Re: issue-170

Agree with Roy on this. Logistically/technically speaking, the proposal is
not implementable at scale, in real-time.

Chris Mejia

On 6/6/14, 10:56 AM, "Roy T. Fielding" <> wrote:

>On Jun 4, 2014, at 5:38 AM, Mike O'Neill wrote:
>> If a 1st Party receives a request with DNT:0 set then data regarding
>>the user MAY be used or shared but, if the header signal resulted from
>>an explicitly-granted exception, only for the purposes that were clearly
>>and comprehensively explained when the exception was granted.
>There is no need for this text.  If a server receives DNT:0,
>it will behave according to its own set of practices for DNT:0.
>It is not going to change its practices on a per-user basis.
>If those practices exceed whatever the server might have stated in some
>request for a UGE, the server owner is inviting regulatory action or
>lawsuits.  We do not need to say anything about servers that mislead.
>If the server does not request UGEs (and thus only receives DNT:0 when
>set web-wide), then it has no control over what was explained to the user
>and is instead relying on the browser configuration.  What the browser
>configuration means is largely outside the scope of compliance, though
>we all hope that they will eventually become consistent.

Received on Friday, 6 June 2014 18:50:09 UTC