httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53845] Remove DNT settings from httpd.conf
Date Mon, 17 Sep 2012 11:30:03 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53845

--- Comment #10 from ChrisTX <xpipe@hotmail.de> ---
> Microsoft says that this feature defaults to "on", [...]

Now do they? They've said this in relation to the Release Preview, but I have a
hard time finding the usage of the word 'default' in reference to the final
product in the official statement:

http://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/08/07/do-not-track-in-the-windows-8-set-up-experience.aspx

> The only person who sees it is the installer, and even then it is hidden amongst a set
of options that are, if anything, anti-privacy.

I beg to differ. The express settings list things that are mostly related to
privacy, actually. It is definitely a concern of privacy which of these options
and feedback features you turn on.

For instance, "help protect your PC from unsafe files and websites" refers to
Microsoft's SmartScreen technology. For it to work, data has to be sent to
Microsoft, and if you'd search for it, you'll find quite some criticizing the
technology for the possibility of Microsoft using that data to build up
profiles of their users.

Furthermore, "Lets apps give your personalized content [...]" and "Help improve
Microsoft software, [...] by sending us info." are also clearly privacy
options. I could go on about the others, but anything on there except for
network device sharing is a privacy matter because it requires to send some
data to either a first or third party.

Then, "hidden amongst a set of options" is your opinion on the subject. I'd be
even inclined to agree that you may not notice it right away (can't tell, I
always click customize instantly), but the DNT draft says that there are no
requirements being made upon the experience of the user choice - so "hidden" is
permitted, too.

> After that, any user added to the operating system is assigned the same settings as the
installer, without ever seeing those dialogs.

That is semi-correct. I'd like to remind you of something extremely important
here: Windows 8 is *NOT* IE10. Microsoft will make IE10 available for Windows
7. On that system, they can't ask you this way in the setup because you install
it the update on an installed system. It might be this doesn't even reflect the
situation in the Windows 7 version of IE10. The patch however blocks these
users, too.

Secondly, this misses the point. On a single user system (which the computer
I'm writing this on for instance is - hello from a single user, custom
settings-installed, Windows 8 Enterprise with IE 10.0) there is no user's
preference not being respected.

Lastly, I'd argue that for additional users such a system is akin to "some
controlled network environments": Users I add afterwards are in this situation,
basically:

> ... might impose restrictions on the use or configuration of installed user agents, such
that a user might only have access to user agents with a predetermined preference enabled,
the user is at least able to choose whether to make use of those user agents.

Now, they can make that choice because DNT is a per user setting that can be
disabled without administrative consent.
If a "public access terminal" is such a system, then a computer I set up for
relatives which then don't have administrative access is, too: Either way
there's one administrative user giving a secondary one a login.

Plus, you can't rule out this wasn't a user choice of every user, even in that
scenario. For instance I know my mother cares a lot about privacy. Now if I
install Windows 8 on my parents' computer, I respect her choice in that I know
she wants DNT to be enabled and select it on the install screen. It is still
her choice. So now, the only party not respecting her preference would be the
web server.


Unrelated to that, the latest editor's draft now says "Implementations of HTTP
that are not under control of the user must not generate or modify a tracking
preference.". In either case Apache does exactly that. I know you're arguing
that removing an 'invalid DNT' is fine, but you can't reason that a single user
system is entirely compliant to the DNT spec as-is. The patch removes their
valid preference.

-------------------------------------------------------------------------

And again unrelated to all above, some things that personally bother me about
the decision of incorporating the patch in the first place:

- If the patch was committed to the trunk on August 11th, it is chronologically
impossible that the vote took place with the situation the RTM is in
recapitulated. The first public availability (the evaluation, MSDN and TechNet
subscriber access) was on August 15th. Maybe some of its members have had
access to Windows 8 before using OEM channels, but I strongly doubt that
anything close to a majority had such. Judging a product based on a pre-release
on that might be subject to change is just not professional.

- It's true that the Windows 8 Release Preview (not the Consumer Preview or the
RTM) is clearly in violation with the latest editor's draft. The latest public
draft is however the Working Draft - which doesn't explicitly forbid what the
Windows 8 Release Preview does.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message