Re: TPE Document, S2.3 P1 from Tom Lowenthal on 2011-10-31 (public-tracking@w3.org from October 2011)

From: Tom Lowenthal <tom@mozilla.com>
Date: Mon, 31 Oct 2011 11:44:49 -0700
To: Ashkan Soltani <ashkan.soltani@gmail.com>
CC: public-tracking@w3.org, "Roy T. Fielding" <fielding@gbiv.com>
Message-ID: <4EAEECA1.5020707@mozilla.com>

I used the phrase "one service exclusively" to attempt to address this
point. I maintain that we should aim for the web browsing case. Trying
to solve app privacy generally in this standard makes it even less
tractable.

On 10/31/2011 09:52 AM, Ashkan Soltani wrote:
> Pardon my confusion.
> 
> Tom, with the proposed additions, would apps that talk to 3rd parties in
> addition to 1st parties be covered?  For example,
> http://dl.dropbox.com/u/3077/ms%20-%20collusion.pdf ?
> 
> 
> 
> On Mon, Oct 31, 2011 at 9:43 AM, Tom Lowenthal <tom@mozilla.com> wrote:
> 
>> Pursuant to my F2F comment. The current first paragraph of section 2.3
>> reads:
>>
>>> HTTP [HTTP11] uses the term user agent to refer to any of the various
>>> client programs capable of initiating HTTP requests, including
>>> browsers, spiders (web-based robots), command-line tools, native
>>> applications, and mobile apps. Although the protocol defined by this
>>> specification is applicable to all forms of user agent, the
>>> compliance requirements are specifically concerned with the privacy
>>> expectations of a human user and the tracking of their browsing
>>> history over time. Hence, user agents that do not have some form of
>>> "browsing" nature or do not communicate with more than one site are
>>> not expected to comply with this protocol.
>>
>> This leaves the status of mobile apps somewhat unclear. I propose the
>> following text instead:
>>
>>
>>> HTTP [HTTP11] uses the term user agent to refer to any of the various
>>> client programs capable of initiating HTTP requests, including
>>> browsers, spiders (web-based robots), command-line tools, native
>>> applications, and mobile apps. Although the protocol defined by this
>>> specification is potentially applicable to all forms of user agent,
>>> the compliance requirements are specifically concerned with the
>>> privacy expectations of a human user and the tracking of their
>>> browsing history over time.
>>>
>>> There exist user agents which do not have a "browsing" nature, such
>>> as mobile apps which communicate with one service exclusively. These
>>> non-browsing user-agents are not the target for this standard, though
>>> there is no reason why they could not implement it.
>>
>>
>

Received on Monday, 31 October 2011 18:48:27 UTC