- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 8 Oct 2014 11:30:51 -0700
- To: Nicholas Doty <npdoty@w3.org>
- Cc: Tracking Protection Working Group <public-tracking@w3.org>
On Oct 7, 2014, at 5:32 PM, Nicholas Doty wrote: > Summary of some recent revisions to the Compliance draft (including the diff below). > > Thanks, > Nick > > > ## deidentification > > Added definition agreed via Call for Objections. Changed all instances to refer to "permanently deidentified" (or similar). Non-normative section currently immediately follows the definition (and includes the geolocation note from before), but we could move this elsewhere if it reads as too verbose. Okay, but it is supposed to be hyphenated (de-identified and re-identified). These changes are now reflected in my i203b proposal as well. The other editorial changes were already fixed. I do have questions about two earlier changes: % cvs diff -r1.125 -r1.126 tracking-compliance.html Index: tracking-compliance.html =================================================================== RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html,v retrieving revision 1.125 retrieving revision 1.126 diff -u -r1.125 -r1.126 --- tracking-compliance.html 1 Oct 2014 06:54:43 -0000 1.125 +++ tracking-compliance.html 1 Oct 2014 07:02:11 -0000 1.126 @@ -551,21 +551,8 @@ signals" may be received. </p> <p> - As a general principle, more specific settings override less - specific settings. + As a general principle, more specific settings override less specific settings, as where the specific consent in user-granted exceptions overrides a general preference. If a party perceives a conflict between settings, a party MAY seek clarification from the user or MAY honor the more restrictive setting. </p> - <ol start="1"> - <li>No DNT Signal / No Opt-Out: Treat as DNT unset</li> - - <li>DNT:1 Signal / No Opt-Out: Treat as DNT: 1</li> - - <li>Opt-Out / No DNT:1 Signal: Treat as DNT: 1</li> - - <li>Opt-Out / DNT User-Granted Exception: Treat as DNT: 0 for that - site; DNT User-Granted Exception is honored</li> - </ol> - <p class="issue" data-number="210" title="Interaction with existing privacy controls"></p> - <p class="issue" data-number="207" title="Conditions for dis-regarding (or not) DNT signals"></p> </section> <section> <h3>Unknowing Collection</h3> =================================================================== The above section no longer applies in my proposal and should not be in compliance. There are only two possibilities: prior consent or DNT. Prior consent always overrides DNT, regardless of the intent of that consent (e.g., the consent might even limit tracking more than DNT:1). The text above implies UGE is some additional signal; it is not. UGE would be reflected in a different DNT header field. Hence, the last sentence above is simply incorrect -- there is no opportunity for multiple signals to be received other than consent + DNT, in which case consent is *not* a conflict -- it is designed to override so that a user doesn't have to twiddle their general preference. Also, the following change is apparently a clarification to the definitions currently in TPE. Should I add it to TPE? ....Roy % cvs diff -r1.123 -r1.124 tracking-compliance.html Index: tracking-compliance.html =================================================================== RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-compliance.html,v retrieving revision 1.123 retrieving revision 1.124 diff -u -r1.123 -r1.124 --- tracking-compliance.html 6 Aug 2014 04:44:06 -0000 1.123 +++ tracking-compliance.html 1 Oct 2014 06:49:47 -0000 1.124 @@ -8,9 +8,7 @@ var respecConfig = { specStatus: "ED", shortName: "tracking-compliance", - previousPublishDate: "2012-04-30", previousMaturity: "WD", - //previousURI: "http://www.w3.org/TR/2013/WD-tracking-compliance-20130430/", edDraftURI: "http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html", editors: [ { name: "Nick Doty", url: "http://npdoty.name", @@ -174,6 +172,9 @@ co-branding on the resource might lead a user to expect that multiple parties are responsible for the content or functionality. </p> + <p> + Network interactions and subrequests related to a given user action may not constitute intentional interaction when, for example, the user is unaware or only transiently informed of redirection or framed content. + </p> </section> <section id="third-party"> ===================================================================
Received on Wednesday, 8 October 2014 18:31:12 UTC