- From: David Singer <singer@apple.com>
- Date: Wed, 03 Apr 2013 17:43:24 -0700
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Hi Roy I think you are answering a poorly raised I unintended question. I was not suggesting to change your defined semantics for 1st and 3rd party, merely that whether I have consent or not, or claim conformance yet, or not, are orthogonal to those statuses rather than replacements... Apologies Sent from my iPad On Apr 3, 2013, at 5:23 PM, "Roy T. Fielding" <fielding@gbiv.com> wrote: > On Apr 3, 2013, at 2:52 PM, David Singer wrote: > >> I have previously preferred distinguishing "who I am" from "how I am operating", and I feel that have C and ! as 'status' indicators rather than qualifiers means that I can no longer tell whether I am interacting with someone who thinks of themselves as a 1st or 3rd party. So I agree, rather than C or ! as the first character, I think that >> >> 1C -- first party with consent >> 3C -- third party with consent >> 1! -- first party under construction >> 3! -- third party under construction >> >> seem to make more sense, and be more informative. As it is, if I get "!" in today's spec I am not able to tell whether the site is trying to construct a 3rd or 1st party experience; similarly for "C". > > It is impossible for the receiving server to know who is the first > or the third party in any given interaction. That knowledge exists > only within the head of the user, and even then only if we assume > the user has a deliberate intention and awareness of the interacting > parties and not simply clicking on links because the pictures are > pretty. > > What an origin server can do is indicate what limitations they adhere > to during (and promise to adhere to after) a given interaction. > > Neither "C" nor "!" are qualifiers -- they are the relevant answer > to the tracking status question, in each case. > > "C" indicates the server operates with consent and is limited only > by the terms of that consent (whatever those terms may be, which > could be far outside the scope of DNT or even more limited than a 3). > That answer is not in any way orthogonal to 1 and 3. > > "!" indicates that the server DOES NOT conform. Such an answer > cannot in any way shape or form be orthogonal to 1 and 3, both > of which are explicit statements of conformity to a list of > requirements specified in TCS. > > There is a reason why I specified it this way. The answer given > is being portrayed as a statement of business practice from the > party answering to the consumer (and, yes, I do use that term > intentionally here). As such, it has to be truthful. And since > there is no possible way for an origin server to make a truthful > statement about the intentions of the user, I cannot implement > a DNT standard that says "I am a first party" without lying to > the consumer. Period. > > Nor do I need to -- the privacy benefits of this protocol are > already accomplished by the design in the spec right now, which > actually can be implemented by origin servers. If you think not, > then please explain why and we can try to fix that. Otherwise, > we are certain to not make any progress if we revert to a protocol > that allows trolls to sue a website owner simply by deliberately > crafting pages that make subrequests on resources that are only > designed for first party interaction. > > ....Roy >
Received on Thursday, 4 April 2013 00:43:53 UTC