Re: Considering browser vendor as a third party from Tom Lowenthal on 2012-06-07 (public-tracking@w3.org from June 2012)

From: Tom Lowenthal <tom@mozilla.com>
Date: Thu, 07 Jun 2012 13:39:52 -0700
To: "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>
CC: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <4FD11198.7090900@mozilla.com>

I don't think that it makes sense to think of the UA as a third party.
Perhaps we should ponder an online service to which the browser sends
info like this?

In any event, the browser knows the user's tracking preference, and can
tailor whether and what to report based on user choice.

On 06/06/2012 04:01 PM, TOUBIANA, VINCENT (VINCENT) wrote:
> In the discussions about first and third parties I do not recall that we considered the browser vendor as a potential tracking entity. But in some cases the browser vendor -- or a service enabled by default in the browser -- could track partially the user to enforce security and/or improve a product.
> 
> For instance, starting Chrome 15 Google could collect URLs of potentially risky sites to improve the quality of Safe Browsing and other Google services (see the relevant section from the privacy policy below).
> I believe that Google is not using these logs to track users but just to improve Safe Browsing. Also it seems that they delete everything but the URL after two weeks.
> 
> Yet, just reading the privacy policy one could understand that Safe Browsing logs could be used to track users.  More generally, I don't think we raised the issue of browser phoning home to send data that could be used for product improvement. In this scenario, I think the browser vendor should be treated as a third party.
> 
> Vincent
>  
> 
> Extract of Safe Browsing privacy policies (http://www.google.com/intl/en_us/privacy/browsing.html): 
> "In addition, Google Chrome versions 15 and later include Safe Browsing technology that can identify potentially risky sites and executable file downloads not already known by Google. In conjunction with this technology, information regarding a potentially risky site or executable file download, including the full URL of the site or executable file download, may be sent to Google to aid in determining whether the site or download is malicious. Google does not collect any account information or other personally identifying information as part of this contact, but does receive standard log information, including an IP address and one or more cookies."
>

Received on Thursday, 7 June 2012 20:40:40 UTC