W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

RE: Considering browser vendor as a third party

From: Chris Pedigo <CPedigo@online-publishers.org>
Date: Thu, 7 Jun 2012 20:44:58 +0000
To: Tom Lowenthal <tom@mozilla.com>, "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>
CC: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <CEED5B1AC4405240B53E0330753999D301BAAE72@mbx023-e1-nj-8.exch023.domain.local>
So, not to pick on MS, but suppose a consumer is using IE 10 with DNT ON.  Would MS be a first party wherever the user went on the web?  And, therefore, able to track that user as a first party and even share the behavioral data with MS Advertising?


-----Original Message-----
From: Tom Lowenthal [mailto:tom@mozilla.com] 
Sent: Thursday, June 07, 2012 4:40 PM
To: TOUBIANA, VINCENT (VINCENT)
Cc: public-tracking@w3.org
Subject: Re: Considering browser vendor as a third party

I don't think that it makes sense to think of the UA as a third party.
Perhaps we should ponder an online service to which the browser sends info like this?

In any event, the browser knows the user's tracking preference, and can tailor whether and what to report based on user choice.

On 06/06/2012 04:01 PM, TOUBIANA, VINCENT (VINCENT) wrote:
> In the discussions about first and third parties I do not recall that we considered the browser vendor as a potential tracking entity. But in some cases the browser vendor -- or a service enabled by default in the browser -- could track partially the user to enforce security and/or improve a product.
> 
> For instance, starting Chrome 15 Google could collect URLs of potentially risky sites to improve the quality of Safe Browsing and other Google services (see the relevant section from the privacy policy below).
> I believe that Google is not using these logs to track users but just to improve Safe Browsing. Also it seems that they delete everything but the URL after two weeks.
> 
> Yet, just reading the privacy policy one could understand that Safe Browsing logs could be used to track users.  More generally, I don't think we raised the issue of browser phoning home to send data that could be used for product improvement. In this scenario, I think the browser vendor should be treated as a third party.
> 
> Vincent
>  
> 
> Extract of Safe Browsing privacy policies (http://www.google.com/intl/en_us/privacy/browsing.html): 
> "In addition, Google Chrome versions 15 and later include Safe Browsing technology that can identify potentially risky sites and executable file downloads not already known by Google. In conjunction with this technology, information regarding a potentially risky site or executable file download, including the full URL of the site or executable file download, may be sent to Google to aid in determining whether the site or download is malicious. Google does not collect any account information or other personally identifying information as part of this contact, but does receive standard log information, including an IP address and one or more cookies."
> 
Received on Thursday, 7 June 2012 20:45:29 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC