- From: Martin Thomson <mt@mozilla.com>
- Date: Tue, 11 Jan 2022 09:00:11 +1100
- To: Ralph Brown <ralph@brownwolfconsulting.com>
- Cc: public-privacycg@w3.org, Scott Yates <scott@journallist.net>
- Message-ID: <CAPLxc=UL=gL2mCwNTWyVtN8fKUeO8VYkHVgvgkZ_jo+=CAFoXQ@mail.gmail.com>
Hi Ralph, Scott, I'm not going to comment on the substance of the proposal, which seems to have different goals to first party sets. One thing about the trust.txt proposal immediately jumped out though. Were you aware of RFC 8615 (formerly RFC 5785), which talks about the use of fixed URIs, thus: When this happens, one solution is to designate a "well-known location" for data or services related to the origin overall, so that it can be easily located. However, this approach has the drawback of risking collisions, both with other such designated "well-known locations" and with resources that the origin has created (or wishes to create). Furthermore, defining well-known locations usurps the origin's control over its own URI space [RFC7320 <https://datatracker.ietf.org/doc/html/rfc7320>]. I would also recommend reading RFC 7320. Regards, Martin On Tue, Jan 11, 2022 at 5:55 AM Ralph Brown <ralph@brownwolfconsulting.com> wrote: > Fellow Privacy Community Group members, > > Scott Yates (Executive Director, JournalList.net) and I shared this > proposal with Kaustubha Govind last month and he recommended that we share > it with the group. > > The work on First-Party Sets recently came to our attention which caused > us to join the Privacy Community Group. We think it might be interesting to > have a conversation about what we do at JournalList.net, which is publish > the trust.txt specification document (attached). > > In short, it's a simple yet powerful way to expose relationship among > websites (spec here > <https://journallist.net/reference-document-for-trust-txt-specifications>), > including the relationships of “control” and “controlledby”. > > The original concept was to make the relationship among news organizations > (publishers) and press associations explicitly readable by web browsers, > web crawlers, programmatic ad buyers, researchers, etc. It is beginning to > gain adoption among a number of press organizations, including > the Associated Press and Digital Content Next. > > These symmetric relationships “control/controlledby”, (and others) are > beneficial as they can expose entities that attempt to overstate their > “control” or “membership” status. If the reciprocal relationship is not > expressed, one has to question the assertion of this relationship. For > example, if an entity attempts to overstate their “control” by including > websites over which they do not have control, a missing “controlledby” > relationship would expose this. > > In other words, if ap.org/trust.txt expressed that it controls > https://apnews.com/trust.txt, that would be a quick and seamless way for > a browser to ingest a first-party relationship. If scammysite.xyz expressed > that it had a first-party relationship with ap.org, that would be easily > disproved by looking at ap.org/trust.txt. > > By allowing entities to self publish their trust.txt file it avoids the > centralized submission/validation process, while other mechanisms can be > used post-hoc to validate/police the self published trust.txt files. > > We welcome a discussion among the group on this proposal. > > Regards, > > Scott Yates & Ralph Brown > -- > Ralph W. Brown > Founder > Brown Wolf Consulting LLC > 1355 S Foothills Hwy > Boulder, CO 80305 > m: +1-303-517-6711 > e: ralph@brownwolfconsulting.com > w: www.brownwolfconsulting.com > > >
Attachments
- image/jpeg attachment: Brown_Wolf_Consulting_Logo_Trandemark_Wide.jpg
Received on Monday, 10 January 2022 22:01:36 UTC