W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Definitions: 1st vs 3rd Party [ISSUE-10,ISSUE-14]

From: Matthias Schunter <mts@zurich.ibm.com>
Date: Tue, 04 Oct 2011 10:06:09 +0200
Message-ID: <4E8ABE71.6080803@zurich.ibm.com>
To: Matthias Schunter <mts@zurich.ibm.com>, "Aleecia M. McDonald" <aleecia@aleecia.com>, Thomas Roessler <tlr@w3.org>, Nick Doty <npdoty@w3.org>, public-tracking@w3.org
Dear DNT Team,

We would like to start discussions in writing to resolve selected issues.

The task at hand is to
 - Define what the terms 1st and 3rd party mean in the DNT context

Related issues are

The goal of this excercise is to provide input that allows the editor
to propose a definitional section for our Definitions and Standards
Compliance document.

Feel free to provide alternate definitions; in particular if they are
contained in an input document.

The editors of the definitions chapter will then propose a strawman
that will then be aired for comments.

 Aleecia & Matthias


---  The FTC staff report

--- FTC guidelines for behavioral targeting

 p.5: Behavioral advertising by and at a single website

--- IAB Self-Regulatory Principles for Online Behavioral Advertising

--- Do Not Track Cookbook

--- IETF proposal for Do Not Track

 A first party is a functional entity with which the user reasonably
   expects to exchange data.  In most cases the functional entity
   responsible for the web page a user has navigated to is the sole
   first party.

   A third party is a functional entity with which the user does not
   reasonably expect to share data.  In general advertising networks,
   analytics services, and social plug-in providers are third parties.
   To a first approximation, a functional entity is a third party if it
   differs from the current page in:

   1.  Public suffix plus one domain name (PS+1), or
   2.  PS+1 authoritative name servers, or
   3.  PS+1 of CNAME records.

   We emphasize that this rule is only an approximation.  Many first
   parties span several domain names, and many third parties are located
   at a subdomain of a first party.

   In practice a third party usually interacts with a user agent via
   content embedded on a first-party webpage.  A third party could also
   receive data from a first party.

--- Electronic Frontier Foundation (EFF) discussion of Do Not Track

--- The Center for Democracy and Technology (CDT) DNT proposal

Def: the web-site visited and 'commonly branded' websites.

"We recognize the inevitable difficulty in defining “commonly branded
websites” (first parties, under our formulation) in this context. It
was once generally presumed that any domain name other than the one
from which the user explicitly requested a webpage was a third party.
However, sometimes first-party sites now employ separate domains for
reasonable design, security, or commercial purposes, and conversely,
some third parties provide services from firstparty domains.
Accordingly, we suggest that two parties (a first and a third) be
considered distinct if they do not share “common branding”—a concept
that is an approximation for a consumerʼs reasonable expectations."

--- Mozilla Do Not Track Field Guide

--- Microsoft Web Tracking Protection, member submission to W3C

Dr. Matthias Schunter, MBA
IBM Zurich Research Laboratory,  Ph. +41 (44) 724-8329
Homepage: www.schunter.org, Email: schunter(at)acm.org
PGP Fingerprint    989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Tuesday, 4 October 2011 09:45:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:25 UTC