I never saw a response to my inquiry below. The crux of it is this: I'm a third-party site that receives DNT:0, so the user has explicitly chosen to allow me to track them, but Firefox is blocking my cookies with this feature.
What does Mozilla recommend I do to set state on the browser? I can only assume based on how this feature is designed that Mozilla's position is that the user must set DNT:0 AND enable cookies from third-parties. Is that correct? Or will you be providing a playbook of workarounds for sites to use when DNT:0 is received? I did notice on the privacy roadmap[1] that this feature is listed as a P3 under "Not Yet Awesome Enough". Are there plans to also implement the P2 just above it, "Create API so sites can request third-party cookies"? Seems like that one is also needed to move this closer to the stated goal of making "tracking relationships more obvious to the user." As it stands now, Firefox disregards the user's DNT choice to be tracked and silently breaks some sites. Can you provide an explanation of how this feature is making tracking relationships more obvious to the user? Because all I see is a feature that by default silently blocks third-party cookies with the user completely unaware of what is transpiring. Obviously you can ship what you want, but if the expectation is that the user must change two different settings to enable tracking, then that isn't a meaningful choice for the user. You might as well be honest and declare Firefox to be a privacy-only browser; you can default to DNT:1, enable third-party cookie blocking, build in other technological measures to counter "tracking", and be done with it. You can't claim to support user choice[2] if you ship this feature as-is because there isn't any meaningful user choice being offered. - Bil [1] https://wiki.mozilla.org/Privacy/Roadmap/2012 [2] http://blog.mozilla.org/privacy/2012/05/31/do-not-track-its-the-users-voice-that-matters/ -----Original Message----- From: Bil Corry Sent: Monday, February 25, 2013 12:49 PM To: Asa Dotzler; [email protected] Subject: RE: partial third-party cookie blocking On 2/23/2013 11:11 PM, Asa Dotzler wrote: > On 2/24/2013 10:51 AM, Mxx wrote: > > It is my understanding that the dire for this feature is to protect > users from tracking and not to break websites' regular functionality. > > That is not the driver for this feature. We are not trying to stop > tracking with this feature. We are trying to make tracking > relationships more obvious to the user. I fired up Nightly and set the DNT preference to 0 (aka "Tell sites I want to be tracked"). So even though I said I wanted to be tracked, when I visited a site with third-party content, all third-party cookies were blocked. This brings up some questions: 1. To me, as a user, this is non-intuitive. Is there a way to harmonize cookie behavior with the DNT preference? 2. What does Mozilla recommend as a best practice for third-parties that have permission to track, but can't because of this new cookie policy? 3. If third-parties can't ever set state on the browser, then what's the point of DNT (since tracking is always blocked)? 4. Mozilla publicly came out against a default choice for tracking[1], yet this new cookie policy runs counter to that position by blocking tracking by default. Does Mozilla still believe tracking is an expressed user preference? Or only for DNT, but not cookies? It's somewhat hollow to say DNT should be a user-expressed preference, then prevent tracking regardless of that preference. - Bil [1] http://blog.mozilla.org/privacy/2012/05/31/do-not-track-its-the-users-voice-that-matters/ _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
