- From: David Singer <singer@apple.com>
- Date: Tue, 14 Oct 2014 10:57:45 -0700
- To: Mike O'Neill <michael.oneill@baycloud.com>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Nicholas Doty <npdoty@w3.org>, Tracking Protection Working Group <public-tracking@w3.org>
On Oct 11, 2014, at 5:46 , Mike O'Neill <michael.oneill@baycloud.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >> True, but the question of “how do I expire a UGE?” came up, and *one* way to >> do it is to use a cookie. I think it may work acceptably well for some or many. > > Hardly anyone will do that, it is too complicated. > >> >> Somehow we’ve got from “can I use a cookie as the timer to help me expire a >> UGE?” to “can I rely on a cookie to record a UGE?”. The answer to the first is >> yes, if you like. But it doesn’t give you the right to ignore the DNT header and >> treat the cookie as definitive. >> >> If the DNT header comes as zero, and the cookie doesn’t arrive, then you >> eyebrows go up and you probably re-confirm the exception and re-set the >> cookie. > > You cannot re-confirm unless the resource returns html, and sometimes not even then. But Mike, think of the two cases. 1) Site-wide. The first party that requested it *is* the site the user visited. No problem here. 2) Web-wide. True, if all you load is a tracking pixel or other non-scripted resource, you cannot confirm the exception. But if the user never visits your main site, *should* you be maintaining or reconfirming the exception? > In my use case re-conformation is impossible. DNT will always be zero (because it will not be cancelled) , and the cookie is not there either a) it has expired or b) it was purged or c) it was never placed (the DNT:0 signalled a general preference). OK, so it’s true that if you use cookies to expire, and a DNT:0 is received without the cookie, you cannot tell if that’s because the cookie has expired (so DNT:0 is now questionable) or because the user has set a DNT:0 general preference. And setting another cookie that has a different expiry doesn’t solve it, either, because if the user deletes cookies, you’ll lose that as well. This *is* a problem. > This is why it is hard to get software that relies on non-atomic states to work, and hardly anybody will try. So the question is whether the exception-expiry is a necessary part of the API. I guess we need WG consensus. David Singer Manager, Software Standards, Apple Inc.
Received on Tuesday, 14 October 2014 17:58:21 UTC