- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 20 Oct 2011 17:25:06 -0700
- To: David Singer <singer@apple.com>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
On Oct 20, 2011, at 11:17 AM, David Singer wrote: > I think you are allowing your pessimism to run too far. Strictly, logging out means I can't do anything I'd need to log in to do; it doesn't strictly mean 'forget me'. But if a site responds "I am not tracking you in this transaction" and it later transpires that it was, that's pretty useful. DNT does not mean "forget me". If the server responds positively to DNT, it means that it won't track the user beyond its own branded sites (and presumably won't share the internal data collection with third parties unless the user requested it for some other reason, like by purchasing something with a credit card). Please do not confuse DNT with private browsing mode. Whatever a server might say in response, it won't be understandable without a full policy description. And the response is not just a few bytes. It is a few bytes for every single resource for which we indicate a response is needed, every time those resources are accessed. A typical site embeds dozens of such requests per page. In contrast, a well-known location can represent exactly how the site as a whole tracks, provide information specific to that user (such as a link to where they can see and edit the data collected), only needs to be requested once per site, and only by those browsers specifically configured to do so. It thus has no performance impact whatsoever and does not require any modification to the existing code that implements all of today's operating websites. ....Roy
Received on Friday, 21 October 2011 00:25:32 UTC