https://issues.apache.org/bugzilla/show_bug.cgi?id=53845
--- Comment #1 from Jonathan Mayer <[email protected]> --- I'm a member of the W3C Tracking Protection Working Group. Some added perspective from Do Not Track negotiations may be helpful here. Short version: SVN commit 1371878 is definitely not required by the nascent W3C privacy standards, and it will facilitate running afoul of those standards. The working group has decided that a mainstream browser is not compliant if it silently enables Do Not Track by default. The beta version of Internet Explorer 10, for example, is noncompliant. The group has *not*, however, decided: 1) An installation/first-run option, like shipping Internet Explorer 10, is noncompliant. The draft text, in fact, notes this is an acceptable implementation: "We do not specify how tracking preference choices are offered to the user or how the preference is enabled: each implementation is responsible for determining the user experience by which a tracking preference is enabled. . . . The user-agent might ask the user for their preference during startup, perhaps on first use or after an update adds the tracking protection feature." 2) A compliant website may ignore a syntactically valid "DNT: 1" signal from a noncompliant browser. Furthermore, even if the W3C Do Not Track standard were to allow second-guessing "DNT: 1" from particular browsers, it certainly would not require it. Many websites would assuredly want to honor all "DNT: 1" headers or ask a user to confirm his or her preferences. If httpd is configured in an intermediary role (e.g. mod_proxy), this commit runs into a different compliance issue: intermediaries aren't supposed to tamper with "DNT" headers. Draft text: "An HTTP intermediary must not add, delete, or modify the DNT header field in requests forwarded through that intermediary unless that intermediary has been specifically installed or configured to do so by the user making the requests." -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
