Re: Issue-17, Issue-51 First party obligations

Le 30 nov. 2011 à 10:47, Shane Wiley a écrit :
> I agree this is a more complex use case when we look at OpenAuth and OpenID scenarios but generally I believe a user logged into their Yahoo! account and engaging with a Yahoo! service (News) understands that Yahoo! is collecting data.  Do you disagree?


A company starts with a small service very precise.
Users have different accounts on different sites. 
Then this company starts to buy all these small services.
The once my eggs in different baskets segmenting my life 
(for a good purpose) gets suddenly in a one big bag. I 
have then two choices. 

* Closing my account (with the hope that the data will be erase)
* Accepting to give up the separation of buckets.

I think we can do better for users. It is important.

1. Flickr started as a canadian company in Vancouver (in fact Ludicorp)
2. Flickr has been bought by Yahoo! keeping separate the login systems
3. Then one day, Yahoo! decided to impose the same login on Flickr users.

I can perfectly imagine that a company is offering different 
types of Web services without necessary tracking users across 
all its properties. In the case of Yahoo!, Microsoft, and 
Google, who have giant maze of Web services, the 1st party/3rd 
parties distinction doesn't make sense anymore, because all 
services have been integrated in one giant thing.

:) I do not see then how DNT: 1 is any useful for the users.


> How would you suggest this works when logged into Facebook?  Twitter?  Gmail?  Etc.?


I think that identity provider is a nice system for helping 
developers creating a smooth experience across sites, but when 
these systems are used as Troy horse for tracking users across 
sites and services (not talking about brand here), I *personally* 
think, we cross a line which is no good for users.


-- 
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software

Received on Wednesday, 30 November 2011 16:11:31 UTC