- From: Kevin Smith <kevsmith@adobe.com>
- Date: Sat, 15 Oct 2011 21:04:06 -0700
- To: Matthias Schunter <mts@zurich.ibm.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Matthias said: > With this said, I agree that we need to define "the" single way of 'reliably determining' whether a site is acting as 1st or 3rd party. I do not believe there is any single way or even collection of methods to accurately determine party. I believe it is a logical question, not a technical question. The service knows whether it's a 1st or a 3rd party based on which of their services is being accessed or their sub-domain strategy or possibly even the SLA of the client using the service. Much (if not most) of the time, the party will not be provable using a generic methodology. -----Original Message----- From: public-tracking-request@w3.org [mailto:public-tracking-request@w3.org] On Behalf Of Matthias Schunter Sent: Saturday, October 15, 2011 7:56 AM To: public-tracking@w3.org Subject: Re: [ISSUE-60] Will a recipient know if it itself is a 1st or 3rd party? Hi Kevin, thanks a lot for your valuable input. I believe that from a privacy point of view, we must require: "1st party exemptions apply only if a site can reliably determine that it is acting as a 1st party." With this said, I agree that we need to define "the" single way of 'reliably determining' whether a site is acting as 1st or 3rd party. As a consequence, I see two questions: 1. What are 'proven ways' / 'best practices' that work to determine whether you are 1st or 3rd party (you gave input here and I'll wiki-fy it) 2. NEW: Are hints from the browser helpful and do they make determining 1st vs 3rd much simpler (in this case, we may add such hints to the DNT header) Regards, matthias On 10/14/2011 11:31 PM, Kevin Smith wrote: > With this in mind, I think the best approach is that we simply don't > define how to determine whether a request is 1^st or 3^rd party. We > just define the difference between the two and how a 1^st or 3^rd > party must behave when it receives a DNT request header. Then we > leave it to the service to use the approach or combination of > approaches that makes the most sense for them. -- Dr. Matthias Schunter, MBA IBM Zurich Research Laboratory, Ph. +41 (44) 724-8329 Homepage: www.schunter.org, Email: schunter(at)acm.org PGP Fingerprint 989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Sunday, 16 October 2011 04:04:47 UTC