Re: "cross-site" from David Wainberg on 2011-11-17 (public-tracking@w3.org from November 2011)

From: David Wainberg <dwainberg@appnexus.com>
Date: Thu, 17 Nov 2011 11:46:01 -0500
To: John Simpson <john@consumerwatchdog.org>
CC: Mark Nottingham <mnot@mnot.net>, Karl Dubost <karld@opera.com>, "public-tracking@w3.org WG (public-tracking@w3.org)" <public-tracking@w3.org>, "Roy T. Fielding" <fielding@gbiv.com>
Message-ID: <4EC53A49.4000304@appnexus.com>

Isn't the "cross-site" or "across-site" definition all we need? If a 1st 
party has cross-site data, wasn't it, by definition, collected as a 3rd 
party in some contexts? So what would be 1st party cross-site data? Is 
there such a thing? If all the data is collected in the 1st party 
context, haven't we all but agreed that it won't be within our 
definition of cross-site tracking? Or are some people saying that a 
party that has a 1st party relationship with a user has an unqualified 
ability to collect data on completely unrelated sites, even with DNT:1?

On 11/15/11 5:59 PM, John Simpson wrote:
> Perhaps I am missing something, but I don't understand why we need the 
> reference to "cross-site" nor to "across sites."  As a user I want to 
> send a clear and unambiguous signal that I do not wish to be tracked. 
>  I may be persuaded that first party sites and third party sites have 
> different obligations when my message is received, but I definitely 
> want both first and third party sites to get my message. Thus, I 
> believe the specification should simply read:
>
> "This specification defines the technical mechanisms for expressing a 
> tracking preference via the DNT request header field in HTTP."
>
> 73s,
> John
>
>
>
> On Nov 15, 2011, at 11:21 AM, Mark Nottingham wrote:
>
>>
>> On 14/11/2011, at 6:26 PM, Karl Dubost wrote:
>>
>>> Old:
>>>   This specification defines the technical mechanisms
>>>   for expressing a cross-site tracking preference via
>>>   the DNT request header field in HTTP…
>>>
>>> New:
>>>   This specification defines the technical mechanisms
>>>   for expressing a tracking preference across sites
>>>   via the DNT request header field in HTTP
>>
>> The subject of the constraint here is still *sites*, not transfer of 
>> data between parties.
>>
>> Perhaps something like:
>>
>> This specification defines the technical mechanisms for
>> expressing a preference regarding transfer of tracking data
>> between parties via the DNT request header field in HTTP
>>
>> Cheers,
>>
>> --
>> Mark Nottingham
>> http://www.mnot.net/
>>
>>
>>
>>
>>
>
> ----------
> John M. Simpson
> Consumer Advocate
> Consumer Watchdog
> 1750 Ocean Park Blvd. ,Suite 200
> Santa Monica, CA,90405
> Tel: 310-392-7041
> Cell: 310-292-1902
> www.ConsumerWatchdog.org <http://www.ConsumerWatchdog.org>
> john@consumerwatchdog.org <mailto:john@consumerwatchdog.org>
>

Received on Thursday, 17 November 2011 16:46:29 UTC