- From: Rob van Eijk <rob@blaeu.com>
- Date: Mon, 21 Apr 2014 22:01:11 +0200
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
A user's and regulators expectation is that DNT "should opt out of collection of behavioral data for all purposes other than those that would be consistent with the context of the interaction; DNT should be comprehensive, effective, and enforceable. It should (...) not permit technical loopholes." (cf. FTC) The D-response with an standard explenation in the privacy policy is a techical loophole in the standard. It reduces user transparancy and damages user control. Moreover, it allows for discrimition based on the judgement of a server of the correctness of the implementation in the user agent. That judgement should not be made on the back of the user while he is using the Web. Pleae correct me if I am wrong, but isn't it fair to say that the company making such a judgement should not have the user pay for this judgement, but instead engage with the company who is resonsible for the user agent, and/or file a complaint with the regulator or competent authority? Rob Roy T. Fielding schreef op 2014-04-21 20:11: > On Apr 21, 2014, at 7:12 AM, Rob van Eijk wrote: > >> Burying the explenation in a large text would not suffice in my view. > > Then don't bury it. > >> You can not expect the user to keep track of which company accepts his >> user agent of choice, and which companies do not. Especially since >> there can be more than just one reason why a syntactically valid user >> expression of choice was disregarded. > > I don't expect them to. I don't expect a user to ever look at this > field, or anything else in the protocol for that matter. I expect > regulators to look at them, and the occasional automated spider or > extension driven by someone with advocacy in mind. > > Remember that the user expression part is already accomplished with > the request header field. If a recipient doesn't want to adhere to > that expression, they would be foolish to respond at all to the DNT > signal. "D" is only useful for servers that want to adhere to a > user's preference but are disregarding the DNT signal. "T" is for > servers that track in spite of the preference (e.g., permitted uses). > >> Roy, you take away the ability of a user to excercise choice with his >> user agent of choice. > > No, the user agent takes away choice when it fails to implement the > protocol correctly. That is easily correctable by the user agent. > There is nothing the server can do about it other than disregard. > >> Although AB370 does not require companies to honor DNT, I am curious >> to hear what alternative(s) you give the user. > > The same alternatives we already give, I presume, though I have not > been referring to any specific service. > >> The output I think is acceptable, is adding granularity to the >> D-signal in the TPE in combination with new normative text to the TCS >> prohibiting technological discrimination. > > I will not implement such a compliance document, nor will anyone > else in industry. Creating compliance documents that none of the > servers implement is not a good use of our time. > > ....Roy
Received on Monday, 21 April 2014 20:01:48 UTC