search

Aloodo / ad.aloodo.com

http://ad.aloodo.com/
GNU Affero General Public License v3.0
19 stars 4 forks source link

Send DNT header #11

Open dmarti opened 8 years ago

dmarti commented 8 years ago

From this thread: https://lists.eff.org/pipermail/privacybadger/2016-April/000112.html

Why not agree on a "block me" signal. Any reference to a third-party marked in a particular way will cause the request to be blocked by tracking protection i.e. PrivacyBadger

The Do Not Track (candidate) recommendation contains such a signal. A TSR (a JSON resource at //ad.aloodo.com/.well-known/dnt ) with Tracking set to "T" ( { "Tracking": "T", ... } when accessed with the DNT set (DNT:1), would signal refusal to stop tracking, i.e. block me. You could also do it by returning a Tk: T to any ad.aloodo.com resource.

michael-oneill commented 8 years ago

Trouble is that the Tk: T response can mean "tracking solely for one of the permitted uses", i.e. security. In that case the TSR (Tracking Status Resource_ the JSON resource returned by a GET to {domain}/.well-known/dnt) MAY have a "qualifiers" property that identifies one or more permitted uses. See https://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.qualifiers or https://trackingprotection.github.io/Implementation/DNTGuide/#the-qualifiers-string

It is unfortunate this is a MAY in the TCS, I think it only makes sense to assume a TK: T response to DNT:1 without a "qualifiers" property is a refusal to comply, but this is only implied in the spec. It also means there has to be another round-trip to get the TSR.

I suggested the "D" (Disregard) response https://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-D This means "the origin server is unable or unwilling to respect a tracking preference", and does not require checking the TSR.

dmarti commented 8 years ago

@michael-oneill Here is the meta tag. I'm going to leave this issue open just to make sure to send a real HTTP header when the project gets dedicated hosting.

michael-oneill commented 8 years ago

Great, & its working. I just fixed Bouncer so it shows the domain is blocked, and improved the tooltip message. It will be uploaded in the next couple hours.

michael-oneill commented 8 years ago

Are you OK if I put aloodo up on the TPWG wiki implementation page?

dmarti commented 8 years ago

Yes, please. If you have any questions please let me know.