- From: Peter Cranstone <peter.cranstone@3pmobile.com>
- Date: Mon, 2 Sep 2013 14:22:53 +0000
- To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- CC: Mike O'Neill <michael.oneill@baycloud.com>, 'Chris Mejia' <chris.mejia@iab.net>
Rigo, Normally I would agree with you, but in this case there is nothing more to talk about. You have to treat the signal as valid until you can prove it isn't. The only way to do that is with an exception which is still possible to intercept. So all you will do is end up in another endless loop discussion. Start treating DNT signals as valid because they are, and that's what AB 370 assumes. And as soon as it becomes law you're going to need to know how your service is going to respond to a a DNT signal. The debate is over, the cows have left the barn for good. Peter _________________________ Peter J. Cranstone On 9/2/13 8:11 AM, "Rigo Wenning" <rigo@w3.org> wrote: >Hi Mike, > >this is certainly interesting for web apps, but doesn't tell the >receiver of the signal whether the signal was created following the >rules. Everybody can just inject a header. We could have signed headers >etc. So there is still lots to talk about. > > --Rigo > >On Monday 02 September 2013 09:58:00 Mike O'Neill wrote: >> Other W3C groups are working on cross-platform standards for web apps. >> Web apps need access to device interfaces for such things as >> telephony, geo-location and contact lists so "certified" apps are >> being defined which those that would have access to such "sensitive" >> APIs. A certified app is cryptographically signed by an organisation >> such as an app webstore to prove it has been vetted. > >
Received on Monday, 2 September 2013 14:23:22 UTC