- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Tue, 29 Aug 2017 18:27:23 +0100
- To: <singer@apple.com>, "'Roy T. Fielding'" <fielding@gbiv.com>
- Cc: <public-tracking@w3.org>
David, Yes, you should not need to remember consent in a cookie if you can set DNT to 0, and both ends know what it means, as well as regulators, researchers etc. Also It would be less confusing to developers if the empty array just meant "no (subresource) targets", we can signal "any and all subresources" with targets==undefined (absent) or null. And yes Roy, I mean the domain that the script can get from its version of document.domain. Mike -----Original Message----- From: singer@apple.com [mailto:singer@apple.com] Sent: 29 August 2017 01:52 To: Mike O'Neill <michael.oneill@baycloud.com> Cc: public-tracking@w3.org Subject: Re: site-specific with no targets > On Aug 28, 2017, at 14:15 , Mike O'Neill <michael.oneill@baycloud.com> wrote: > > The text says that an empty array is same as null or undefined for > site-specific targets. It would be better if an empty array just meant there > were no targets so only the script-origin (or a subdomain of it) received > DNT:0 > > Otherwise, if only wanted to register consent for the script origin and not > any subresources, you would have to set targets to contain a non-existent > subresource, or the script-origin domain., which is weird. > > If you have consent from the user, and you want DNT:0 to come back only to you, and not be sent to anyone else, you really don’t need the DNT signal. Its greatest value is in sending DNT:0 to third parties with whom it is otherwise very hard to communicate. You *could* remember “I have consent” in any way you like. But, it would be tidier to use DNT. I’ll check, but I assume we can have it that — parameter missing (not in dictionary) means everyone, and parameter present but set to the empty array means no-one else. David Singer Manager, Software Standards, Apple Inc.
Received on Tuesday, 29 August 2017 17:28:18 UTC