Re: issue-170

Who's going to certify how DNT:0 was set? I agree with Roy, let industry self-regulation oversight programs (i.e. Council of Better Business Bureaus in the US) or regulators deal with bad actors, per enforcement of local codes, regulation, and laws. The bad actors aren't going to follow this spec anyway. In my experience around self-regulatory enforcement, the good actors have a vested interest in reporting the bad actors when they find them (simple market dynamics).

Industry needs an easy to determine signal to process at scale. If you see DNT:0, you have consent- simple as that.

Chris Mejia

> On Jun 6, 2014, at 3:47 PM, "Mike O'Neill" <> wrote:
> Hash: SHA1
> Hi Chris,
> What is not implementable at scale & in real-time, the UGE? I can assure you it can and in fact already has.
> Mike
>> -----Original Message-----
>> From: Chris Mejia []
>> Sent: 06 June 2014 19:50
>> To: Roy T. Fielding; Mike O'Neill
>> Cc: W3C DNT Working Group Mailing List
>> Subject: Re: issue-170
>> Agree with Roy on this. Logistically/technically speaking, the proposal is
>> not implementable at scale, in real-time.
>> --
>> Chris Mejia
>>> On 6/6/14, 10:56 AM, "Roy T. Fielding" <> wrote:
>>>> On Jun 4, 2014, at 5:38 AM, Mike O'Neill wrote:
>>>> If a 1st Party receives a request with DNT:0 set then data regarding
>>>> the user MAY be used or shared but, if the header signal resulted from
>>>> an explicitly-granted exception, only for the purposes that were clearly
>>>> and comprehensively explained when the exception was granted.
>>> There is no need for this text.  If a server receives DNT:0,
>>> it will behave according to its own set of practices for DNT:0.
>>> It is not going to change its practices on a per-user basis.
>>> If those practices exceed whatever the server might have stated in some
>>> request for a UGE, the server owner is inviting regulatory action or
>>> lawsuits.  We do not need to say anything about servers that mislead.
>>> If the server does not request UGEs (and thus only receives DNT:0 when
>>> set web-wide), then it has no control over what was explained to the user
>>> and is instead relying on the browser configuration.  What the browser
>>> configuration means is largely outside the scope of compliance, though
>>> we all hope that they will eventually become consistent.
>>> ....Roy
> Version: GnuPG v1.4.13 (MingW32)
> Comment: Using gpg4o v3.3.26.5094 -
> Charset: utf-8
> 6vNiU1hgnGzI3cpBeOdSgcaPfwS6IMRfpe+LNQKvuXZHlfEKsnUYpgtqiqkSdQZV
> ej35JIN8pSPCxAp7MXoQxQ0uihh/oNMF/nM8fJdb4mAPDyt/yiJ3QcVO/p7mimP2
> EYaQVtSQDqL75wCyeQcBXVSL10FhuVkvqW22DFp95fb+5P1XvG5jnux1GJvjQfB4
> ZIArJ8/y5rNtURwvoBZc0mS/sc4iPYK0d77qlzLp/zHVCO7JsWdd/syuQ806M0CR
> E3nArZqmrx8EQIzPq47Q7ssA9/7qRyCk7hFqHYADMN3qqBnVeDvJojVD4Ix/irU=
> =g/oK

Received on Saturday, 7 June 2014 20:18:55 UTC