- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 16 Oct 2012 18:48:56 +0200
- To: public-tracking@w3.org
- Cc: Ed Felten <ed@felten.com>, David Wainberg <david@networkadvertising.org>
Ed, On Tuesday 09 October 2012 16:01:21 Ed Felten wrote: > Second, do you envision some body that decides which compliance > tokens are valid? If so, who might that be? If not, how do > you prevent people from making up their own new compliance > tokens? <joke> I love registries (many in the Team don't like them) because they are the point where the Internet enables one to print money. So I would suggest W3C sets up such a registry of DNT tokens and takes the same price as the browsers take for SSL root certification. That prevents a proliferation of tokens and solves W3C's short term financial issues. </joke> Accepting other tokens just means that any kind of entity can set up their own. There is no quality requirement or consumer participation requirement whatsoever. Additionally, having multiple compliance tokens creates the risk of races to the bottom or races to the top. We had discussions about the status response called "N". And the industry was raving against that because it creates "SuperDNT". Taking this thought further, Rob could just make an EU-DNT and require it for all safe-harbour companies. Such a thing would not be a "SuperDNT", but a "HyperDNT" as it would participate in the safe harbour enforcement regime. So to all of those who are looking for the tech-specification with their own regime, let me tell them that there is a real and present risk that using W3C only to point to one's own compliance regime can seriously backfire. Having one compliance specification means we know what we get and we all found out under a fair process (I don't want to dismiss the DAA process, but it wasn't global). Lacking this, it may go terribly wrong for one or the other side. I would be really reluctant to go down that route. Best, Rigo
Received on Tuesday, 16 October 2012 16:49:20 UTC