Re: DNT-aware JavaScript (ISSUE-84)

On Jan 26, 2012, at 1:02 AM, Roy T. Fielding wrote:
> On Jan 25, 2012, at 10:52 PM, Jonathan Mayer wrote:
>> DNT-aware JavaScript is a frequently proposed use case / called for feature request.  I think it'd be unwise to leave out something implementers want, especially when the approach appears to be counterintuitive for some.
> 
> My concern is fairly specific.  We do personalization via javascript.  Some
> of that personalization is based on server-side information and some based
> on client-side information.  Some of it is based on pure session data (like
> where the mouse pointer spends the most time in your window).
> 
> I expect client-side personalization to increase in the future (depending on
> regions and devices) when client-side storage is more prevalent.
> 
> The end result is that users may start seeing targeted behavior entirely
> driven by client-side data and cached javascript, which means no server
> request is being made to the third party and thus no DNT header is sent.
> 
> Do we care to address that use case?  I don't know if we do.

I think this is an issue worth discussing, if only briefly. 

My impression is that while client-side JavaScript personalization is often a privacy-preserving technique there might be some situations where a site wouldn't want its personalization to be too intrusive to avoid surprising or disturbing its users. Perhaps we could note (in MAY or non-normative language) that DNT-aware JavaScript (whether achieved via a DOM property or other means) may use awareness of a DNT signal to avoid, for example, behavior that could reveal past interactions. If in the future client-side personalization becomes prevalent and raises privacy concerns among users we could give normative recommendations in later versions of the spec.

Thanks,
Nick

Received on Monday, 13 February 2012 02:04:03 UTC