Re: Issue-207 from Roy T. Fielding on 2014-05-08 (public-tracking@w3.org from May 2014)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 8 May 2014 11:18:08 -0700
To: Walter van Holst <walter.van.holst@xs4all.nl>
Cc: public-tracking@w3.org
Message-Id: <B68D7A9C-F075-4892-BDC8-698352ADB16A@gbiv.com>

On Apr 30, 2014, at 9:52 AM, Walter van Holst wrote:

> On 21/04/2014 22:01, Rob van Eijk wrote:
>> 
>> A user's and regulators expectation is that DNT "should opt out  of
>> collection  of  behavioral  data  for  all  purposes  other  than
>> those  that  would  be consistent  with  the  context  of
>> the interaction; DNT should  be  comprehensive, effective,  and
>> enforceable.  It  should (...) not  permit technical  loopholes." (cf.
>> FTC)
>> 
>> The D-response with an standard explenation in the privacy policy is a
>> techical loophole in the standard. It reduces user transparancy and
>> damages user control. Moreover, it allows for discrimition based on the
>> judgement of a server of the correctness of the implementation in the
>> user agent. That judgement should not be made on the back of the user
>> while he is using the Web.
>> 
>> Pleae correct me if I am wrong, but isn't it fair to say that the
>> company making such a judgement should not have the user pay for this
>> judgement, but instead engage with the company who is resonsible for the
>> user agent, and/or file a complaint with the regulator or competent
>> authority?
>> 
> 
> Not only that, I would consider it a deceptive marketing tactic to claim
> to honour DNT and subsequently disregard signals based on UA.

Our goal is to encourage people to honor DNT because it reflects the user's
preference, not the preferences of marketing PR, publicity stunts, or
partisan advocates.  The only deceptive marketing tactic here is sending
a preference signal when no preference has been set by the user.

Given the current prevalence of false signals, it should be no surprise
that recipients will disregard signals sent by a UA that is incapable
or unwilling to implement the protocol correctly.

I assume that servers will state they honor DNT except when received from
a specific list of user agents.  There is nothing deceptive about that,
particularly when combined with the "D" response. That is far preferable,
in my opinion, than nobody honoring DNT just because of a few bad actors.

....Roy

Received on Thursday, 8 May 2014 18:18:55 UTC