- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Fri, 28 Oct 2011 22:11:24 -0700
- To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
(ACTION-25) As I understand it, there are four camps on how to distinguish between first parties and third parties. 1) Domain names (e.g. public suffix + 1). 2) Legal business relationships (e.g. corporate ownership + affiliates). 3) Branding. 4) User expectations. Here are some examples that show the boundaries of these definitions. Example: The user visits Example Website at example.com. Example Website embeds content from examplestatic.com, a domain controlled by Example Website and used to host static content. Discussion: Content from the examplestatic.com domain is first-party under every test save the first. Example: Example Website (example.com) strikes a deal with Example Affiliate (affiliate.com), an otherwise unrelated company, to share user data. The user visits Example Website, and it embeds content from Example Affiliate. Discussion: Content from Example Affiliate is third-party under every test save the second. Example: Example Website embeds a widget from Example Social Aggregator. The widget includes a prominent logo for Example Social Aggregator, though a user is unlikely to recognize it. Discussion: Content from Example Social Aggregator is third-party under every test save the third.
Received on Saturday, 29 October 2011 05:11:54 UTC