- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Wed, 15 May 2013 07:49:40 +0100
- To: <public-tracking@w3.org>
- Message-ID: <000e01ce5138$5ffd3050$1ff790f0$@baycloud.com>
It was hoped that the TPE spec could meet the requirements for "browser settings" referred to in recital 66 of the EU Privacy Directive. This has not been done, other than the ability to signal DNT:0 to embedded third-parties (which is nevertheless diminished by the confusion between the meaning of DNT unset in different jurisdictions). Given that tracking relies on storing unique identifiers in the browser, so that subsequent HTTP transactions from the same device/user can be associated with each other and the user's web history collected, it would be relatively simple to extend user control over these identifiers. We could introduce a new member to the Tracking Status Resource JSON called, say, remove-storage. This contains the URI of a resource that will return a set-cookie or set-cookie2 header that deletes all cookies indicated in the request and also return an HTML document containing script that would delete localStorage. This would allow the user to cause their UA to send a GET to this resource to remove identifiers that may be used in a third-party context. If it was thought that it is too late to introduce a protocol element at this stage we could add this as a requirement on origin servers if the resource indicated by the "edit" TSR member is accessed with DNT:1. This would only require some non-normative text to be added to the TRF description. Mike
Received on Wednesday, 15 May 2013 06:50:19 UTC