Re: tracking-ISSUE-260: method for validating DNT signal from user [TPE Last Call]

On Sep 23, 2014, at 10:11 , Mike O'Neill <michael.oneill@baycloud.com> wrote:

> 3) It could have been inserted by an intermediary.
> 
> Nothing can be done about that, other than requiring DNT to reflect the user's preference. 
> 
> If an intermediary can edit the outgoing packets it can change any header, including the cookies. It would be just as easy to insert properly formatted opt-out cookies to be sent to all servers, so NAI/IAB self-regulation has the same problem. In fact most tracking could be stopped just by an intermediary selectively removing cookies. 

Actually, intermediaries cannot easily affect the Javascript property (or more precisely, change what enquiries of the JS property appear to return), so it’s fairly easy to check the header if you are suspicious.


David Singer
Manager, Software Standards, Apple Inc.

Received on Tuesday, 23 September 2014 18:53:00 UTC