RE: extensions in Determining User Preference

On 2014-04-08 21:36, Shane M Wiley wrote:
> Walter,
> I agree that any technical standard that setups up compliance
> confirmation for the Server but not one for the signal setter is
> "pointless".  While we've done our best to introduce this disconnect
> in the WG process, it was ultimately decided to punt on this issue.
> Expect to see more on this in Last Call comments.

I maybe misreading, but this is not the reference I was asking for. 
Also, on substance, I would say that any server that expects the user to 
trust the server to adhere to whatever compliance spec the server claims 
to adhere without trusting the user's expression of his or her tracking 
preferences prima facie is a few clowns short of a circus.

> That said, while difficult, web browser compliance can be discovered
> in a lab.  We can install a web browser and a specific plug-in and
> observe the interactions to determine if there was compliance.

Such observation is meaningless since you cannot verify remotely what 
plug-ins are active on a browser. So even if you have observed that a 
certain browser and plug-in combo violate the rule you are suggesting 
(with or without resorting to decompilation of both, which may or may 
not be IPR infringement), you cannot reliably observe for a certain 
interaction that that browser and plug-in combo is in play. Because 
there is nothing that prevents a plug-in that already willfully inserts 
a DNT:1 signal in the HTTP-requests to override browser preferences from 
removing any evidence of its presence from any HTTP-requests and to 
filter out any API-calls by fingerprinting Javascript. So from the very 
start a completely pointless exercise. We all have much better things to 
do than soiling this process with fundamentally senseless issues like 
this. Just stop it.



Received on Tuesday, 8 April 2014 19:59:35 UTC