Purposes Extension: Add language re: allowing users to clear stored purposes.

[jasonanovak]

In the July 23, 2018 Editor's Draft of Tracking Preference Expression (DNT)- Purposes Extension Addendum, the user agent is said to store the site-pair duplets in a local database:

Upon fulfillment, the user agent has added to its local database one or more site-pair duplets [site, target], each indicating that a request from that site domain to the target domain will include DNT:0 regardless of the user's general tracking preference. The fulfilled promise object contains the following TrackingExResult attribute:

If exceptions are being stored in a local database, then seems like the extension should cover clearing the database on some user action.

[michael-oneill]

The removal of DNT exceptions including extension identifiers should be available in browsers, presumably in the same way cookies are cleared/managed. I agree it should be mentioned somewhere.

[jasonekint]

Good and agree. The ability to similarly, simply revoke is important for compliance.

[michael-oneill]

I added the para below to the DNT Extension description.

Browsers MUST make it easy for users to see if a DNT-Consent qualifier has been specified for any page and/or any of the embedded third-parties on the page, and MUST offer the ability to immediately cancel the associated Tracking Exception should they want.

[jasonanovak]

The para as I read it seems to combine:

• That the browser show to the user DNT-Consent qualifiers, if any, for the current site they're on;
• That the browser offer users a way to see all DNT-Consent qualifiers they've issued;
• That the browser offers users a way to clear a given DNT-Consent qualifier.

Not sure if this is intentional or my misreading it but the first piece seems like a big extension to browser chrome requirements over the second and third.

[michael-oneill]

I just meant the browser should show somewhere i.e. in the chrome that DNT-Consent qualifiers exist for the current site, then some way for the user to drill down and see who is doing it, and be able to clear them, similar to they way they can clear individual cookies in Safari. I will see if I can improve the text, or if you suggest some I will put that in.

[jasonanovak]

Got it. I think that there’s some value to breaking out the current-site functionality and the all-sites functionality.

How about:

Browsers may indicate in their UI the DNT-Consent qualifiers for the current site.

Browsers must provide users a way to review all DNT-Consent qualifiers they have granted and to clear them.

On Aug 6, 2018, at 10:21 AM, michael-oneill notifications@github.com wrote:

I just meant the browser should show somewhere i.e. in the chrome that DNT-Consent qualifiers exist for the current site, then some way for the user to drill down and see who is doing it, and be able to clear them, similar to they way they can clear individual cookies in Safari. I will see if I can improve the text, or if you suggest some I will put that in.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/w3c/dnt/issues/93#issuecomment-410745752, or mute the thread https://github.com/notifications/unsubscribe-auth/AB2C7ESMhFlCYqx2a41Q64YcI2K-hdC8ks5uOF8HgaJpZM4Vuk-F.

[rvaneijk]

I support this text proposal by @jasonanovak.