Re: ISSUE-95: May an institution or network provider set a tracking preference for a user? from David Singer on 2012-01-03 (public-tracking@w3.org from January 2012)

From: David Singer <singer@apple.com>
Date: Tue, 03 Jan 2012 15:23:33 -0800
To: Thomas Roessler <tlr@w3.org>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, public-tracking@w3.org
Message-id: <68F26FFE-33CA-44DF-AF18-8F90D7347642@apple.com>

On Dec 23, 2011, at 1:14 , Thomas Roessler wrote:

> If you look at draft-ietf-httpbis-p2-semantics-17 (the almost-done revision of HTTP), one of the considerations that's explicitly called out for new header specifications is:
> 
>>   o  Under what conditions intermediaries are allowed to modify the
> 
>>      header field's value, insert or delete it.
> 
> That question is answered by the current "MUST NOT" text.
> 

I am concerned about a "MUST NOT" on the outbound header, because I think some businesses and environments will willfully violate it, and once they are "outside the law" they will feel that they can go as far as they like.  

(We've talked about corporations and hotels before).  Would it be safer to say that you're only allowed to *strengthen* the DNT status, not weaken it (i.e. you can go from absent to DNT:1, but not the other way, or DNT:1 to DNT:0)?


> Meanwhile, I believe that we're in violent agreement on the actual substance here, and would respectfully suggest that we move on.
> 
> --
> Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)
> 
> 
> 
> 
> 
> 
> 
> On 2011-12-23, at 04:03 +0100, Bjoern Hoehrmann wrote:
> 
>> * Thomas Roessler wrote:
>>> 1. On the technical level, HTTP is specified (among other things) in
>>> terms of user agent behavior, server behavior, and intermediary
>>> behavior.  It, for example, says how intermediaries handle hop-to-hop
>>> header, how caching behavior is controlled by the protocol, and all
>>> that.  Intermediaries are participants in that protocol, and they
>>> actually are developed according to specifications.  Therefore, on the
>>> technical level, we need the "intermediaries MUST NOT mess with this
>>> header" note.  That's part of the technical protocol specification.
>> 
>> I am saying that HTTP does not allow intermediaries to rewrite, add, or
>> remove the "dnt" header without the user agreeing to that in some way.
>> If you can demonstrate that HTTP allows this, please go ahead and do so.
>> -- 
>> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
>> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
>> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
>> 
> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 4 January 2012 00:27:01 UTC