- From: Rigo Wenning <rigo@w3.org>
- Date: Fri, 28 Oct 2011 13:01:08 +0200
- To: public-tracking@w3.org
- Cc: David Singer <singer@apple.com>
David, Bjoern, as soon as you leave the http-request context (or the dom-context, or cookie context as suggested by Bjoern), "this" request acquires an unbound meaning. Once the step beyond the current http request is made, we automatically fall back into all the caching and scoping discussions of the P3P Policy reference file and the P3P 1.1 discussions (let by Matthias in 2003 BTW) on how to determine who is a related party to whom and what their legal relation is so that they follow the same practice. And everybody will find tricks and twists to become a first party if the first party is privileged. At the end of the day we will have definitions with a lot of first parties, a lot more related parties that are to be treated like first parties and some diabolic third party who's definition is met only by the evil hacker from crimehaven.example.com The underlying political question is: Do we want to distinguish between first party and third party data traffic to discriminate against hit-counters, third party trackers and ad networks? If yes, we need some distinction. Note well that the third party only gets a request because the first party has included some code into a page under their control. (What if the first party collects and outsources the analysis?) Another possibility is to say: tracking is tracking, whatever site it comes from. So if DNT=1 neither third nor first parties should track (and tracking to be defined here). Best, Rigo On Thursday 27 October 2011 16:54:03 David Singer wrote: > The more I think about how to distinguish 3rd and 1st parties, the more of a > nightmare it is.
Received on Friday, 28 October 2011 11:01:29 UTC