W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

Re: [ACTION-20] First parties signaling exceptions to third parties

From: Peter Eckersley <peter.eckersley@gmail.com>
Date: Mon, 28 Nov 2011 13:38:47 -0800
Message-ID: <CAOYJvnJqbyjUTuJfJE+1FyREiWHczTRfratwyDqwhDjVj8JyHA@mail.gmail.com>
To: Kevin Smith <kevsmith@adobe.com>
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Picking up this thread again...

On 15 November 2011 13:16, Kevin Smith <kevsmith@adobe.com> wrote:

> Peter,
>
> Sorry.  I missed the URI parameter somehow and read it as an additional
> header.  A URI parameter could work, although I actually think this could
> be quite complicated since many requests go through multiple services and
> multiple redirects and the request to the final service likely does not
> even resemble the original request.  The parameter would have to be passed
> on.


This makes sense to me, and I would be happy to amend the proposed language
to say that passing on the parameter is permitted.


> Cookies would actually have similar challenges, but at least then the
> communication only needs to happen once - not on every request.  Of course,
> that does expose the solution to the usual cookie disadvantages, but if the
> 1st party is storing the exception in a cookie (which is a very likely
> scenario) then those disadvantages already exist.
>

My guess is it will be more common for 1st parties to store the exception
in association with accounts rather than specific cookies, though clearly
the cookie-only case is possible.


> Practically speaking, I do not think we should attempt to enforce a
> particular methodology, but should allow the participants to choose the
> method that works best for them (could even be out-of-band visitor id
> syncing).  Of course, we can still suggest different methods such as these
> in the docs.
>

>From a web developer's point of view, using MUST in a proposal like this
has the benefit of standardization: it means that 1st and 3rd party
opt-back-in code is more likely to be compatible even when the relationship
between the 1st and 3rd party is very casual (eg, the 1st party just turned
on a plugin in their CMS, pasted some JS into a page, etc).

Of course there are different benefits in terms of transparency for users
who want to be able to see what domains regard them as having opted-back-in
to tracking.

-- 
Peter
Received on Monday, 28 November 2011 21:39:15 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:22 UTC