RE: link shorteners etc. from Shane M Wiley on 2014-06-27 (public-tracking@w3.org from June 2014)

From: Shane M Wiley <wileys@yahoo-inc.com>
Date: Fri, 27 Jun 2014 01:55:54 +0000
To: David Singer <singer@apple.com>
CC: Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <DCCF036E573F0142BD90964789F720E31470CCEF@GQ1-MB01-02.y.corp.yahoo.com>
David,

I like your use of "fleeting" 1st party as this still acknowledges that the link shortener is in fact a first party.  

I'm attempting to take a more principled approach to user transparency and choice - the foundation of why we make the distinction between 1st party and 3rd party in the first place.  A link shortener is "visible" prior to click often with no additional effort from the user and in those cases the URL is obscured it is still discoverable prior to click (hover on desktop or press-hold on mobile).  The user need not click on the link - they have a choice to interact or not.  

I don't believe it's appropriate to make decisions on subjective judgments of "we think users understand X but we don't think they understand Y".

- Shane

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: Thursday, June 26, 2014 8:43 AM
To: Shane M Wiley
Cc: Walter van Holst; public-tracking@w3.org
Subject: Re: link shorteners etc.


On Jun 26, 2014, at 7:42 , Shane M Wiley <wileys@yahoo-inc.com> wrote:

> 1st party status is not about "destinations" - although this is a novel and interesting idea.  

I am sorry, I realized after I wrote it that I should have used terms from the spec.

"For the avoidance of doubt, link shorteners are not sites that are visited, and not sites that a user intends to visit, and hence are third parties as defined in this recommendation."

> 1st party status is about the user understanding the party they are engaged with and having an obvious choice of not engaging with them by not visiting their site.  Any URL that is visible to the user prior to clicking meets this same bar - users are not required to click on a link shortener if they'd rather not.  They can also visit the link shortener's address directly and read their privacy policy prior to click on the link as well if they so choose.  Their participation is not invisible.  The Mozilla Collusion extension does not display link shorteners as a user's activity is not being tracked outside the context of their active click on a link.

So, you would argue that my second case "Click on http://bit.ly/aksjdh636tsj and you will be AMAZED!" has the link shortener as a fleeting first party?  

> 
> - Shane
> 
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com] 
> Sent: Thursday, June 26, 2014 7:25 AM
> To: Walter van Holst
> Cc: public-tracking@w3.org
> Subject: Re: link shorteners etc.
> 
> Thank you for the analysis, I agree with your analysis of link shorteners.  (And I think the conversation has otherwise got off track; we don't need to debate the precise details of the 1st party rules nor why we got to where we are, to resolve link shorteners.)
> 
> Perhaps we can work towards text on link shorteners now?
> 
> "For the avoidance of doubt, link shorteners are not destinations, and not destinations that a user intends to visit, and hence are third parties as defined in this recommendation." ?
> 
> 
> On Jun 25, 2014, at 12:15 , Walter van Holst <walter.van.holst@xs4all.nl> wrote:
> 
>> On 2014-06-25 20:24, David Singer wrote:
>> 
>> 
>>>> That's why I introduced a qualifier of non-obviousness. And yes, it is frustrating that it is unlikely to have a more concrete and tangible test than this staple of law, the man in the Clapham omnibus, or whatever the equivalent is in your local lawyer's vernacular. (Next time I'm in London I must make a pilgrimage to Clapham by bus)
>>> it's tricky in these click-baiting cases, isn't it?  what DID the user 'intend'?
>> 
>> Intent is always a slipper subject and fodder for behavioural psychologists. On this particular topic however, we shouldn't get too academic. The only justification we have for first parties being exempt from DNT is that first parties tend to be a surfing destination, a context so to speak, on their own. From that perspective it would be strange to forbid tracking of user behaviour within that context while the problem we want to address is tracking across contexts. A URL shortener is no such destination and in practice tries to stay out of the way as much as possible without any formal relationship with the user (unlike identity providers) or the destination server (unlike content delivery networks). And it doesn't take a great leap of faith to assume that the average user will not intent to visit bit.ly in any way resembling the intent he or she has to visit facebook.com
>> 
>> And to give an example of where I think intent becomes sufficiently blurred to consider a destination a first party: www.apple.com being the default homepage for Safari users. Even though a substantial number of visits to apple.com is unintentional, it is sufficiently clear that it is Apple and the user can change the default easily.
>> 
>> Regards,
>> 
>> Walter
>> 
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 
> 

David Singer
Manager, Software Standards, Apple Inc.
Received on Friday, 27 June 2014 01:56:59 UTC