- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Fri, 11 Nov 2011 23:12:13 +0100
- To: Tom Lowenthal <tom@mozilla.com>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>
* Tom Lowenthal wrote: >An entity becomes a first party when a user takes an affirmative action >to communicate or interact with that clearly identifiable entity. Unless >the user has taken such affirmative action, an entity is a third party. >The following examples indicate interactions which do and do not meet >this criteria. If the first/third party distinction is supposed to be a vehicle to ex- plain what the user means when they say they do not wish their online activity to be tracked across web sites, then this seems to be missing the point a bit. I am not sure how the distinction is useful if it does not affect what kind of data collection and retention is okay. >7. The user visits a site. There is a weather widget with no obvious >branding. The user thinks that the widget is operated by and part of the >site that they are visiting, because of the lack of obvious branding. >The user clicks on the widget to scroll forward and see tomorrow's >weather. The widget is at all times a third party. >8. The user visits a site with a clearly-branded Accuweather.com weather >widget. The user recognizes the branding, and clicks on the widget to >get more weather information. Accuweather.com is a first party to that >interaction. This for instance amounts to saying the user is okay with having their online activity tracked across web sites if you make the logo very big. If you have a weather widget that's used on every other web site, and on load it renders the current weather, and you have to click to show a forecast, and a user does that on many sites while also sending the do not track signal, and the weather widget provider builds a profile about which web sites the user visits, it's clearly tracking the user contrary to the user's wishes, however much branding there might be. If clicking the forecast link would navigate the top level window to the weather widget provider's site, then it might be plausible to argue building such a profile from actual visits to the weather site is not the kind of tracking the user is objecting to; but if the user always stays on the embedding site, then asking for a forecast every once in a while does not indicate they don't mean it when they say "do not track". >10. A user sees a tweet which says "Check out this awesome NYT article >bit.ly/1234". The user clicks the link, expecting to be redirected by >bitly to the New York Times. Twitter, bitly and the New York Times are >all first parties to this interaction. If you tell bit.ly you do not want to be tracked, and they install a userid cookie on your computer and record all the bit.ly links you click, where you clicked them and where they took you, then they are not tracking you across sites because they are a first party? That does not make sense to me. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Friday, 11 November 2011 22:12:50 UTC