W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Summary of First Party vs. Third Party Tests

From: John Simpson <john@consumerwatchdog.org>
Date: Tue, 1 Nov 2011 15:37:18 -0700
Message-Id: <491D17A0-51DA-42AF-BC7D-B4A3E6638DBC@consumerwatchdog.org>
Cc: public-tracking@w3.org, Jonathan Mayer <jmayer@stanford.edu>
To: Rigo Wenning <rigo@w3.org>
Rigo,

Can you please give us some examples of what the toned compliance requirements for all would be? I too worry that with a first party third party distinction there is a real danger that everyone will be a first party very quickly.

However, cutting back on the compliance  requirements, it seems to me, runs the very real risk of making DNT essentially meaningless.

Thanks,
John

On Nov 1, 2011, at 3:10 PM, Rigo Wenning wrote:

> Add one minority opinion that says that the distinction between first and 
> third parties is too complex. This mixes technical and legal consideration 
> into an indigestible brewing. It will make implementation on the service side 
> too complex. It will create risk and ambiguity. 
> 
> I would rather tone down the compliance requirements for all and not 
> distinguish between first and third parties to avoid the difficult 
> distinctions. (I can generate a number of challenging distinctions on demand)
> 
> I also believe that this will create a race into being a first party and that 
> every ambiguity will be used to become a first party. At the end of the day, 
> everybody will be a first party by contract or other virtue.
> 
> Best,
> 
> Rigo
> 
> On Friday 28 October 2011 22:11:24 Jonathan Mayer wrote:
>> (ACTION-25)
>> 
>> As I understand it, there are four camps on how to distinguish between first
>> parties and third parties.
>> 
>> 1) Domain names (e.g. public suffix + 1).
>> 
>> 2) Legal business relationships (e.g. corporate ownership + affiliates).
>> 
>> 3) Branding.
>> 
>> 4) User expectations.
>> 
>> Here are some examples that show the boundaries of these definitions.
>> 
>> Example: The user visits Example Website at example.com.  Example Website
>> embeds content from examplestatic.com, a domain controlled by Example
>> Website and used to host static content.
>> 
>> Discussion: Content from the examplestatic.com domain is first-party under
>> every test save the first.
>> 
>> Example: Example Website (example.com) strikes a deal with Example Affiliate
>> (affiliate.com), an otherwise unrelated company, to share user data.  The
>> user visits Example Website, and it embeds content from Example Affiliate.
>> 
>> Discussion: Content from Example Affiliate is third-party under every test
>> save the second.
>> 
>> Example: Example Website embeds a widget from Example Social Aggregator. 
>> The widget includes a prominent logo for Example Social Aggregator, though
>> a user is unlikely to recognize it.
>> 
>> Discussion: Content from Example Social Aggregator is third-party under
>> every test save the third.

----------
John M. Simpson
Consumer Advocate
Consumer Watchdog
1750 Ocean Park Blvd. ,Suite 200
Santa Monica, CA,90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org
Received on Tuesday, 1 November 2011 22:40:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC