W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: [ISSUE-60] Will a recipient know if it itself is a 1st or 3rd party?

From: Matthias Schunter <mts@zurich.ibm.com>
Date: Sat, 15 Oct 2011 15:56:09 +0200
Message-ID: <4E9990F9.7070905@zurich.ibm.com>
To: public-tracking@w3.org
Hi Kevin,

thanks a lot for your valuable input.

I believe that from a privacy point of view, we must require:
  "1st party exemptions apply only if a site can reliably
    determine that it is acting as a 1st party."

With this said, I agree that we need to define "the" single way of
'reliably determining' whether a site is acting as 1st or 3rd party.

As a consequence, I see two questions:
 1. What are 'proven ways' / 'best practices' that work to determine
    whether you are 1st or 3rd party (you gave input here and
      I'll wiki-fy it)
 2. NEW: Are hints from the browser helpful and do they make
    determining 1st vs 3rd much simpler (in this case,
    we may add such hints to the DNT header)


On 10/14/2011 11:31 PM, Kevin Smith wrote:
> With this in mind, I think the best approach is that we simply donít
> define how to determine whether a request is 1^st or 3^rd party.  We
> just define the difference between the two and how a 1^st or 3^rd
> party must behave when it receives a DNT request header.  Then we
> leave it to the service to use the approach or combination of
> approaches that makes the most sense for them. 

Dr. Matthias Schunter, MBA
IBM Zurich Research Laboratory,  Ph. +41 (44) 724-8329
Homepage: www.schunter.org, Email: schunter(at)acm.org
PGP Fingerprint    989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Saturday, 15 October 2011 13:56:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:26 UTC