Re: ACTION-98: Bring input on ISSUE-111 to the group from Nicholas Doty on 2012-03-19 (public-tracking@w3.org from March 2012)

From: Nicholas Doty <npdoty@w3.org>
Date: Mon, 19 Mar 2012 00:32:43 -0700
To: Shane Wiley <wileys@yahoo-inc.com>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Tracking Protection Working Group WG <public-tracking@w3.org>
Message-Id: <57CD6401-002D-42CC-A366-C0B54DA3932D@w3.org>

On Mar 18, 2012, at 10:38 PM, Shane Wiley wrote:
> If a publisher is granted a site-wide exception ("*") then I would expect that publisher would also receive DNT:0.  If they receive DNT:1, then will believe an exception was not granted and prompt the user to provide one.  This appears to be very circular.  Your argument appears to force the need for something like DNT:2.

This helps me understand better, thanks. The current text doesn't specify it that way, but I think I see the proposal now: 
User agents would send DNT:0 to the top-level site (the first party publisher) if users have a persisted exception for "*" on that site.
We would need to update at least Sections 6.3.2 and 4.1 for such a change.

I think sending DNT:0 to a first-party site has a distinct meaning from granting a "*" exception on that site (the former being: "you can track me and share data with arbitrary third parties", the latter: "I'll let third parties that I interact with during this visit track me"), but maybe it's close enough for our purposes. What do others think?

> And while I understand the finger-printing concerns, I don't believe we should limit publisher options by forcing the use of cookies and then syncing their purging with exceptions.  As user purge cookies at a heavy clip, this will mean a never ending situation for users continually need to re-provide exceptions to publishers - not a great outcome for publishers or users - all in the name of stopping Bad Actors.  I believe the perspective is backwards here.

Just to be clear, I wasn't suggesting forcing the use of cookies, I was just proposing that as an option for handling the use case of accessing past exception status on the server side in addition to client-side access. The current spec suggests that agents *should* purge them simultaneously, but user agents may of course come up with their own UIs that handle this differently and we won't specify that in any detail. The WebStorage spec [0] uses the language:

> If users attempt to protect their privacy by clearing cookies without also clearing data stored in the local storage area, sites can defeat those attempts by using the two features as redundant backup for each other. User agents should present the interfaces for clearing these in a way that helps users to understand this possibility and enables them to delete data in all persistent storage features simultaneously.

Thanks,
Nick

[0] http://dev.w3.org/html5/webstorage/#user-tracking

Received on Monday, 19 March 2012 07:32:51 UTC