Re: First-Party sets and the potential application of the JournalList trust.txt specification

Martin,

Thanks, yes, very aware of RFC 8615 and intend to register trust.txt soon.

Regards,

Ralph
--
Ralph W. Brown
Founder
Brown Wolf Consulting LLC
1355 S Foothills Hwy
Boulder, CO 80305
m: +1-303-517-6711
e: ralph@brownwolfconsulting.com
w: www.brownwolfconsulting.com



> On Jan 10, 2022, at 3:00 PM, Martin Thomson <mt@mozilla.com> wrote:
> 
> Hi Ralph, Scott,
> 
> I'm not going to comment on the substance of the proposal, which seems to have different goals to first party sets.
> 
> One thing about the trust.txt proposal immediately jumped out though.
> 
> Were you aware of RFC 8615 (formerly RFC 5785), which talks about the use of fixed URIs, thus:
>    When this happens, one solution is to designate a "well-known
>    location" for data or services related to the origin overall, so that
>    it can be easily located.  However, this approach has the drawback of
>    risking collisions, both with other such designated "well-known
>    locations" and with resources that the origin has created (or wishes
>    to create).  Furthermore, defining well-known locations usurps the
>    origin's control over its own URI space [RFC7320 <https://datatracker.ietf.org/doc/html/rfc7320>].
> I would also recommend reading RFC 7320.
> 
> Regards,
> Martin
> 
> On Tue, Jan 11, 2022 at 5:55 AM Ralph Brown <ralph@brownwolfconsulting.com <mailto:ralph@brownwolfconsulting.com>> wrote:
> Fellow Privacy Community Group members,
> 
> Scott Yates (Executive Director, JournalList.net <http://journallist.net/>) and I shared this proposal with Kaustubha Govind last month and he recommended that we share it with the group.
> 
> The work on First-Party Sets recently came to our attention which caused us to join the Privacy Community Group. We think it might be interesting to have a conversation about what we do at JournalList.net <http://journallist.net/>, which is publish the trust.txt specification document (attached). 
> 
> In short, it's a simple yet powerful way to expose relationship among websites (spec here <https://journallist.net/reference-document-for-trust-txt-specifications>), including the relationships of  “control” and “controlledby”.
> 
> The original concept was to make the relationship among news organizations (publishers) and press associations explicitly readable by web browsers, web crawlers, programmatic ad buyers, researchers, etc. It is beginning to gain adoption among a number of press organizations, including the Associated Press and Digital Content Next.
> 
> These symmetric relationships “control/controlledby”, (and others) are beneficial as they can expose entities that attempt to overstate their “control” or “membership” status. If the reciprocal relationship is not expressed, one has to question the assertion of this relationship. For example, if an entity attempts to overstate their “control” by including websites over which they do not have control, a missing “controlledby” relationship would expose this.
> 
> In other words, if ap.org/trust.txt <http://ap.org/trust.txt> expressed that it controls https://apnews.com/trust.txt <https://apnews.com/trust.txt>, that would be a quick and seamless way for a browser to ingest a first-party relationship. If scammysite.xyz <http://scammysite.xyz/> expressed that it had a first-party relationship with ap.org <http://ap.org/>, that would be easily disproved by looking at ap.org/trust.txt <http://ap.org/trust.txt>.
> 
> By allowing entities to self publish their trust.txt file it avoids the centralized submission/validation process, while other mechanisms can be used post-hoc to validate/police the self published trust.txt files.
> 
> We welcome a discussion among the group on this proposal.
> 
> Regards,
> 
> Scott Yates & Ralph Brown
> --
> Ralph W. Brown
> Founder
> Brown Wolf Consulting LLC
> 1355 S Foothills Hwy
> Boulder, CO 80305
> m: +1-303-517-6711
> e: ralph@brownwolfconsulting.com <mailto:ralph@brownwolfconsulting.com>
> w: www.brownwolfconsulting.com <http://www.brownwolfconsulting.com/>
> 
> <Brown Wolf Consulting Logo Trandemark Wide.jpg>
>