Signals for internal / external usage of site elements (the signals formerly called "1" and "3") from Matthias Schunter (Intel Corporation) on 2014-01-06 (public-tracking@w3.org from January 2014)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Mon, 06 Jan 2014 21:23:21 +0100
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <52CB10B9.1030807@schunter.org>

Hi Team,


as part of removing dependencies in the compliance spec, Roy removed the 
"1" and "3" signals.
I would like to make a case for keeping these two signals in a revised form.

SCENARIO TO PREVENT

The reason these signals were included is to detect/prevent the 
following scenario:
1. - A party designs an element to be used _only_ within its own 
web-site (e.g., the google logo).
2. - The party uses this element for some kind of tracking
3. - Another site (say Matthias's homepage) re-uses the element and, 
e.g., claims "not to do tracking"
4. - However, in fact, the other site does tracking (by accidentially 
embedding the tracking element)


OLD TEXT
This is the text, I copied from an older version of the DNT spec.

**
3 	*Third party*: The designated resource is designed for use within a 
third-party context and conforms to the requirements on a third party.
1
	*First party*: The designated resource is designed for use within a 
first-party context and conforms to the requirements on a first party. 
If the designated resource is operated by an outsourced service 
provider, the service provider claims that it conforms to the 
requirements on a third party acting as a first party.


Roy had to remove the text since it references "requirements on a first 
party" (that is undefined in the TPE and will be defined in the 
compliance regime)

PROPOSED NEW TEXT
I think that the signaling of "elements for site-internal use" and 
"elements re-usable by other sites" remains useful.

**
3 	*Third party*: The designated resource is designed for re-use by 
other parties.
1
	*First party*: The designated resource is designed for use within the 
serving party.


In the scenario above,  this would work as follows:
1. - A party designs an element to be used _only_ within its own 
web-site (e.g., the google logo) ("1")
2. - The party uses this element for some kind of tracking  ("T")
3. - Another site (say Matthias's homepage) re-uses the element and, 
e.g., claims "not to do tracking" ("N")
4. - However, in fact, the other site does tracking (by accidentially 
embedding the tracking element)
The result (detectable by a browser or by the site owner) is that a 
"1+T" element from another site would
show up on the page that claims "N".  This may indicate a potential problem.

Any opinions/feedback/improvements?


Regards,
matthais

Received on Monday, 6 January 2014 20:23:51 UTC