W3C home > Mailing lists > Public > public-tracking@w3.org > October 2014

RE: tracking-ISSUE-266: automatic expiration of a tracking preference exception via API parameter [TPE Last Call]

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Sat, 11 Oct 2014 13:46:08 +0100
To: "'David Singer'" <singer@apple.com>, "'Roy T. Fielding'" <fielding@gbiv.com>
Cc: "'Nicholas Doty'" <npdoty@w3.org>, "'Tracking Protection Working Group'" <public-tracking@w3.org>
Message-ID: <10e401cfe551$55931d10$00b95730$@baycloud.com>
Hash: SHA1

> True, but the question of “how do I expire a UGE?” came up, and *one* way to
> do it is to use a cookie.  I think it may work acceptably well for some or many.

Hardly anyone will do that, it is too complicated.

> Somehow we’ve got from “can I use a cookie as the timer to help me expire a
> UGE?” to “can I rely on a cookie to record a UGE?”. The answer to the first is
> yes, if you like.  But it doesn’t give you the right to ignore the DNT header and
> treat the cookie as definitive.
> If the DNT header comes as zero, and the cookie doesn’t arrive, then you
> eyebrows go up and you probably re-confirm the exception and re-set the
> cookie.

You cannot re-confirm unless the resource returns  html, and sometimes not even then.

In my use case re-conformation is impossible. DNT will always be zero (because it will not be cancelled) , and the cookie is not there either a) it has expired or b) it was purged or c) it was never placed (the DNT:0 signalled a general preference).

This is why it is hard to get software that relies on non-atomic states to work, and hardly anybody will try.

Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

Received on Saturday, 11 October 2014 12:46:43 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:24 UTC