- From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
- Date: Thu, 09 Feb 2012 15:06:52 +0100
- To: (unknown charset) Sean Harvey <sharvey@google.com>
- CC: (unknown charset) Nick Doty <npdoty@w3.org>, Heather West <heatherwest@google.com>, public-tracking@w3.org
Hi Sean, Somewhat I do not understand your question. My point was that the DNT header is the definitive resource for user preference info. In case of site-specific-exceptions, the header will change to DNT;0, i.e., the site can still rely on the header as the sole source of preference information. We discuss whether we provide means for a server to obtain more info (what exceptions, am I an exception, and the like). The point wrt cookies is that if a site uses other means to 'cache' DNT preferences, it does so at its own risk. While a portal that translates incoming DNT signals to cookies to allow back-end systems to use the legacy cookie mechanisms, the site needs to ensure that this translation is sound and that DNT;1 is always respected (while loosing some DNT'0 preferences should be OK by, eg., not being fast enough to destroy an opt-out cookie for your site after receiving a DNT;0 signal). Did this clarify your point? Regards, matthias On 2/8/2012 11:22 AM, Sean Harvey wrote: > Thanks Matthias. just a quick double check without having to waste > everyone's time. The point here is that the server should not have to > check any cookies including opt out cookies to determine the user's > default DNT status. I assume we are not saying that currently there is > no clear way for the server to understand the user's default DNT state > when a site-specific exception is in place? > > > > > On Mon, Feb 6, 2012 at 9:28 PM, Matthias Schunter <mts@zurich.ibm.com > <mailto:mts@zurich.ibm.com>> wrote: > > Hi Sean, > > > thanks for reviewing the header proposal. I agree with Nick that this > should largely work: > > 1. The user browses SITE and sends whatever DNT value (or none) that > he prefers > 2. The site discovers an opt-out cookie and interprets this as DNT;1 > 3. The site responds with a response header that signals its intended > usage > (e.g., no tracking / third party) > > However, I believe that obtaining headers may be more reliable than > using redundant information from cookies. Consider a case where: > a) The user prefers DNT;1 and sends this header everywhere > and has an opt-out cookie as well. > b) The site only interprets the cookie (ignoring the header) > and assumes DNT;0 if it receives no cookie > c) the user deletes all cookies while continuing to send DNT;1 > > In this case, the site would assume DNT;0 while the user has sent > DNT;1. > > Note that this is not a problem of the response headers. It is rather > an issue how to keep the DNT header info in sync with other opt-out > schemes. The challenge is to ensure that the cookies used by the site > are always in sync with the DNT header sent by the user. > > > Regards, > matthias > > > > > On 2/5/2012 11:15 PM, Sean Harvey wrote: > > The concern is that some systems may wish to respect a DNT header > > being on (in part) by setting an opt-out cookie. This opt-out cookie > > would mean that site-specific exemptions will be ignored and the > user > > will be treated as DNT=on in all cases. This is practically > easier in > > some cases, and we would want this to at least be an option for a > > server when faced with an array of DNT states. > > > > > > > > -- > Sean Harvey > Business Product Manager > Google, Inc. > 212-381-5330 > sharvey@google.com <mailto:sharvey@google.com>
Received on Thursday, 9 February 2012 14:07:53 UTC