Re: Third parties should not pretend to be first parties from Jeffrey Chester on 2012-03-01 (public-tracking@w3.org from March 2012)

From: Jeffrey Chester <jeff@democraticmedia.org>
Date: Wed, 29 Feb 2012 20:04:33 -0500
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Tom Lowenthal <tom@mozilla.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-id: <3102F2E1-5D0E-4388-89C3-1D200079F616@democraticmedia.org>

This brings in a wholesale set of outside data practices for targeting, I presume.  With DNT:1 enabled, it should limit what outside data sources can be used by first parties.  


Jeffrey Chester
Center for Digital Democracy
1621 Connecticut Ave, NW, Suite 550
Washington, DC 20009
www.democraticmedia.org
www.digitalads.org
202-986-2220

On Feb 29, 2012, at 7:58 PM, Roy T. Fielding wrote:

> On Feb 29, 2012, at 4:10 PM, Tom Lowenthal wrote:
> 
>> The aim is to prohibit anyone who isn't a first party from using the
>> first-party options in the URI/Tk header, which even outsourced service
>> providers shouldn't do. Perhaps we should add more detail to the
>> outsourcing exception to deal with this case?
> 
> I've never understood why outsourced services should be considered
> a different party if they adhere to the "acting as a first-party"
> constraints.  They are, by contract and by practice and by view
> of the user, the same party -- the only reason they differ at all
> is because of the ownership/control definition in first-party.
> If we just add outsourcing (or data processor) to the first-party
> definition, we are done.
> 
> ....Roy
> 
>

Received on Thursday, 1 March 2012 01:05:18 UTC