- From: Matthias Schunter <mts@zurich.ibm.com>
- Date: Sat, 15 Oct 2011 15:56:09 +0200
- To: public-tracking@w3.org
Hi Kevin,
thanks a lot for your valuable input.
I believe that from a privacy point of view, we must require:
"1st party exemptions apply only if a site can reliably
determine that it is acting as a 1st party."
With this said, I agree that we need to define "the" single way of
'reliably determining' whether a site is acting as 1st or 3rd party.
As a consequence, I see two questions:
1. What are 'proven ways' / 'best practices' that work to determine
whether you are 1st or 3rd party (you gave input here and
I'll wiki-fy it)
2. NEW: Are hints from the browser helpful and do they make
determining 1st vs 3rd much simpler (in this case,
we may add such hints to the DNT header)
Regards,
matthias
On 10/14/2011 11:31 PM, Kevin Smith wrote:
> With this in mind, I think the best approach is that we simply don’t
> define how to determine whether a request is 1^st or 3^rd party. We
> just define the difference between the two and how a 1^st or 3^rd
> party must behave when it receives a DNT request header. Then we
> leave it to the service to use the approach or combination of
> approaches that makes the most sense for them.
--
Dr. Matthias Schunter, MBA
IBM Zurich Research Laboratory, Ph. +41 (44) 724-8329
Homepage: www.schunter.org, Email: schunter(at)acm.org
PGP Fingerprint 989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Saturday, 15 October 2011 13:56:46 UTC