Issue 4: Should TSLs apply to *every* URI referenced by the topmost document

"Issue 4: Should TSLs also apply to 1st-party URIs? If so, there should probably be an option that does this - I think that by default, most of the rules you'd want to write are 3rd-party specific. There are valid use cases for 1st-party rules, such as CNAME'd DNS entries."

This is one of the more "substantive" issues that we have in the specification.

The spec, as written currently, limits the application of TSLs to "third-party" URIs (see Issue 2).

It's possible for a website to "alias" a 1st-party DNS name to a 3rd-party server, e.g.:

On http://www.example.com/index.html, there is an <img src="http://analitico.example.com/1x1.gif">, where "analitico.example.com" maps to a 3rd-party server. 

If this group is interested in this issue, my recommendation would be to spec out a new rule type for this. On the Web, today, not many sites do this. The vast majority of tracking services operate with their own domain name.

It's possible in the future that this might change, but for now, I think the default rules should apply to "third-party" URLs only, and there are a couple of options:

1) Create a new TSL rule type that also applies to "first-party" URIs.
2) Close this issue and retain the "third-party-URI-only" limitiation.

Very interested in feedback on this issue.

Many thanks,

Andy 

Received on Friday, 6 April 2012 23:44:48 UTC