Re: Draft Language on Interaction with Third-Party Content

David, Bjoern, 

as soon as you leave the http-request context (or the dom-context, or cookie 
context as suggested by Bjoern), "this" request acquires an unbound meaning. 
Once the step beyond the current http request is made, we automatically fall 
back into all the caching and scoping discussions of the P3P Policy reference 
file and the P3P 1.1 discussions (let by Matthias in 2003 BTW) on how to 
determine who is a related party to whom and what their legal relation is so 
that they follow the same practice. And everybody will find tricks and twists 
to become a first party if the first party is privileged. At the end of the 
day we will have definitions with a lot of first parties, a lot more related 
parties that are to be treated like first parties and some diabolic third 
party who's definition is met only by the evil hacker from 
crimehaven.example.com

The underlying political question is: 
Do we want to distinguish between first party and third party data traffic to 
discriminate against hit-counters, third party trackers and ad networks? If 
yes, we need some distinction. Note well that the third party only gets a 
request because the first party has included some code into a page under their 
control. (What if the first party collects and outsources the analysis?)

Another possibility is to say: tracking is tracking, whatever site it comes 
from. So if DNT=1 neither third nor first parties should track (and tracking 
to be defined here). 

Best, 

Rigo


On Thursday 27 October 2011 16:54:03 David Singer wrote:
> The more I think about how to distinguish 3rd and 1st parties, the more of a
> nightmare it is.

Received on Friday, 28 October 2011 11:01:29 UTC