W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: Summary of First Party vs. Third Party Tests

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 04 Nov 2011 01:37:05 +0100
To: Rigo Wenning <rigo@w3.org>
Cc: public-tracking@w3.org
Message-ID: <gl76b79hoi0tcihrc5epamta0mddie44ls@hive.bjoern.hoehrmann.de>
* Rigo Wenning wrote:
>Add one minority opinion that says that the distinction between first and 
>third parties is too complex. This mixes technical and legal consideration 
>into an indigestible brewing. It will make implementation on the service side 
>too complex. It will create risk and ambiguity. 
>
>I would rather tone down the compliance requirements for all and not 
>distinguish between first and third parties to avoid the difficult 
>distinctions. (I can generate a number of challenging distinctions on demand)
>
>I also believe that this will create a race into being a first party and that 
>every ambiguity will be used to become a first party. At the end of the day, 
>everybody will be a first party by contract or other virtue.

My impression is that the Working Group has heard most of the important
arguments on whether to, and to what extent, make a distinction between
first and third parties, but the Working Group has yet to formulate the
problem it actually wants to solve, so we can't evaluate arguments here
with respect to whether one thing or the other brings us closer to the
goal that was agreed upon.

Amy Colando for instance argues that without the distinction there may
be a loss of functionality for DNT users which in turn may discourage
usage and deployment. But the group so far has not said that a goal is
to maximize usage and deployment. The group could define that "DNT: 1"
means the logic that decides which content to deliver to a user doesn't
make use of information on which web sites the user has visited. That,
I'd think, would be popular with most, but then the mechanism would not
necessarily affect tracking. So if that was the definition, all content
deliverers comply, and all users who have this preference turn DNT on,
then usage and deployment would be maximized, but the group would have
failed to deliver anything to meaningfully express tracking preferences.

Rigo Wenning's last argument, as another example, basically formulates
the goal that the mechanism must resist saboteurs. As I understand it,
his argument is that if the group was to say, dnt first/third party is
the same as cookie first/party, everybody would adapt their dns confi-
guration to monitor people's online behavior over their objections. It
seems to me that saboteur-resistance, if needed, cannot be provided by
this Working Group. It doesn't really matter if they abuse the third/
first party distinction or some exemption or some other ambiguity. So
I don't find that a good argument either. In effect it is saying the
distinction would negatively impact "in spirit" deployment, but as be-
fore, the Working Group has not decided how important deployment is.

The Working Group may very well find that the goal is to support a few
good actors who want to use data for some good purpose but do not want
to use data from users who object to that, in which case wide deploy-
ment isn't very important, but detailed technical discussion of, say,
data minimization techniques would be very important.

I think it would be premature to decide on this question before there
is an adequate formulation of the problem the group seeks to address,
one where we could argue about whether some measure or other brings us
closer to that goal or not, without everyone having their own goalpost.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Friday, 4 November 2011 01:04:21 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC