Privacy/TPWG/Change Proposal User Agent Compliance

From W3C Wiki
< Privacy‎ | TPWG
Jump to: navigation, search

Mirror TPE language

Proposal from Justin Brookman: email; issue-205 (See also: proposal from Mike O'Neill)

New text

Proposal is to mirror the language on user agent compliance for setting a preference currently in the TPE draft. Summary of differences: explanatory text about the user's preference rather than institution; choice implied by the decision to use the agent; remove requirement to make available neutral explanation to user.

The goal of this protocol is to allow a user to express their personal preference regarding tracking to each server and web application that they communicate with via HTTP, thereby allowing each service to either adjust their behavior to meet the user's expectations or reach a separate agreement with the user to satisfy all parties.

Key to that notion of expression is that the signal sent must reflect the user's preference, not the choice of some vendor, institution, site, or any network-imposed mechanism outside the user's control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user. In the absence of user choice, there is no tracking preference expressed.

A user agent must offer users a minimum of two alternative choices for a Do Not Track preference: unset or DNT:1. A user agent may offer a third alternative choice: DNT:0.

If the user's choice is DNT:1 or DNT:0, the tracking preference is enabled; otherwise, the tracking preference is not enabled.

A user agent must have a default tracking preference of unset (not enabled) unless a specific tracking preference is implied by the decision to use that agent, or another default preference is required to comply with applicable laws, regulations or judicial processes. For example, use of a general-purpose browser would not imply a tracking preference when invoked normally as SuperFred, but might imply a preference if invoked as SuperDoNotTrack or UltraPrivacyFred. Likewise, a user agent extension or add-on must not alter the tracking preference unless the act of installing and enabling that extension or add-on is an explicit choice by the user for that tracking preference.

A user agent extension or add-on must not alter the user's tracking preference setting unless it complies with the requirements in this document, including but not limited to this section (Determining a User Preference). Software outside of the user agent that causes a DNT header to be sent (or causes existing headers to be modified) must not do so without ensuring that the requirements of this section are met; such software also must ensure the transmitted preference reflects the individual user's preference.

We do not specify how tracking preference choices are offered to the user or how the preference is enabled: each implementation is responsible for determining the user experience by which a tracking preference is enabled. For example, a user might select a check-box in their user agent's configuration, install an extension or add-on that is specifically designed to add a tracking preference expression, or make a choice for privacy that then implicitly includes a tracking preference (e.g., Privacy settings: high). The user-agent might ask the user for their preference during startup, perhaps on first use or after an update adds the tracking protection feature. Likewise, a user might install or configure a proxy to add the expression to their own outgoing requests.

Although some controlled network environments, such as public access terminals or managed corporate intranets, might impose restrictions on the use or configuration of installed user agents, such that a user might only have access to user agents with a predetermined preference enabled, the user is at least able to choose whether to make use of those user agents. In contrast, if a user brings their own Web-enabled device to a library or cafe with wireless Internet access, the expectation will be that their chosen user agent and personal preferences regarding Web site behavior will not be altered by the network environment, aside from blanket limitations on what resources can or cannot be accessed through that network. Implementations of HTTP that are not under control of the user must not generate or modify a tracking preference.

No tracking by UA

proposal from Alan Chapell

New text

updated proposal:

A user agent MUST NOT share information related to the network interaction with parties outside such interaction without consent.

was:

A user agent MUST NOT track information related to the network interaction outside of the [Permitted Uses] and any explicitly-granted exceptions without consent.

Rationale: In reviewing the June draft with colleagues, it occurred to me that some User Agents – technically speaking – could engage in tracking. My sense is that it is implicit that User agents would fall under the definition of third party under this spec and therefore would be subject to certain requirements. My goal was to make that more explicit. And as others have noted, the use case is not merely speculative. (See http://download.cnet.com/8301-2007_4-20123464-12/amazons-silk-browser-now-eff-approved-really/ and http://www.theregister.co.uk/2003/11/07/help_my_belkin_router/)

UA Compliance Example

Proposal from Jonathan Mayer and Dan Auerbach.

New text (jmayer)

Suggests adding a non-normative example only:

Example: A browser which presents a preselected first-run or install-time DNT option is compliant, as DNT signals would reflect the user's affirmative DNT choice.

New text (danA)

Suggests adding a non-normative example only:

Example: A browser which has a first-run option that forces a user to choose between DNT: 1, DNT: 0, or keeping DNT unset, would be considered compliant with the DNT standard, as signals sent out based on this implementation reflect the user's affirmative DNT choice.

Editors' draft

A user agent MUST offer users a minimum of two alternative choices for a Do Not Track preference: unset or DNT: 1. A user agent MAY offer a third alternative choice: DNT: 0.

If the user's choice is DNT:1 or DNT:0, the tracking preference is enabled; otherwise, the tracking preference is not enabled.

A user agent MUST have a default tracking preference of unset (not enabled).

User agents and web sites are responsible for determining the user experience by which a tracking preference is controlled. User agents and web sites MUST ensure that tracking preference choices are communicated to users clearly and accurately and shown at the time and place the tracking preference choice is made available to a user. User agents and web sites MUST ensure that the tracking preference choices describe the parties to whom DNT applies and MUST make available brief and neutral explanatory text to provide more detailed information about DNT functionality.

That text MUST indicate that:

  • if the tracking preference is communicated, it limits collection and use of web viewing data for certain advertising and other purposes;
  • when DNT is enabled, some data may still be collected and used for certain purposes, and a description of such purposes; and
  • if a user affirmatively allows a particular party to collect and use information about web viewing activities, enabling DNT will not limit collection and use from that party.

User agents and web sites MUST obtain an explicit choice made by a user when setting controls that affect the tracking preference expression.

A user agent MUST transmit the tracking preference according to the [TRACKING-DNT] specification.

Implementations of HTTP that are not under control of the user MUST NOT generate or modify a tracking preference.