W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: Third parties should not pretend to be first parties

From: David Singer <singer@apple.com>
Date: Thu, 01 Mar 2012 10:30:30 -0800
Cc: Shane Wiley <wileys@yahoo-inc.com>, "Roy T. Fielding" <fielding@gbiv.com>, Jonathan Mayer <jmayer@stanford.edu>, Tom Lowenthal <tom@mozilla.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-id: <4C073298-04D1-4F06-99EF-1B74108AC4E6@apple.com>
To: Kevin Smith <kevsmith@adobe.com>

On Mar 1, 2012, at 10:23 , Kevin Smith wrote:

> David, 
> 
> How are they different?  They seem very similar to me.
> 
> 
>> It does seem that 'outsourcing some services' (e.g. analytics) and 'outsourcing the hosting' (service provider) are rather different, though they have some similarities.
>> 
> 


If I visit a site that's hosted by another party, the user thinks they are visiting 'a' when the actual server is owned by 'b'.  As long as we're careful with the definitions, we should be able to maintain 'a' as the 'first party', in this case.

When using an outsource service (e.g. analytics) there really are two (or more) distinct organizations involved in the actual network transactions, visibly (e.g. by different IP address), whereas when everything is hosted, there may well be only one.  So in the first case there is some 'clue' to the UA, whereas in the second there may be very little (beyond recognizing an IP address as being that of a hosting service, for example).

Again, with careful definition, these might not matter.

Finally, they may be different enough in people's minds to make it worth spelling them out in the document as two examples, even if the rules are written to be uniform across them.  We don't want lots of questions asking "where do hosting services fall into this?".

All possibly minor, I agree.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 1 March 2012 18:30:57 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC