It was hoped that the TPE spec could meet the requirements for "browser
settings" referred to in recital 66 of the EU Privacy Directive.  This has
not been done, other than the ability to signal DNT:0 to embedded
third-parties (which is nevertheless diminished by the confusion between the
meaning of DNT unset in different jurisdictions). Given that tracking relies
on storing unique identifiers in the browser, so that subsequent HTTP
transactions from the same device/user can be associated with each other and
the user's web history collected, it would be relatively simple to extend
user control over these identifiers.


We could introduce a new member to the Tracking Status Resource JSON called,
say, remove-storage. This contains the URI of a resource that will return a
set-cookie or set-cookie2 header that deletes all cookies indicated in the
request and also return an HTML document containing script that would delete
localStorage. This would allow the user to cause their UA to send a GET to
this resource to remove identifiers that may be used in a third-party


If it was thought that it is too late to introduce a protocol element at
this stage we could add this as a requirement on origin servers if the
resource indicated by the "edit" TSR member is accessed with DNT:1. This
would only require some non-normative text to be added to the TRF













Received on Wednesday, 15 May 2013 06:50:19 UTC