Re: Agenda for May 23, 2012 DNT WG Call V01 from David Singer on 2012-05-23 (public-tracking@w3.org from May 2012)

From: David Singer <singer@apple.com>
Date: Wed, 23 May 2012 10:00:37 +0200
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <824A6F1A-FD7B-4F13-8DE8-197C37DFE065@apple.com>

On May 23, 2012, at 0:14 , Matthias Schunter wrote:

> 5. Explicit/explicit user-granted exceptions [ISSUE-140]
>     Question is whether sites can ask for explicit third parties being excempted (not just any (*)).
>     I made a second proposal that tries to address the raised comments by
>      moving the explicit/explicit lists to the well-known URIs.

Can we add resolving on the new APIs (roll-up of several emails that I posted)?
   <http://lists.w3.org/Archives/Public/public-tracking/2012May/0269.html>

> 
> 6. User agent behavior [ISSUE-144]
>      What is the relationship between the exception API and actual subsequent behavior of user agents?

I think I cover the basic question in the API email I sent: when the pair [top-level-domain, target-site] matches any pair in the database, send dnt:0, else send dnt:1

(by the way, this answers the question as to what the first party receives, as it's under their control. it enables the first-party to add [self, self] as an explicit pair in the grant request, whereupon they will get dnt:0)

On the questions:
> - Would it be OK if the UI for site-wide and explicit would be identical?

We don't discuss UI, question is out of scope.

> - Would it be OK if the answer will be generated without user interaction (e.g., the user prefers DNT;1 and therefore no exception is granted - ever)

Likewise (though I think the answer is yes).

> - Would it be OK if the answer is generated from a user-approved policy (e.g., say yes unless a tracker is on my blacklist)?

ditto

(basically, the user chose their UI and the way it helps them make decisions).

> QUESTION 2: Once a site-wide, explicit, or web-wide exception has been granted, do we mandate how this affects future behavior (e.g., sending DNT;0 or DNT;1)?

covered in <http://lists.w3.org/Archives/Public/public-tracking/2012May/0269.html>

> 
> 7. Open ISSUES without Actions
>     These ISSUEs have no actions and I'd like to discuss what to do about this:
> https://www.w3.org/2011/tracking-protection/track/issues/112

This issue should generally address the question of what the matching rule is (which I gloss over). If there is a rule in the database for [current-site, example.com] and I need to send an HTTP request to images.example.com, does it match or not?  We should inherit the rules from someone (probably CORS/SORS) in my opinion.  Nick, can you think of a good reference?

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 23 May 2012 08:01:36 UTC