Re: [ISSUE-60] Will a recipient know if it itself is a 1st or 3rd party?

Hi Kevin,


thanks a lot for your valuable input.

I believe that from a privacy point of view, we must require:
  "1st party exemptions apply only if a site can reliably
    determine that it is acting as a 1st party."

With this said, I agree that we need to define "the" single way of
'reliably determining' whether a site is acting as 1st or 3rd party.

As a consequence, I see two questions:
 1. What are 'proven ways' / 'best practices' that work to determine
    whether you are 1st or 3rd party (you gave input here and
      I'll wiki-fy it)
 2. NEW: Are hints from the browser helpful and do they make
    determining 1st vs 3rd much simpler (in this case,
    we may add such hints to the DNT header)


Regards,
matthias

On 10/14/2011 11:31 PM, Kevin Smith wrote:
> With this in mind, I think the best approach is that we simply don’t
> define how to determine whether a request is 1^st or 3^rd party.  We
> just define the difference between the two and how a 1^st or 3^rd
> party must behave when it receives a DNT request header.  Then we
> leave it to the service to use the approach or combination of
> approaches that makes the most sense for them. 

-- 
Dr. Matthias Schunter, MBA
IBM Zurich Research Laboratory,  Ph. +41 (44) 724-8329
Homepage: www.schunter.org, Email: schunter(at)acm.org
PGP Fingerprint    989AA3ED 21A19EF2 B0058374 BE0EE10D

Received on Saturday, 15 October 2011 13:56:46 UTC