W3C home > Mailing lists > Public > public-tracking-lists@w3.org > April 2012

RE: Issue 2: Use of the term "3rd-party"

From: Andy Zeigler <andyzei@microsoft.com>
Date: Tue, 24 Apr 2012 01:58:05 +0000
To: Ed Felten <ed@felten.com>, Nicholas Doty <npdoty@w3.org>
CC: "public-tracking-lists@w3.org" <public-tracking-lists@w3.org>
Message-ID: <9A7C781439ECF9429A233C0942BAAB6F0ECDD561@SN2PRD0310MB372.namprd03.prod.outlook.com>
Agreed that DNS nomenclature is kind of difficult to use. :)

The definition that I was working from for "second-level domain" is this one:

http://en.wikipedia.org/wiki/Second-level_domain

>In the Domain Name System (DNS) hierarchy, a second-level domain (SLD) is a domain that is directly below a top-level domain (TLD). For example, in example.com, example is >the second-level domain of the .com TLD.
 
>Second-level domains commonly refer to the organization that registered the domain name with a domain name registrar. Some domain name registries introduce a second->level hierarchy to a TLD that indicates the type of organization intended to register an SLD under it. For example, in the .uk namespace a college or other academic institution >would register under the .ac.uk ccSLD, while companies would register under .co.uk

The way that I interpret this is that a TLD can consist of a single label (.com) , or multiple labels (.co.uk), and the registrar can determine its own TLD hierarchy. As a consequence of this, one needs to have a "public suffix list" in order to understand which labels are the TLD and the SLD. Most browsers already do this for a variety of reasons, e.g. domain name highlighting / shortening. This all makes sense, until you read the Wikipedia definition for "ccSLD", which reverts to confusing ".co" as an SLD. :) 

It's true that SLD can break down as in indicator of business relationships, such as in shared hosting scenarios, DNS aliasing, and co-marketed/branded SLDs. Clearly, there are no perfect technical mechanisms to indicate business relationships, which can be done with handshakes between people. However, in terms of tracking users across different websites, today, the SLD is a very good way to differentiate between a website and a tracking entity. As a list author, it's very useful to have a way to "only block URIs that match this pattern if it's SLD is different than the topmost document SLD".

Here's my proposal to resolve this:

- Create a precise definition for SLD that includes the nuance above.
- Clearly define "3rd-party" in terms of the SLD definition

Thoughts?

Thanks,

Andy

-----Original Message-----
From: Ed Felten [mailto:ed@felten.com] 
Sent: Friday, April 20, 2012 5:07 AM
To: Nicholas Doty
Cc: Andy Zeigler; public-tracking-lists@w3.org
Subject: Re: Issue 2: Use of the term "3rd-party"

On Mon, Apr 16, 2012 at 12:18 AM, Nicholas Doty <npdoty@w3.org> wrote:
> My question is more to the point of how a third-party URI is defined (maybe this is your Issue 4, apologies if I'm being repetitive). The current spec defines a third-party URI as one with a different second-level domain. This seems potentially underinclusive: 1) are all *.co.uk hosts first party to one another?, and 2) in cases either of DNS aliasing or shared hosting (foo.wordpress.com and bar.wordpress.com), are subdomains a good indicator of the same business relationship?

What you're looking for here might be "different public suffix" rather
than "different second-level domain".   See
https://en.wikipedia.org/wiki/Public_Suffix_List
Received on Tuesday, 24 April 2012 01:59:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:35:39 UTC