W3C home > Mailing lists > Public > public-tracking@w3.org > February 2012

Re: [Issue-5] [Action-77] Defining Tunnel-Vision 'Do Not (Cross-Site) Track'

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 3 Feb 2012 09:40:16 -0800
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <683BCB73-513F-4D6C-A58F-BA71F31B89F5@gbiv.com>
To: David Singer <singer@apple.com>
On Feb 3, 2012, at 2:02 AM, David Singer wrote:
> I think I explained in the introduction;
>>> (All these definitions etc. rely on being able to define "site" or "party", by the way.  I don't see how to escape that, as many have pointed out, since it's within a 'party' that information flows, and so on.)
> It is a term to describe the envelope of the organization within which data flows.  I assume you are not proposing that images.example.com and store.example.com should be required to keep separate data, as they are separate 'sites'.  You seem to prefer 'service'; I don't mind what word is used:

Yes, I prefer service now because I did not intend site == domain -- it was just
short-hand for the group of same-branded sites that a user expects to be
interacting with as a service.  Service also matches EU policy.  BTW, that's
why I prefer the EU term of data processor rather than the "service provider" or
"outsourced" that others have used.  I am new to this stuff, but the terminology
makes sense once you know what is being protected, and I don't think we should
waste time reinventing it, though I do think we'll have to explain it better
than the policy docs.

I am more interested in figuring out if we all agree to protect the same things.
I.e., is there something that someone in the WG wants to protect by DNT that
is not protected by this model and would be protected by the 1st/3rd party
corporate distinctions with multitudes of exceptions?

Received on Friday, 3 February 2012 17:40:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:33 UTC