Re: Draft Text on First Parties and Third Parties (ACTION-34, ISSUE-10, ISSUE-26, ISSUE-88) from Bryan Sullivan on 2012-01-23 (public-tracking@w3.org from January 2012)

From: Bryan Sullivan <blsaws@gmail.com>
Date: Mon, 23 Jan 2012 01:43:03 -0800
To: Nicholas Doty <npdoty@w3.org>, Heather West <heatherwest@google.com>
CC: Justin Brookman <justin@cdt.org>, <public-tracking@w3.org>
Message-ID: <CB42697A.E86A%blsaws@gmail.com>

Nick,

I believe that definitions based upon user expectation or the ability to
"infer with high probability that the user knowingly and intentionally" did
something, are not testable. I'm not sure we will be able to derive a
testable definition of 1st and 3rd party in fact.

Focusing instead on clearly defining how DNT propagates through the Web, and
what should happen at sites (e.g. not include PII in links to external site
content, or forward it in backend integration), will IMO better serve the
objective, and be testable.

Bryan Sullivan

From:  Nicholas Doty <npdoty@w3.org>
Date:  Fri, 20 Jan 2012 18:58:46 -0800
To:  Heather West <heatherwest@google.com>
Cc:  Justin Brookman <justin@cdt.org>, <public-tracking@w3.org>
Subject:  Re: Draft Text on First Parties and Third Parties (ACTION-34,
ISSUE-10, ISSUE-26, ISSUE-88)
Resent-From:  <public-tracking@w3.org>
Resent-Date:  Sat, 21 Jan 2012 02:59:20 +0000

Hi Heather and Sean,

I know your message here is a couple weeks old, I just wanted to tease out
the particular concern expressed here in more detail.

Is the issue that you fear that a user expectations standard is too
ambiguous to be uniformly implemented or enforced? In that case, you might
agree that user expectations should be what drives the definition for "first
party" but that we need more detail either for implementers or enforcers. In
that case, I think it would be useful for our discussion to describe some
specific use case where implementation or enforcement would fail. And
regarding the proposed alternative, it would help to have an explanation of
why a corporate ownership standard matches to user expectations.

Or is the concern that a user expectations standard might lead to
evaluations of what is a first party that you don't want? In that case you
might agree that a user with Do Not Track enabled doesn't expect Disney to
track their visits across ESPN.com <http://ESPN.com>  and Marvel.com
<http://Marvel.com> , but you think that data should be shared within a
first party exception under the group's standard. Here we might have a
debate among participants over the basic principle rather than the
mechanism.

On Jan 5, 2012, at 2:39 PM, Heather West wrote:
> The initial version of this issue language was short and easy to understand,
> and I think that's one of the reasons that we all liked it conceptually.

Sorry that I'm having trouble keeping track here, which version are you
referring to? (I saw early proposals from Amy and Tom and the FPWD had a
list of options.)

Thanks,
Nick

Received on Monday, 23 January 2012 09:43:40 UTC