W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Considering browser vendor as a third party

From: David Singer <singer@apple.com>
Date: Thu, 07 Jun 2012 14:44:37 -0700
Cc: "TOUBIANA, VINCENT (VINCENT)" <Vincent.Toubiana@alcatel-lucent.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-id: <7EB84A54-3615-4387-A689-71586108C6D8@apple.com>
To: Tom Lowenthal <tom@mozilla.com>

On Jun 7, 2012, at 13:39 , Tom Lowenthal wrote:

> I don't think that it makes sense to think of the UA as a third party.

I don't think that's the question.  What is the status of the browser *vendor*'s online site?

I'm not sure it's in scope, honestly, because the user never even visits it.  There are already pretty tight established practices on what data software may collect and send back to its creator.  This is pretty much independent of what the software does, as well.

I am tempted to say that DNT doesn't apply here, but that it is covered by the usual privacy, data collection about customers, and so on, laws/practices/regulations/etc.

> Perhaps we should ponder an online service to which the browser sends
> info like this?
> In any event, the browser knows the user's tracking preference, and can
> tailor whether and what to report based on user choice.
> On 06/06/2012 04:01 PM, TOUBIANA, VINCENT (VINCENT) wrote:
>> In the discussions about first and third parties I do not recall that we considered the browser vendor as a potential tracking entity. But in some cases the browser vendor -- or a service enabled by default in the browser -- could track partially the user to enforce security and/or improve a product.
>> For instance, starting Chrome 15 Google could collect URLs of potentially risky sites to improve the quality of Safe Browsing and other Google services (see the relevant section from the privacy policy below).
>> I believe that Google is not using these logs to track users but just to improve Safe Browsing. Also it seems that they delete everything but the URL after two weeks.
>> Yet, just reading the privacy policy one could understand that Safe Browsing logs could be used to track users.  More generally, I don't think we raised the issue of browser phoning home to send data that could be used for product improvement. In this scenario, I think the browser vendor should be treated as a third party.
>> Vincent
>> Extract of Safe Browsing privacy policies (http://www.google.com/intl/en_us/privacy/browsing.html): 
>> "In addition, Google Chrome versions 15 and later include Safe Browsing technology that can identify potentially risky sites and executable file downloads not already known by Google. In conjunction with this technology, information regarding a potentially risky site or executable file download, including the full URL of the site or executable file download, may be sent to Google to aid in determining whether the site or download is malicious. Google does not collect any account information or other personally identifying information as part of this contact, but does receive standard log information, including an IP address and one or more cookies."

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 7 June 2012 21:45:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:50 UTC