RE: tracking-ISSUE-264: requirement on UAs for setting cookies [TPE Last Call] from Mike O'Neill on 2014-07-13 (public-tracking@w3.org from July 2014)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Sun, 13 Jul 2014 16:14:43 +0100
To: "'Walter van Holst'" <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>
Message-ID: <00a501cf9ead$2d262880$87727980$@baycloud.com>

I imagine this is about the default third-party cookie blocking of Safari etc., which I agree would be less necessary if all servers honoured  e-privacy or at least DNT:1. But if this is something users want their UA to do it would be wrong to withhold the ability. 
It might still be worth mentioning that UAs and extensions could use the DNT:0 signal to qualify default third-party cookie or script blocking, which would be helpful to the free usability of the web. It would also encourage advertisers and others that respect consent (arbitrary script and cookie blocking is bad for "consented to" behavioural and contextual advertising).
One of the advantages of DNT is that it creates a transparent indication of consent that makes it less necessary to rely on extensions and UAs enforcing arbitrary and crude regulation of web traffic.

> -----Original Message-----
> From: Walter van Holst [mailto:walter.van.holst@xs4all.nl]
> Sent: 13 July 2014 14:24
> To: public-tracking@w3.org
> Subject: Re: tracking-ISSUE-264: requirement on UAs for setting cookies [TPE
> Last Call]
> 
> On 13/07/2014 04:19, Tracking Protection Working Group Issue Tracker wrote:
> 
> > http://www.w3.org/2011/tracking-protection/track/issues/264
> >
> > Raised by: Xuemei Yan On product: TPE Last Call
> >
> > http://lists.w3.org/Archives/Public/public-tracking-comments/2014Jun/att-
> 0013/comments_on_working_draft_of_tracking_preference_expression_DNT_.
> doc
> >
> >  Comment: A user agent MUST NOT block the transmission of any Cookie,
> > also MUST NOT block the operation of setting cookie upon the receipt
> > of any request. Reason: In general, A user agent will configurate an
> > option for user to close the cookie. If removal of the cookie, the
> > internet service can not be used in normal condition.
> 
> Am a somewhat puzzled about this rather substantive proposal as part of
> the last-call process by a group member that has not given input on this
> topic till the last call. Is the last call process meant for this?
> 
> On substance: it is wholly unclear to me what is meant by "block the
> transmission of any cookie". My UA cookie management extensions do not
> block the transmission of cookies per se, but forward them to /dev/null
> where they for the most part belong. Or is this aimed at intermediary
> equipment, which aren't part of the UA?
> 
> If this is meant to say that UAs should accept and honour all cookies,
> that would be hard to reconcile with the W3C principles (see
> http://www.w3.org/standards/webdesign/privacy), let alone the charter of
> this group. Not to mention that it would fly in the face of the EU
> e-Privacy Directive which bans the use of non-functional cookies without
> prior consent (DNT:0 scenarios, basically).
> 
> Regards,
> 
>  Walter
> 
>

Received on Sunday, 13 July 2014 15:15:14 UTC