- From: James Pitkow <pitkow@cc.gatech.edu>
- Date: Wed, 19 Jul 1995 00:58:48 -0400 (EDT)
- To: fielding@beach.w3.org (Roy Fielding)
- Cc: connolly@beach.w3.org, www-talk@w3.org
Hello, Roy wrote: >Henrik and I talked about that as well. The From header can indeed >include this information in the form of a comment (keeping in mind >that it may already include a comment. Thus, > > From: (#342%33a4d443 12) This point was raised back in April in response to the "cookie" header proposed by Netscape. It seemed clear then and it still seems clear now that no extension needs to be made made to the current protocol to support session ids (use the From: field). But again, this misses the point. Session Id and other meta & profiling information are rightfully first class data objects and ought to be treated as such. HTTP does not currently do this and it would really enable a lot if it did. [business cards] >>The server could take the business card auth data and fill in the >>form fields in advance. So my proposal covers your needs. Your >>proposal _doesn't_ allow for the no-user-interaction case, which >>I think is critical. > >The user would then have complete control of the content, including >whether or not to press the submit button, and the information is >only transmitted once. The content provider can also make it optional, >only ask for specific standard names (like zipcode), or request >additional information within the same form. The UI fields of adaptive interfaces, user modeling and profile building all agree with the notion of making sure the user has complete control over their profile, including to whom this information is being made known to, Do we really want to make the Web a place we you have to drop a business card that contains personal information to get information? I think that imposing the barrier that the user has to perform an action to broadcast their profile information is the correct default mode, not the other way around. In no way is the no-user-interaction method in agreement with previous research in the area. Critical to whom anyway? Companies that will only let you see their pages if you give them demographic info? Sounds like blackmail - some pay, others don't. Earlier Dan wrote: >>Again, this really gets into the notion of user profiling and profile >>maintainence. I'm extremely wary of systems that enable log files to >>be collated and intelligent algorithms applied. > >If it ends up in higher quality of service, why are you so worried? Because I personally place privacy above quality of service. Though I was not at the discussions, this line of argumentation was used for the formation of financial data collectors like TRW. "But we are providing a valuable service to customers and business who want to be able to determine credit history..." Credit history - Information access history. Do we really want to end up having to struggle to get our basic rights back from companies that hold terabytes of information about us in a few years or do we deal with the issue now? I think that there is a real need to be concerned about the what models and policies we adopt as we move into this new era and that this is not spreading Fear, Uncertainty, and Doubt. Jim.
Received on Wednesday, 19 July 1995 01:01:10 UTC