- From: Matthias Schunter <mts@zurich.ibm.com>
- Date: Tue, 04 Oct 2011 10:06:09 +0200
- To: Matthias Schunter <mts@zurich.ibm.com>, "Aleecia M. McDonald" <aleecia@aleecia.com>, Thomas Roessler <tlr@w3.org>, Nick Doty <npdoty@w3.org>, public-tracking@w3.org
Dear DNT Team, We would like to start discussions in writing to resolve selected issues. The task at hand is to - Define what the terms 1st and 3rd party mean in the DNT context Related issues are ISSUE-10 ISSUE-14 The goal of this excercise is to provide input that allows the editor to propose a definitional section for our Definitions and Standards Compliance document. Feel free to provide alternate definitions; in particular if they are contained in an input document. The editors of the definitions chapter will then propose a strawman that will then be aired for comments. Regards, Aleecia & Matthias ============================== Text SNIPLETS FROM INPUT DOCUMENTS http://www.w3.org/2011/tracking-protection ----------------------------------------- --- The FTC staff report ----------------------------------------- --- FTC guidelines for behavioral targeting p.5: Behavioral advertising by and at a single website ----------------------------------------- --- IAB Self-Regulatory Principles for Online Behavioral Advertising ----------------------------------------- --- Do Not Track Cookbook ----------------------------------------- --- IETF proposal for Do Not Track A first party is a functional entity with which the user reasonably expects to exchange data. In most cases the functional entity responsible for the web page a user has navigated to is the sole first party. A third party is a functional entity with which the user does not reasonably expect to share data. In general advertising networks, analytics services, and social plug-in providers are third parties. To a first approximation, a functional entity is a third party if it differs from the current page in: 1. Public suffix plus one domain name (PS+1), or 2. PS+1 authoritative name servers, or 3. PS+1 of CNAME records. We emphasize that this rule is only an approximation. Many first parties span several domain names, and many third parties are located at a subdomain of a first party. In practice a third party usually interacts with a user agent via content embedded on a first-party webpage. A third party could also receive data from a first party. ----------------------------------------- --- Electronic Frontier Foundation (EFF) discussion of Do Not Track ----------------------------------------- --- The Center for Democracy and Technology (CDT) DNT proposal Def: the web-site visited and 'commonly branded' websites. Note: "We recognize the inevitable difficulty in defining âcommonly branded websitesâ (first parties, under our formulation) in this context. It was once generally presumed that any domain name other than the one from which the user explicitly requested a webpage was a third party. However, sometimes first-party sites now employ separate domains for reasonable design, security, or commercial purposes, and conversely, some third parties provide services from firstparty domains. Accordingly, we suggest that two parties (a first and a third) be considered distinct if they do not share âcommon brandingââa concept that is an approximation for a consumerʼs reasonable expectations." ----------------------------------------- --- Mozilla Do Not Track Field Guide ----------------------------------------- --- Microsoft Web Tracking Protection, member submission to W3C -- Dr. Matthias Schunter, MBA IBM Zurich Research Laboratory, Ph. +41 (44) 724-8329 Homepage: www.schunter.org, Email: schunter(at)acm.org PGP Fingerprint 989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Tuesday, 4 October 2011 09:45:00 UTC