- From: Rob van Eijk <rob@blaeu.com>
- Date: Sat, 30 Jul 2016 23:17:28 +0200
- To: Mike O'Neill <michael.oneill@baycloud.com>
- Cc: public-tracking@w3.org, 'John Simpson' <john@consumerwatchdog.org>
Not to forget, medium.com supports the wellknown location:
medium.com/.well-known/dnt/
The URI returns the following JSON:
{
"tracking": "T",
"policy": "https://medium.com/p/f03bf92035c9",
"controller": "https://medium.com/policy",
"same-party": ["medium.com",
"cdn-static-1.medium.com",
"d262ilb51hltx0.cloudfront.net"],
"config": "https://medium.com/me/settings"
}
Kind regards,
Rob
Mike O'Neill schreef op 2016-07-30 22:28:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The online publishing platform medium.com has been supporting the
> Tracking Status Resource and the Tracking Status response header for a
> while but I have just noticed it is now using the out-of-band consent
> protocol, returning the Tk: C response when you are logged in and have
> DNT set. They explain in their privacy policy:
>
> “We respect Do Not Track (“DNT”) settings in browsers. If you’re
> logged out of our Services and have DNT enabled, we will not set
> cookies. By logging in you are opting to allow Medium to ignore the
> DNT setting and to use cookies in order to provide you a personalized
> experience.”
>
> The reaction to the DNT header seems to be as follows:
>
> User not logged in
> DNT :0 or unset Tk: T places UID
> cookies (sid, uid,__cfduid all with 1 year expiry ) - Google
> Analytics script is enabled
> DNT: 1 Tk: N No
> new UID cookies placed (though currently it does not remove them if
> they are already there) and Google Analytics script disabled
>
> User logged in
> DNT:0 or unset Tk:T places UID
> cookies (sid, uid,__cfduid all with 1 year expiry - xsrf 1day expiry )
> - Google Analytics script is enabled
> DNT:1 TK:C
> places UID cookies (sid, uid,__cfduid all with 1 year expiry - xsrf
> 1day expiry) - Google Analytics script is disabled
>
> All in all this is a pretty good implementation in my opinion, by a
> significant online publisher, which indicates that DNT is being taken
> up by sites. It is a great shame that the browser companies have been
> slow to implement the JavaScript API, but this site at least
> overcoming that challenge by using the out-of-band technique.
>
>
>
>
>
>
> Mike O'Neill
> Technical Director
> Baycloud Systems
> Oxford Centre for Innovation
> New Road
> Oxford
> OX1 1BY
> Tel. 01865 735619
> Fax: 01865 261401
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using gpg4o v3.5.54.6734 - http://www.gpg4o.com/
> Charset: utf-8
>
> iQIcBAEBAgAGBQJXnQ3lAAoJEOX5SQClVeMPSF0P/1Nsr5Sxw9+y9bLLvuAlv+N2
> 5VV9CivQXFWO/9j9FMKmHh+UEehJqMOmV6SHgB/sbnEyOpKJgk5yohPfgX2Wol9j
> 4MNwS7Ot4kkoEBIDpOt7M0+d0tr+V2HwMHs3h4LmtUuV2YbPThrdlc7dl9VqD0dD
> ENoUWaCPizq0ppwWMXEXzMJ44fIi6QVFZd0VnMOFFZHRMMbWI2MRX5goieh0DekL
> 1Ka294YbdBN43ls5zUBUDFClwi2uFDihk2HdBqUW77r/Wou7nANpSIA25OGO3uHS
> WFBTtRcaHekch7EyyN0sp48TWZqToRT/ETcyXE/ar0HDyekwywN4IdFoPf8IzMBR
> G/NK0zywCZqRXdRd5W38KiH1mPqAiL3OpKY4wGbYU1L3PbeleswtE+HFLdstUSGT
> iIeyttiEqWGrgFldVY6D/d4mMtSkWwBXCS04X/331Q6PJi5zHKSNUveamdy9oigZ
> 7COTPURwcuGX8d3L7N+V8HGsvVsQh/Hk2QUg7tfl07+xkt/71JdPIMx2NWPkwG78
> Z+Pk68Xcq4S52uUWYuJKl+RDxo7CqZ6ZZYFnvD2kFfVWpErXkK1Y3/c66DHFqwz4
> Q1wdgXSJfEkiyyZen7+o+I3Sra4T84Bjb+7L6KKZFxE/eSf5KUaI83trWQc86f23
> N7S/r/KTLpdrXRa4RqzR
> =356U
> -----END PGP SIGNATURE-----
Received on Saturday, 30 July 2016 21:18:00 UTC