- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Tue, 08 Apr 2014 21:59:05 +0200
- To: public-tracking@w3.org
On 2014-04-08 21:36, Shane M Wiley wrote: > Walter, > > I agree that any technical standard that setups up compliance > confirmation for the Server but not one for the signal setter is > "pointless". While we've done our best to introduce this disconnect > in the WG process, it was ultimately decided to punt on this issue. > Expect to see more on this in Last Call comments. I maybe misreading, but this is not the reference I was asking for. Also, on substance, I would say that any server that expects the user to trust the server to adhere to whatever compliance spec the server claims to adhere without trusting the user's expression of his or her tracking preferences prima facie is a few clowns short of a circus. > That said, while difficult, web browser compliance can be discovered > in a lab. We can install a web browser and a specific plug-in and > observe the interactions to determine if there was compliance. Such observation is meaningless since you cannot verify remotely what plug-ins are active on a browser. So even if you have observed that a certain browser and plug-in combo violate the rule you are suggesting (with or without resorting to decompilation of both, which may or may not be IPR infringement), you cannot reliably observe for a certain interaction that that browser and plug-in combo is in play. Because there is nothing that prevents a plug-in that already willfully inserts a DNT:1 signal in the HTTP-requests to override browser preferences from removing any evidence of its presence from any HTTP-requests and to filter out any API-calls by fingerprinting Javascript. So from the very start a completely pointless exercise. We all have much better things to do than soiling this process with fundamentally senseless issues like this. Just stop it. Regards, Walter
Received on Tuesday, 8 April 2014 19:59:35 UTC