First-Party sets and the potential application of the JournalList trust.txt specification from Ralph Brown on 2022-01-10 (public-privacycg@w3.org from January 2022)

From: Ralph Brown <ralph@brownwolfconsulting.com>
Date: Mon, 10 Jan 2022 11:53:43 -0700
To: public-privacycg@w3.org
Cc: Scott Yates <scott@journallist.net>
Message-Id: <03D186AE-1743-426E-9E07-54359A687C71@brownwolfconsulting.com>

Fellow Privacy Community Group members,

Scott Yates (Executive Director, JournalList.net <http://journallist.net/>) and I shared this proposal with Kaustubha Govind last month and he recommended that we share it with the group.

The work on First-Party Sets recently came to our attention which caused us to join the Privacy Community Group. We think it might be interesting to have a conversation about what we do at JournalList.net, which is publish the trust.txt specification document (attached).

In short, it's a simple yet powerful way to expose relationship among websites (spec here <https://journallist.net/reference-document-for-trust-txt-specifications>), including the relationships of “control” and “controlledby”.

The original concept was to make the relationship among news organizations (publishers) and press associations explicitly readable by web browsers, web crawlers, programmatic ad buyers, researchers, etc. It is beginning to gain adoption among a number of press organizations, including the Associated Press and Digital Content Next.

These symmetric relationships “control/controlledby”, (and others) are beneficial as they can expose entities that attempt to overstate their “control” or “membership” status. If the reciprocal relationship is not expressed, one has to question the assertion of this relationship. For example, if an entity attempts to overstate their “control” by including websites over which they do not have control, a missing “controlledby” relationship would expose this.

In other words, if ap.org/trust.txt <http://ap.org/trust.txt> expressed that it controls https://apnews.com/trust.txt <https://apnews.com/trust.txt>, that would be a quick and seamless way for a browser to ingest a first-party relationship. If scammysite.xyz expressed that it had a first-party relationship with ap.org, that would be easily disproved by looking at ap.org/trust.txt.

By allowing entities to self publish their trust.txt file it avoids the centralized submission/validation process, while other mechanisms can be used post-hoc to validate/police the self published trust.txt files.

We welcome a discussion among the group on this proposal.

Regards,

Scott Yates & Ralph Brown
--
Ralph W. Brown
Founder
Brown Wolf Consulting LLC
1355 S Foothills Hwy
Boulder, CO 80305
m: +1-303-517-6711
e: ralph@brownwolfconsulting.com
w: www.brownwolfconsulting.com

Attachments

text/html attachment: stored
image/jpeg attachment: Brown_Wolf_Consulting_Logo_Trandemark_Wide.jpg

Received on Monday, 10 January 2022 18:54:21 UTC