- From: David Singer <singer@apple.com>
- Date: Tue, 29 Sep 2015 12:41:56 -0700
- To: Mike O'Neill <michael.oneill@baycloud.com>
- Cc: public-tracking@w3.org, Adrian Bateman <adrianba@microsoft.com>, Mounir Lamouri <mounir@lamouri.fr>, Mike West <mkwst@google.com>
> On Sep 29, 2015, at 1:19 , Mike O'Neill <michael.oneill@baycloud.com> wrote:
>
> That's why I suggested leveraging Permissions. The current system will work,
> but if the confirm call is not the first executed in a document then some
> construction using setTimeout or setInterval is necessary. Some implementers
> will find that annoying.
>
> What harm could there be in exploring an additional path?
1) It’s a technical change that delays progression.
2) It reverses a decision of the WG without any new technical information.
I think we should fix the text to say that the UA may check with the user, not prior to, but when it has stored the exception. (“Skanky Networks just stored an exception, claiming your informed consent. Do you agree, or want to review it, or delete it?”)
So now your workflow is simple. User arrives at site; do I get a DNT:0 header? No, ask user for exception; if informed consent is given, store it and carry on. Otherwise go to the alternative content for DNT:1 people. (Note that no confirm call is really needed, but you could use confirm instead of looking for the header).
>
> -----Original Message-----
> From: singer@apple.com [mailto:singer@apple.com]
> Sent: 28 September 2015 23:19
> To: Mike O'Neill <michael.oneill@baycloud.com>
> Cc: public-tracking@w3.org; Adrian Bateman <adrianba@microsoft.com>; Mounir
> Lamouri <mounir@lamouri.fr>; Mike West <mkwst@google.com>
> Subject: Re: Promises
>
>
>> On Sep 28, 2015, at 12:21 , Mike O'Neill <michael.oneill@baycloud.com>
> wrote:
>>
>> It is the responsibility of the site, but it could also be that a UA wants
>> to double-check. The TPS says it, I would strongly resist that being
>> portrayed as a bug.
>>
>> Irrespective, my point is that asynchronism is intrinsic to the UA
>> environment, and the Promise concept responds to that. I agree we should
> not
>> poke into the existing text unless we have to, but the Permission API
> gives
>> us a parallel path. If we don't follow it others may anyway.
>
> OK, but Mike — we had a formal last-call comment from Anne suggesting we use
> promises, and our consensus reply was that the call was immediate and not
> asynchronous. It would be a significant change of direction now.
>
>
>>
>> I am volunteering to attempt it.
>>
>> Mike
>>
>> -----Original Message-----
>> From: singer@apple.com [mailto:singer@apple.com]
>> Sent: 28 September 2015 18:40
>> To: Mike O'Neill <michael.oneill@baycloud.com>
>> Cc: public-tracking@w3.org; Adrian Bateman <adrianba@microsoft.com>;
> Mounir
>> Lamouri <mounir@lamouri.fr>; Mike West <mkwst@google.com>
>> Subject: Re: Promises
>>
>>
>>> On Sep 28, 2015, at 9:38 , Mike O'Neill <michael.oneill@baycloud.com>
>> wrote:
>>>
>>> You only know that you have requested it, not that it has been granted.
>>
>> It’s been granted. This was a long conversation we had; since it’s the
> task
>> of the SITE to get the user’s permission, there is nothing in real-time
> for
>> the user-agent to do.
>>
>>> The use could also have set the UA never to grant an exception, so even
> if
>>> there is no prompt you still have to check.
>>
>> Then the site should not be calling store…
>>
>>>
>>> From the TPS:
>>>
>>> The user agent MAY provide interfaces to the user:
>>>
>>> To indicate that a call to store an exception has just been made;
>>> To allow the user to confirm a user-granted exception prior to storage;
>>
>> that line may be a bug
>>
>>> To indicate that one or more exceptions exist for the current top-level
>>> origin;
>>> To indicate that one or more exceptions exist for sites incorporated into
>>> the current page;
>>> To allow the user to see and possibly revoke stored exceptions;
>>> Other aspects of the exception mechanism, as desired.
>>> There is no required user interface for the user agent; a user agent
>>> MAYchoose to provide no user interface regarding user-granted exceptions.
>>
>> all the rest are right; the user can later revoke
>>
>>>
>>> Mik4
>>>
>>>
>>> -----Original Message-----
>>> From: singer@apple.com [mailto:singer@apple.com]
>>> Sent: 28 September 2015 17:02
>>> To: Mike O'Neill <michael.oneill@baycloud.com>
>>> Cc: public-tracking@w3.org; Adrian Bateman <adrianba@microsoft.com>;
>> Mounir
>>> Lamouri <mounir@lamouri.fr>; Mike West <mkwst@google.com>
>>> Subject: Re: Promises
>>>
>>>
>>>> On Sep 28, 2015, at 3:01 , Mike O'Neill <michael.oneill@baycloud.com>
>>> wrote:
>>>>
>>>> In the last call I reported on some experience of implementing the API,
>>> all of which I will write up soon, but for now I want to expand a point I
>>> made.
>>>>
>>>> The usual pattern will probably be for script on a first party page ,
>>> after storing an exception, to check the tracking status
>>> (confirmSiteSpecificTrackingException or confirmWebWideTrackingException,
>> or
>>> look at the doNotTrack property).
>>>>
>>>> Even if the UA does not prompt the user but stores the exception
>>> immediately, the status returned from the synchronous property or
> function
>>> will not have been updated (unless the UA implementation includes an
>>> implicit “yield”). Some construction like:
>>>>
>>>> storeSiteSpecificTrackingException(propertyBag);
>>>> setTimeout(function(){
>>>> var result =
>>> confirmSiteSpecificTrackingException(propertyBag);
>>>> // take action on result
>>>> }, arbitraryDelay);
>>>>
>>>> is necessary.
>>>
>>> No, it’s not. You *know* you have the exception, so you just go ahead.
>>> There is no need to call the confirm API at all, at the time you call
>> Store.
>>>
>>> We talked about this, and we decided that we didn’t need any kind of
>> async.
>>>
>>>> If a UA implementation of the API only registers the grant after
>>> confirming it with the user, then this code would have to be executed
>>> continuously. The arbitraryDelay adds annoying latency when in many cases
>> it
>>> is unnecessary. Returning a Promise is a much better way to handle this
>> but
>>> that is not how the spec is currently.
>>>>
>>>> I have been looking at the draft Permissions API
>>> http://www.w3.org/TR/permissions/ and I wonder if we could leverage this
>> to
>>> create an additional alternate for the synchronous confirm call we have
>> now.
>>>>
>>>> The Permissions interface has a function, query, that returns a Promise.
>>> At the moment the only PermissionNames defined are “geolocation”,
>>> “notifications”, “push-notifications” and “midi-sysex”.
>>>>
>>>> We could define a new Permission, with PermissionName “tracking”, with
>> the
>>> appropriate TPS propertyBag properties e.g. arrayOfDomainStrings defined
>> in
>>> the new Permission’s dictionary. We would then have an alternative way
> for
>>> script to get the status using a method more in keeping with the
>>> asynchronous style. We do not need to change the TPS, just create an
>>> alternative path via a supplement to the Permissions API.
>>>>
>>>> Can we talk about this next call?
>>>>
>>>> Mike
>>>>
>>>>
>>>> Mike O'Neill
>>>> Technical Director
>>>> Baycloud Systems
>>>> Oxford Centre for Innovation
>>>> New Road
>>>> Oxford
>>>> OX1 1BY
>>>> Tel. 01865 735619
>>>> Fax: 01865 261401
>>>> <image003.png>
>>>> Email: michael.oneill@baycloud.com
>>>> <image004.png>Professional Profile
>>>> See who we know in common
>>>> Want a signature like this?
>>>
>>> David Singer
>>> Manager, Software Standards, Apple Inc.
>>>
>>>
>>>
>>
>> David Singer
>> Manager, Software Standards, Apple Inc.
>>
>>
>>
>
> David Singer
> Manager, Software Standards, Apple Inc.
>
>
>
David Singer
Manager, Software Standards, Apple Inc.
Received on Tuesday, 29 September 2015 19:42:37 UTC