- From: Bryan Sullivan <blsaws@gmail.com>
- Date: Mon, 23 Jan 2012 01:43:03 -0800
- To: Nicholas Doty <npdoty@w3.org>, Heather West <heatherwest@google.com>
- CC: Justin Brookman <justin@cdt.org>, <public-tracking@w3.org>
- Message-ID: <CB42697A.E86A%blsaws@gmail.com>
Nick, I believe that definitions based upon user expectation or the ability to "infer with high probability that the user knowingly and intentionally" did something, are not testable. I'm not sure we will be able to derive a testable definition of 1st and 3rd party in fact. Focusing instead on clearly defining how DNT propagates through the Web, and what should happen at sites (e.g. not include PII in links to external site content, or forward it in backend integration), will IMO better serve the objective, and be testable. Bryan Sullivan From: Nicholas Doty <npdoty@w3.org> Date: Fri, 20 Jan 2012 18:58:46 -0800 To: Heather West <heatherwest@google.com> Cc: Justin Brookman <justin@cdt.org>, <public-tracking@w3.org> Subject: Re: Draft Text on First Parties and Third Parties (ACTION-34, ISSUE-10, ISSUE-26, ISSUE-88) Resent-From: <public-tracking@w3.org> Resent-Date: Sat, 21 Jan 2012 02:59:20 +0000 Hi Heather and Sean, I know your message here is a couple weeks old, I just wanted to tease out the particular concern expressed here in more detail. Is the issue that you fear that a user expectations standard is too ambiguous to be uniformly implemented or enforced? In that case, you might agree that user expectations should be what drives the definition for "first party" but that we need more detail either for implementers or enforcers. In that case, I think it would be useful for our discussion to describe some specific use case where implementation or enforcement would fail. And regarding the proposed alternative, it would help to have an explanation of why a corporate ownership standard matches to user expectations. Or is the concern that a user expectations standard might lead to evaluations of what is a first party that you don't want? In that case you might agree that a user with Do Not Track enabled doesn't expect Disney to track their visits across ESPN.com <http://ESPN.com> and Marvel.com <http://Marvel.com> , but you think that data should be shared within a first party exception under the group's standard. Here we might have a debate among participants over the basic principle rather than the mechanism. On Jan 5, 2012, at 2:39 PM, Heather West wrote: > The initial version of this issue language was short and easy to understand, > and I think that's one of the reasons that we all liked it conceptually. Sorry that I'm having trouble keeping track here, which version are you referring to? (I saw early proposals from Amy and Tom and the FPWD had a list of options.) Thanks, Nick
Received on Monday, 23 January 2012 09:43:40 UTC