- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Wed, 26 Jun 2013 08:17:52 -0400
- To: Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org Group" <public-tracking@w3.org>
- Message-ID: <CDF051A9.34258%achapell@chapellassociates.com>
Justin, I disagree. As of mid-March when it was agreed that UA disclosures would be revisited, the "explicit choice for privacy language" was only ok if the browser/plug-in/UA also was able to meet the disclosure guidelines. I do agree that disclosure requirements for UGE/OOBC should mirror the UA disclosure requirements. From: Justin Brookman <jbrookman@cdt.org> Date: Tuesday, June 25, 2013 2:43 PM To: "public-tracking@w3.org Group" <public-tracking@w3.org> Subject: June Change Proposal, user agent compliance, ISSUE-172, ISSUE-194 Resent-From: <public-tracking@w3.org> Resent-Date: Tue, 25 Jun 2013 18:43:44 +0000 > I believe that that June draft is overly prescriptive on user agent > compliance, and backtracks on a previous group decision to allow user agents > to send DNT:1 when the user makes an explicit choice for privacy (jt also > backtracks on our prior agreement to be equally prescriptive in dictating > interface for setting DNT in the first place and for granting UGE/OOBC). I > propose to restate User Agent Compliance to mirror existing language in the > TPE: > > The goal of this protocol is to allow a user to express their personal > preference regarding tracking to each server and web application that they > communicate with via HTTP, thereby allowing each service to either adjust > their behavior to meet the user's expectations or reach a separate agreement > with the user to satisfy all parties. > > Key to that notion of expression is that the signal sent must reflect the > user's preference, not the choice of some vendor, institution, site, or any > network-imposed mechanism outside the user's control; this applies equally to > both the general preference and exceptions. The basic principle is that a > tracking preference expression is only transmitted when it reflects a > deliberate choice by the user. In the absence of user choice, there is no > tracking preference expressed. > > A user agent must offer users a minimum of two alternative choices for a Do > Not Track preference: unset or DNT:1. A user agent may offer a third > alternative choice: DNT:0. > > If the user's choice is DNT:1 or DNT:0, the tracking preference is enabled; > otherwise, the tracking preference is not enabled. > > A user agent must have a default tracking preference of unset (not enabled) > unless a specific tracking preference is implied by the decision to use that > agent. For example, use of a general-purpose browser would not imply a > tracking preference when invoked normally as SuperFred, but might imply a > preference if invoked as SuperDoNotTrack or UltraPrivacyFred. Likewise, a user > agent extension or add-on must not alter the tracking preference unless the > act of installing and enabling that extension or add-on is an explicit choice > by the user for that tracking preference. > > A user agent extension or add-on must not alter the user's tracking preference > setting unless it complies with the requirements in this document, including > but not limited to this section (Determining a User Preference). Software > outside of the user agent that causes a DNT header to be sent (or causes > existing headers to be modified) must not do so without ensuring that the > requirements of this section are met; such software also must ensure the > transmitted preference reflects the individual user's preference. > > We do not specify how tracking preference choices are offered to the user or > how the preference is enabled: each implementation is responsible for > determining the user experience by which a tracking preference is enabled > <http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-enabl > ed> . For example, a user might select a check-box in their user agent's > configuration, install an extension or add-on that is specifically designed to > add a tracking preference expression, or make a choice for privacy that then > implicitly includes a tracking preference (e.g., Privacy settings: high). The > user-agent might ask the user for their preference during startup, perhaps on > first use or after an update adds the tracking protection feature. Likewise, a > user might install or configure a proxy to add the expression to their own > outgoing requests. > > Although some controlled network environments, such as public access terminals > or managed corporate intranets, might impose restrictions on the use or > configuration of installed user agents, such that a user might only have > access to user agents with a predetermined preference enabled, the user is at > least able to choose whether to make use of those user agents. In contrast, if > a user brings their own Web-enabled device to a library or cafe with wireless > Internet access, the expectation will be that their chosen user agent and > personal preferences regarding Web site behavior will not be altered by the > network environment, aside from blanket limitations on what resources can or > cannot be accessed through that network. Implementations of HTTP that are not > under control of the user must not generate or modify a tracking preference.
Received on Wednesday, 26 June 2013 12:18:24 UTC