RE: link shorteners etc. from Mike O'Neill on 2014-06-27 (public-tracking@w3.org from June 2014)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Fri, 27 Jun 2014 08:58:08 +0100
To: "'Shane M Wiley'" <wileys@yahoo-inc.com>, "'David Singer'" <singer@apple.com>
Cc: "'Walter van Holst'" <walter.van.holst@xs4all.nl>, <public-tracking@w3.org>
Message-ID: <010601cf91dd$89f5c8e0$9de15aa0$@baycloud.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How can a shortener that tracks (collects and uses data that derives from a different context) ignore the user's preference simply because it is technically a HTTP first-party?

That is why I support David's text:

"For the avoidance of doubt, link shorteners are not sites that are visited, and not sites that a user intends to visit, and hence are third parties as defined in this recommendation."

i.e. the rules in the TCS for third-parties apply to it (even though it is not technically an HTTP "third-party").

On David's point about it not being necessarily so, surely that is implicit in the "and not sites that a user intends to visit" text? The Safari home page link would not be a "shortener" according to that definition, or maybe I am missing something?


> -----Original Message-----
> From: Shane M Wiley [mailto:wileys@yahoo-inc.com]
> Sent: 27 June 2014 02:56
> To: David Singer
> Cc: Walter van Holst; public-tracking@w3.org
> Subject: RE: link shorteners etc.
> 
> David,
> 
> I like your use of "fleeting" 1st party as this still acknowledges that the link
> shortener is in fact a first party.
> 
> I'm attempting to take a more principled approach to user transparency and
> choice - the foundation of why we make the distinction between 1st party and
> 3rd party in the first place.  A link shortener is "visible" prior to click often with
> no additional effort from the user and in those cases the URL is obscured it is
> still discoverable prior to click (hover on desktop or press-hold on mobile).  The
> user need not click on the link - they have a choice to interact or not.
> 
> I don't believe it's appropriate to make decisions on subjective judgments of "we
> think users understand X but we don't think they understand Y".
> 
> - Shane
> 
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com]
> Sent: Thursday, June 26, 2014 8:43 AM
> To: Shane M Wiley
> Cc: Walter van Holst; public-tracking@w3.org
> Subject: Re: link shorteners etc.
> 
> 
> On Jun 26, 2014, at 7:42 , Shane M Wiley <wileys@yahoo-inc.com> wrote:
> 
> > 1st party status is not about "destinations" - although this is a novel and
> interesting idea.
> 
> I am sorry, I realized after I wrote it that I should have used terms from the spec.
> 
> "For the avoidance of doubt, link shorteners are not sites that are visited, and
> not sites that a user intends to visit, and hence are third parties as defined in this
> recommendation."
> 
> > 1st party status is about the user understanding the party they are engaged
> with and having an obvious choice of not engaging with them by not visiting
> their site.  Any URL that is visible to the user prior to clicking meets this same bar
> - users are not required to click on a link shortener if they'd rather not.  They can
> also visit the link shortener's address directly and read their privacy policy prior
> to click on the link as well if they so choose.  Their participation is not invisible.
> The Mozilla Collusion extension does not display link shorteners as a user's
> activity is not being tracked outside the context of their active click on a link.
> 
> So, you would argue that my second case "Click on http://bit.ly/aksjdh636tsj and
> you will be AMAZED!" has the link shortener as a fleeting first party?
> 
> >
> > - Shane
> >
> > -----Original Message-----
> > From: David Singer [mailto:singer@apple.com]
> > Sent: Thursday, June 26, 2014 7:25 AM
> > To: Walter van Holst
> > Cc: public-tracking@w3.org
> > Subject: Re: link shorteners etc.
> >
> > Thank you for the analysis, I agree with your analysis of link shorteners.  (And I
> think the conversation has otherwise got off track; we don't need to debate the
> precise details of the 1st party rules nor why we got to where we are, to resolve
> link shorteners.)
> >
> > Perhaps we can work towards text on link shorteners now?
> >
> > "For the avoidance of doubt, link shorteners are not destinations, and not
> destinations that a user intends to visit, and hence are third parties as defined in
> this recommendation." ?
> >
> >
> > On Jun 25, 2014, at 12:15 , Walter van Holst <walter.van.holst@xs4all.nl>
> wrote:
> >
> >> On 2014-06-25 20:24, David Singer wrote:
> >>
> >>
> >>>> That's why I introduced a qualifier of non-obviousness. And yes, it is
> frustrating that it is unlikely to have a more concrete and tangible test than this
> staple of law, the man in the Clapham omnibus, or whatever the equivalent is in
> your local lawyer's vernacular. (Next time I'm in London I must make a
> pilgrimage to Clapham by bus)
> >>> it's tricky in these click-baiting cases, isn't it?  what DID the user 'intend'?
> >>
> >> Intent is always a slipper subject and fodder for behavioural psychologists. On
> this particular topic however, we shouldn't get too academic. The only
> justification we have for first parties being exempt from DNT is that first parties
> tend to be a surfing destination, a context so to speak, on their own. >From that
> perspective it would be strange to forbid tracking of user behaviour within that
> context while the problem we want to address is tracking across contexts. A URL
> shortener is no such destination and in practice tries to stay out of the way as
> much as possible without any formal relationship with the user (unlike identity
> providers) or the destination server (unlike content delivery networks). And it
> doesn't take a great leap of faith to assume that the average user will not intent
> to visit bit.ly in any way resembling the intent he or she has to visit
> facebook.com
> >>
> >> And to give an example of where I think intent becomes sufficiently blurred to
> consider a destination a first party: www.apple.com being the default
> homepage for Safari users. Even though a substantial number of visits to
> apple.com is unintentional, it is sufficiently clear that it is Apple and the user can
> change the default easily.
> >>
> >> Regards,
> >>
> >> Walter
> >>
> >
> > David Singer
> > Manager, Software Standards, Apple Inc.
> >
> >
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJTrSQQAAoJEHMxUy4uXm2JLuEIAKc15GXf+NXIUa3oRWZ3gVkZ
FtY01booGYjPUkiy0j5u6DbK+RpvM/BvgpUxYQzcb/7GltPCKGQQY7ACTxLTRP2l
AQHteGiyuU3JBXUssxM8gVO56C82Y2h361SeWBqw9rgGmSmWPystLqrrmor57Ql4
FDrhVDOy03oDpG2Z59xYx3flJXjQxyIpS0HcYqTl9xy8JE55lZ3wD6yiFAMnhYKE
CVFBTrSACYNE+ntiCMLMdy/4lfeWgnfXkwLLShUBYb1IdKX8buS+yqCmy8SLNJ3Q
sjrYcLtG90qOjM4YqHAfuHY8ETHUakKW4qIMuT3ei3xdqjkh649QffbQsiteAHQ=
=q98v
-----END PGP SIGNATURE-----
Received on Friday, 27 June 2014 07:58:44 UTC