W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

RE: Considering browser vendor as a third party

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Sun, 10 Jun 2012 13:13:44 -0700
To: Justin Brookman <jbrookman@cdt.org>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D1859098E@SP2-EX07VS02.ds.corp.yahoo.com>
Good points Justin and Vincent - but when I said "first-party" I should have gone further to explain why I stated that position - I believe these are "out-of-band consent" scenarios (downloaded software vs. online surfing experience).  If a UA were to activate traffic funneling to their servers without notice/user interaction, then I would argue they do NOT have user consent for those activities.  Most data funneling activities I've witnessed though (toolbar research panels, phishing scanning, default search engine, etc.) all required an active user step in the installation or first-use flows.  Perhaps capturing that perspective (user consent) would suffice (similar to ISSUE-143).

- Shane

From: Justin Brookman [mailto:jbrookman@cdt.org]
Sent: Sunday, June 10, 2012 8:33 AM
To: public-tracking@w3.org
Subject: Re: Considering browser vendor as a third party

We should also consider what to do about cloud-based browsers --- browsers that route web requests through the browser company's own servers in order to render pages more quickly and efficiently (Amazon Fire, RIM, Opera I think all do this).  In this sense, the browser's servers are more like ISPs --- they functionally have to receive the information to operate, but they're also not the end party with which the user is trying to communicate, and a user with DNT on (or otherwise!) might not want and expect the company to building profiles and/or retaining information about their browsing habits.  In these examples, I would consider the browser company's servers to be third-party servers, but they may collect, use, and retain the information per the permitted uses (which do not squarely address this scenario) or the two-week grace period.  Not sure we need to expand the permitted uses, since any retention beyond two weeks should really fall into one of the existing buckets.
________________________________
From: Vincent Toubiana [mailto:v.toubiana@free.fr]
To: Shane Wiley [mailto:wileys@yahoo-inc.com]
Cc: Rigo Wenning [mailto:rigo@w3.org], public-tracking@w3.org [mailto:public-tracking@w3.org], David Singer [mailto:singer@apple.com], Tom Lowenthal [mailto:tom@mozilla.com], TOUBIANA, VINCENT (VINCENT) [mailto:Vincent.Toubiana@alcatel-lucent.com]
Sent: Sun, 10 Jun 2012 09:52:40 -0400
Subject: Re: Considering browser vendor as a third party

Shane,

I believe Justin explanation on this point makes sens, we're not
interacting *with* the browser, we're interacting with a 1st party
website *through* the browser. Hence this question might not be out of
scope.

Vincent
> I agree the question is a valid one. But as the group has already discussed "meaningful interaction" as a condition to move a widget from a 3rd party context to a 1st party context, why wouldn't that apply in this case? If you agree, then web browsers would be considered 1st parties and are largely out of scope for the TPWG specification.
>
> - Shane
>
> -----Original Message-----
> From: Rigo Wenning [mailto:rigo@w3.org<mailto:rigo@w3.org>]
> Sent: Friday, June 08, 2012 12:52 PM
> To: public-tracking@w3.org<mailto:public-tracking@w3.org>
> Cc: David Singer; Tom Lowenthal; TOUBIANA, VINCENT (VINCENT)
> Subject: Re: Considering browser vendor as a third party
>
> On Thursday 07 June 2012 14:44:37 David Singer wrote:
>> I don't think that's the question. What is the status of the
>> browser *vendor*'s online site?
> Vincent raised an important question: What happens if the browser
> phones home. I hear all saying this is out of scope and will be
> determined by the applicable jurisdiction. Fine. But it was very
> important to raise that question IMHO.
>
> Rigo
>
>
Received on Sunday, 10 June 2012 20:14:42 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC