Re: Call for proposals for ISSUE-194

I'm not sure it's a good idea to define the standard in a way that requires
us to enumerate the times and methods by which a user might be queried
about their DNT preferences with respect to a particular browser.
"Install time" and "run-time preference settings" are not the only
scenarios.   A browser might query the user on first run.   It might query
the user when the user makes some other privacy-relevant choice, such as
adjusting cookie policy or turning on a plug-in click-to-play setting.  On
a shared machine, it might query the user the first time the user logs in
(even though the browser might have been installed long before the user's
account was even set up).   If the browser supports a settings-sync
feature, it might query the user when it notices that the user has set up
DNT on another device.  There are plenty of other scenarios.

I understand the rationale that has been suggested for requiring that the
user makes a choice to enable DNT. I don't think we have heard a convincing
rationale for going beyond a user choice requirement to explicitly exclude
certain types of user agents or certain forms or times of interaction, even
if they meet a user choice requirement.


On Fri, May 3, 2013 at 12:58 PM, Matthias Schunter (Intel Corporation) <
mts-std@schunter.org> wrote:

> Hi Team,
>
>
> thanks for your input!
>
> One challenge that I heard is to distinguish legacy signals (tools
> spraying DNT;1) from newly designed
> user agents that comply with our spec.
>
> My understanding of the proposal by Rob:
> - Use authentication to ensure valid transmission of signals
> - Replace unauthenticated signals by DNT1
>
> Another proposal was to introduce a new flag/value to distinguish
> legacy signals from signals from newly designed user agents:
> - DNT;1 - Legacy signals
> - DNT;1i - User preference collected at install-time
> - DNT;1p - User preference entered by the user as part of the run-time
> preference settings
> - DNT;0 - Permission to track (by preference or exception)
>
> Note that for all approaches, there is always the User agent string that
> gives some indication of the user agent sending the requests.
>
> I am still eager to hear more proposals. Overall, the goal to reliably
> identify "sound" user preferences is a common objective of this group.
> IMHO we just have not found the best approach to achieve this goal.
>
> Further comments, clarifications, and inputs are appreciated. I would also
> like to discuss this topic at our F2F next week.
>
>
> Regards,
> matthias
>
>
>
>
>
> On 30/04/2013 09:38, Matthias Schunter (Intel Corporation) wrote:
>
>>
>> Hi Team,
>>
>>
>>
>> during the last TPE call, we discussed ISSUE-194. One goal of ISSUE-194
>> is to ensure that sites reliably receive valid DNT signals.
>> Without such a mechanism, there is a risk that a multitude of things
>> spray DNT;1 signals (antivirus, network devices, operating systems, ...;
>> often without user interaction).
>> As a consequence, sites can no longer reasonably by required to listen to
>> those signals.
>>
>> We agreed that separating noise from signals is a valid concern and there
>> were concerns
>> whether there exists any solution that satisfies our goals.
>>
>> If we could reliably distinguish between valid user preferences/choice
>> and noise from other entities on the net,
>> then this allows sites to actually reliably act on user preferences while
>> "D"isregarding the noise.
>>
>> As part of discussing this further, I would like to issue a call for
>> proposals. The question is
>> what mechanisms are envisioned that allow sites to (more) reliably
>> separate noise from preferences.
>>
>> Any proposals (as responses) are welcome. My goal is to then discuss and
>> compare thes proposals
>> to understand whether they help sites with this concern.
>>
>>
>> Regards,
>> matthias
>>
>>
>>
>
>


-- 
Edward W. Felten
Professor of Computer Science and Public Affairs
Director, Center for Information Technology Policy
Princeton University
609-258-5906           http://www.cs.princeton.edu/~felten