- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 29 Feb 2012 17:54:44 -0800
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: Tom Lowenthal <tom@mozilla.com>, "public-tracking@w3.org" <public-tracking@w3.org>
On Feb 29, 2012, at 5:11 PM, Jonathan Mayer wrote: > Roy, > > In the text I've seen, when a first party outsources to a third party, it remains a third party. > > That's not a linguistic quibble. First, outsourcing allows a third party to act like a first party in many ways, but it must respect significant siloing constraints. Second, as far as user perceptions go, I don't think it's right to think of an outsourcing service as "the same party." Third, for the sake of analytical clarity, it's best to avoid conflating what we allow outsourcing services to do and what we allow first parties to do. Maybe those two will be coextensive—but we should be very explicit about it. > > Jonathan As far as I can tell, most of the text on "third-party" has been overly simplistic regarding how websites actually work. When a user accesses Netflix, is Amazon the first-party? I would think not. I wouldn't expect the user to think so either. But Netflix is hosted on AWS http://techblog.netflix.com/2010/12/5-lessons-weve-learned-using-aws.html which makes Amazon the operator (most of the time) and the entity responsible for collecting data and adhering to their contractual agreement with Netflix regarding its use, siloing, etc. I see no reason for Amazon to be considered as a party at all in this interchange other than via the constraints on acting as a first-party. ....Roy
Received on Thursday, 1 March 2012 01:55:08 UTC