- From: Rigo Wenning <rigo@w3.org>
- Date: Sun, 28 Jul 2013 00:02:17 +0200
- To: Chris Mejia <chris.mejia@iab.net>
- Cc: Shane Wiley <wileys@yahoo-inc.com>, "public-tracking@w3.org" <public-tracking@w3.org>
On Friday 26 July 2013 21:40:32 Chris Mejia wrote: > Yes, W3C is responsible, it's your spec. See "DNT user agent vetting > registry service" (above) for next steps on cleaning up the > marketplace mess that's been created. A registry is certainly another valid way forward. But many people still do not understand what claiming conformity really means in DNT. And that is part of a discussion we still have to have. > > You wrote "If you can't distinguish between a browser and a router, I > wonder about the quality of all that tracking anyway." > > Rigo, this is why you are a lawyer, and not a technologist. > Technically speaking, we are not talking about distinguishing between > browsers and routers, we are are talking about distinguishing between > validly set DNT signals and ones that aren't. You'd need to > understand how HTTP header injection works to fully appreciate the > technical problem. The best technologists on both sides of this > debate have not been able to reconcile this issue. Neither have the > lawyers. The lawyers will tell you that you need a rule: "You shall not inject false headers or transport false or injected headers". That doesn't buy you anything either. I suggested to require the presence of the UGE testing bit. In fact you can test already whether you have an exception. That test can be used to determine whether the signal is valid. > > You wrote "I do not believe, given the dynamics of the Web and the > Internet, that we can predict the percentage of DNT headers for the > next 3 years; let alone the percentage of valid DNT headers." > [...] > Please stop > asserting that our technical and business concerns are trivial or ill > informed-- they are not. Most of your replies below are not helping > us get closer to a workable DNT solution-- you are only further > exacerbating our concerns. Chris, re-read my reply to Shane. He is having a creative semantics party by claiming an "opt-in regime" I would rather be interested on a less distorted technical discussion. Shane is only mildly reflecting the solutions that the browser makers have considered viable, especially the UGE testing bit. And even I earned a lot of criticism by insisting on a "D" signal that allows you to say that you do not accept a signal. The elements are there... You're a technician, what would be your answer? A registry is not bad. But most web-geeks hate registries. I suggested the UGE verification bit. Perhaps not perfect, but viable. Is there a better solution? Shane suggested that we could make the DNT-signal signed. This could be a fixed set of elements so that you don't need a key to verify the signature but just the same elements. --Rigo
Received on Saturday, 27 July 2013 22:02:48 UTC