- From: Ninja Marnau <nmarnau@datenschutzzentrum.de>
- Date: Wed, 06 Jun 2012 10:53:53 +0200
- To: "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
- CC: David Singer <singer@apple.com>
I support what David said. I agree that the existing consensus should still be valid and that there is no need to revisit it. I strongly disagree on Shane's suggestion that we should change the spec and advise servers to consider a DNT;1 or DNT;0 (valid DNT setting) as DNT;unset, if they think the UA making the request is "misbehaving" according to the spec. Even if we cannot assume that using a UA with DNT;1 default necessarily means that the user chose the UA because of this privacy-by-default setting, we neither can assume that the setting does not reflect the the preference of a significant number of users. Maybe they chose the UA because of advertising as privacy-enhancing, maybe they opted-in and then opted-out again. Neither we nor the server may know. By sending a response "Non-Compliant User Agent" we would knowingly disregard the preference of these users. When we are talking about IE10 this would be a large number of users. Confronting them with a response like that would make an awful impression not only for the the responding first party and the UA but also for the whole DNT recommendation. Affronting users in this way, wether the default is congruent with their preference or not, would be the worst possible outcome imho. If a site chooses to answer with a NACK signal, it is up to them (what impact this does have on their claimed DNT compliance is another topic), but we should not advise them to do so in the spec. I think this conflict shows once again that the user needs to get a clear answer by the server wether his DNT signal (of which he may not be aware) is honored. Ninja Am 05.06.2012 21:20, schrieb David Singer: > > On Jun 5, 2012, at 8:53 , Dobbs, Brooks wrote: > >> >> Hi Rigo, >> >> So a little follow-up: >> >> >>> Rob (Article 29 WP) suggested to have a selection screen at first >>> startup. After all the noise about the defaults, can we assume that >>> using a certain browser means sending DNT;1? >> >> No. We can't. This is the same point I raised with Justin. With no >> disrespect to the hard work this group does, DNT really just isn't top of >> mind share for Joe Consumer and is exceedingly unlikely to be the primary >> motivation for choosing a browser and/or reflect his/her personal preference >> on DNT. Realistically would anyone ever choose browser A over 3 primary >> competitors because it had DNT by default where the others made me go >> through Preferences->Privacy->DNT? Doesn't it generally take more than 3 >> clicks to install/switch to a new browser? >> > > > I don't want to defend on-by-default in general, but I do think Roy's example of browsers that are specifically marketed as being 'privacy enhanced' is not a complete fantasy. I think it quite possible someone will write and market such a browser, which takes various measures to enhance privacy, such as reducing fingerprinting capability, turning on DNT, using HTTPS whenever possible, being careful with traces kept locally (e..g history lists), maybe even using TOR when using a service that might records history, and so on. > > So, I think the compromise position we reached is a good one (that admits this possibility in special-purpose browsers), and I don't think the existence of a product that steps outside that compromise should make us revisit it. > > David Singer > Multimedia and Software Standards, Apple Inc. > > -- Ninja Marnau mail: NMarnau@datenschutzzentrum.de - http://www.datenschutzzentrum.de Telefon: +49 431/988-1285, Fax +49 431/988-1223 Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein Independent Centre for Privacy Protection Schleswig-Holstein
Received on Wednesday, 6 June 2012 08:52:37 UTC