- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Sat, 30 Jul 2016 21:28:22 +0100
- To: <public-tracking@w3.org>
- Cc: "'John Simpson'" <john@consumerwatchdog.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The online publishing platform medium.com has been supporting the Tracking Status Resource and the Tracking Status response header for a while but I have just noticed it is now using the out-of-band consent protocol, returning the Tk: C response when you are logged in and have DNT set. They explain in their privacy policy: “We respect Do Not Track (“DNT”) settings in browsers. If you’re logged out of our Services and have DNT enabled, we will not set cookies. By logging in you are opting to allow Medium to ignore the DNT setting and to use cookies in order to provide you a personalized experience.” The reaction to the DNT header seems to be as follows: User not logged in DNT :0 or unset Tk: T places UID cookies (sid, uid,__cfduid all with 1 year expiry ) - Google Analytics script is enabled DNT: 1 Tk: N No new UID cookies placed (though currently it does not remove them if they are already there) and Google Analytics script disabled User logged in DNT:0 or unset Tk:T places UID cookies (sid, uid,__cfduid all with 1 year expiry - xsrf 1day expiry ) - Google Analytics script is enabled DNT:1 TK:C places UID cookies (sid, uid,__cfduid all with 1 year expiry - xsrf 1day expiry) - Google Analytics script is disabled All in all this is a pretty good implementation in my opinion, by a significant online publisher, which indicates that DNT is being taken up by sites. It is a great shame that the browser companies have been slow to implement the JavaScript API, but this site at least overcoming that challenge by using the out-of-band technique. Mike O'Neill Technical Director Baycloud Systems Oxford Centre for Innovation New Road Oxford OX1 1BY Tel. 01865 735619 Fax: 01865 261401 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using gpg4o v3.5.54.6734 - http://www.gpg4o.com/ Charset: utf-8 iQIcBAEBAgAGBQJXnQ3lAAoJEOX5SQClVeMPSF0P/1Nsr5Sxw9+y9bLLvuAlv+N2 5VV9CivQXFWO/9j9FMKmHh+UEehJqMOmV6SHgB/sbnEyOpKJgk5yohPfgX2Wol9j 4MNwS7Ot4kkoEBIDpOt7M0+d0tr+V2HwMHs3h4LmtUuV2YbPThrdlc7dl9VqD0dD ENoUWaCPizq0ppwWMXEXzMJ44fIi6QVFZd0VnMOFFZHRMMbWI2MRX5goieh0DekL 1Ka294YbdBN43ls5zUBUDFClwi2uFDihk2HdBqUW77r/Wou7nANpSIA25OGO3uHS WFBTtRcaHekch7EyyN0sp48TWZqToRT/ETcyXE/ar0HDyekwywN4IdFoPf8IzMBR G/NK0zywCZqRXdRd5W38KiH1mPqAiL3OpKY4wGbYU1L3PbeleswtE+HFLdstUSGT iIeyttiEqWGrgFldVY6D/d4mMtSkWwBXCS04X/331Q6PJi5zHKSNUveamdy9oigZ 7COTPURwcuGX8d3L7N+V8HGsvVsQh/Hk2QUg7tfl07+xkt/71JdPIMx2NWPkwG78 Z+Pk68Xcq4S52uUWYuJKl+RDxo7CqZ6ZZYFnvD2kFfVWpErXkK1Y3/c66DHFqwz4 Q1wdgXSJfEkiyyZen7+o+I3Sra4T84Bjb+7L6KKZFxE/eSf5KUaI83trWQc86f23 N7S/r/KTLpdrXRa4RqzR =356U -----END PGP SIGNATURE-----
Received on Saturday, 30 July 2016 20:29:02 UTC