- From: Walter van Holst <walter.van.holst@xs4all.nl>
- Date: Wed, 07 Nov 2012 21:51:59 +0100
- To: public-tracking@w3.org
On 11/7/12 9:18 PM, Shane Wiley wrote: > As long as 3rd party changes are recorded and sent to the Server for > assessment (Issue-143). If 3rd party tools can game DNT (activate it > with no user interaction and make it appear as if the browser is > doing this), then I doubt many Servers will ever implement DNT. This > is a critical issue that needs to be resolved to the satisfaction of > both sides of the debate if there is any hope for DNT to be a viable, > voluntarily implemented, standard. That requirement that is impossible to meet. The UA has no control over the network between the UA and the server and therefore possibly cannot even detect such changes, let alone send them to the server for assessment. A few scenarios: 1) User A uses a Chromebook in an enterprise environment, managed by X. X has per corporate security policy transparant proxies for all HTTP traffic that insert DNT:1 for all outgoing HTTP requests, regardless of User A's preferences. 2) User B uses Chrome on a desktop machine that has an ad-blocking proxy installed, the Chrome configuration points to 127.0.0.1:8080 as a proxy, but other than that the UA has no real means to detect that there is a proxy and what it does. This particular proxy puts in DNT:1, without even paying attention to the Chrome preferences in this regard. 3) User C uses Chrome in conjunction with an extension that is acquired from outside Google's extension appstore. The extension leaves the Chrome DNT preferences untouched, but nonetheless puts in DNT:1 in outgoing HTTP requests. How is Chrome going to be compliant with your requirement in any of the above scenarios, neither of which is unlikely to ever happen? And I don't even think it should be problematic in the above given scenarios. In scenario 1, User A has to adhere to a corporate policy and given the business nature of the relationship with X (for example employer-employee relation), it can be argued that A's preferences are not relevant and only X's preferences. In scenarios 2 and 3 the user most likely chose consciously to use these third party tools and it can be equally argued that the browser configuration just not happens to reflect the users informed non-consent with being tracked and that the third-party tool installation does a better job at that. Bottom line: let's honour the principle that the user gets to decide what happens on his or her machine and not include second guesses of the user's stated intent in the specification. Regards, Walter
Received on Wednesday, 7 November 2012 20:52:28 UTC