those capabilities are needed. To Rob's point, I don't think ISSUE-192 addresses the question of user control of revoking user-granted exceptions; we should go ahead and close it.

When the idea of user-granted exceptions as stored in the browser (rather than consent mediated by the browser) was first proposed, I did try to express concern about the confusing situation of simultaneously using stored user-granted exceptions and out-of-band consent. One key advantage of having user-granted exceptions stored by the user agent is that the user can inspect them in a single place and revoke granted permissions at a time of their choosing. If users revoke these exceptions but the consent is also stored through some out-of-band means and so the user continues to be told that they have consented to being tracked in a specific context, it would be surprising to the user and it might become difficult to opt-back-out.

<Bryan> perhaps, Nick. But that "single place" advantage is only applicable if (1) you don't consider that the user will likely be accessing services via many devices and multiple browsers; (2) the UI/UX across UAs is fairly consistent, with UAs here meaning any Webview-enabled hybrid app also - a very unlikely scenario IMO.
Received on Wednesday, 12 June 2013 15:52:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:39:41 UTC