W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: Third parties should not pretend to be first parties

From: Roy T. Fielding <fielding@gbiv.com>
Date: Wed, 29 Feb 2012 15:51:14 -0800
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Message-Id: <A1A64FE3-7186-4078-A8EE-91B398C10597@gbiv.com>
To: Tom Lowenthal <tom@mozilla.com>
Did you mean to exclude outsourced service providers from this?

This requirement is incompatible with many (if not most) service
contracts that forbid the service provider from advertising the
fact that it is operating the service.  For example, we would not
require such a thing when websites are hosted at AWS, and I am
pretty sure SiteCatalyst and BusinessCatalyst would never accept
such a limitation.

....Roy

On Feb 29, 2012, at 2:48 PM, Tom Lowenthal wrote:

> ACTION-116
> ISSUE-123
> 
> Proposal: add an additional requirement to the TC document in section
> 4.3. This replaces a similar provision which Matthias encouraged me to
> remove from the header spec since it makes more sense in TC than TPE.
> 
>> A third party MUST NOT falsely represent themselves as a first party,
>> whether using the methods of expression described in
>> [[!TRACKING-PREFERENCE-EXPRESSION]] or otherwise.
> 
> The HTML for 4.3 (up to but not including 4.3.1) with this addition is:
> 
> ~~~~~
> 
> <h3>Compliance by a third party</h3>
> 			
> <p class="note">This section consists of proposed text that is meant to
> address <a
> href="http://www.w3.org/2011/tracking-protection/track/issues/19">ISSUE-19</a>
> and <a
> href="http://www.w3.org/2011/tracking-protection/track/issues/39">ISSUE-39</a>
> and is pending discussion and <strong>[PENDING REVIEW]</strong>.</p>
> 
> <p>If the operator of a third-party domain receives a communication to
> which a [DNT-ON] header is attached:</p>
> <ol>
> <li>that operator MUST NOT collect, share, or use information related to
> that
> communication outside of the Exceptions as defined
> within this standard and any explicitly-granted Exemptions, provided in
> accordance with the requirements of this standard;</li>
> <li> that operator MUST NOT use information about previous communications
> in which the operator was a third party, outside of the explicitly
> expressed Exceptions as defined within this standard;</li>
> <li> that operator [MUST NOT or SHOULD NOT] retain information about
> previous communications in which the operator was a third party, outside
> of the explicitly expressed Exceptions as defined within this standard.</li>
> </ol>
> 
> <p>> A third party MUST NOT falsely represent themselves as a first
> party, whether using the methods of expression described in
> [[!TRACKING-PREFERENCE-EXPRESSION]] or otherwise.</p>
> 
> ~~~~~
> 
> 
Received on Wednesday, 29 February 2012 23:51:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:25 UTC