W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Summary of First Party vs. Third Party Tests

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Fri, 28 Oct 2011 22:11:24 -0700
Message-Id: <3C90FA8B-4751-432F-8A21-5734525A7062@stanford.edu>
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>

As I understand it, there are four camps on how to distinguish between first parties and third parties.

1) Domain names (e.g. public suffix + 1).

2) Legal business relationships (e.g. corporate ownership + affiliates).

3) Branding.

4) User expectations.

Here are some examples that show the boundaries of these definitions.

Example: The user visits Example Website at example.com.  Example Website embeds content from examplestatic.com, a domain controlled by Example Website and used to host static content.

Discussion: Content from the examplestatic.com domain is first-party under every test save the first.

Example: Example Website (example.com) strikes a deal with Example Affiliate (affiliate.com), an otherwise unrelated company, to share user data.  The user visits Example Website, and it embeds content from Example Affiliate.

Discussion: Content from Example Affiliate is third-party under every test save the second.

Example: Example Website embeds a widget from Example Social Aggregator.  The widget includes a prominent logo for Example Social Aggregator, though a user is unlikely to recognize it.

Discussion: Content from Example Social Aggregator is third-party under every test save the third.
Received on Saturday, 29 October 2011 05:11:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:26 UTC