RE: action-231, issue-153 requirements on other software that sets DNT headers

Nick, your proposed text looks OK if it's clear that "the user's intent" can be determined by out of band means, e.g. by provisioning (e.g. Customer Care request to add a "track me not" feature), or policy (e.g. a corporate proxy which enforces company policy on tracking), or any number of other such means. In essence, the "intent" here can be derived from a larger purpose, e.g. to be safe on the Web or to have a job.
________________________________________
From: Nicholas Doty [npdoty@w3.org]
Sent: Tuesday, July 31, 2012 10:46 PM
To: public-tracking@w3.org (public-tracking@w3.org)
Cc: David Singer; David Wainberg
Subject: action-231, issue-153 requirements on other software that sets DNT headers

Hi all,

Dave Singer and I volunteered to draft a very short proposal to capture the idea that if software outside the user agent (like anti-virus software, or a http proxy or what-have-you) sets a DNT value, it should still capture the user's intent.

Proposal:

After this existing sentence in the TPE spec:
> Likewise, a user agent extension or add-on must not alter the tracking preference unless the act of installing and enabling that extension or add-on is an explicit choice by the user for that tracking preference.

Add:
> Software outside of the user agent that causes a DNT header to be sent (or modifies existing headers) MUST NOT do so without following the requirements of this section; such software is responsible for assuring the expressed preference reflects the user's intent.

I believe this fulfills a common concept we've heard in the WG. It may also go towards issue-150 (conflicts between user agents), in explaining that any software must follow the same requirements for non-default user choice.

David Wainberg is also working on a proposal around this issue but we haven't had a chance to compare/combine texts yet.

Thanks,
Nick

Received on Wednesday, 1 August 2012 14:41:44 UTC