148
edits
Thirdparty: Difference between revisions
Jump to navigation
Jump to search
→Rationale
| Line 57: | Line 57: | ||
== Rationale == | == Rationale == | ||
Again, let me reiterate -- what matters here is '''not''' ''how the user thinks of a particular action'', but ''whether the action is related, in an integral way, with the current site''. | |||
We have some hard data points here, but more is always better, and will allow us to make a more informed decision on how these changes will affect the web. | |||
:1. Typing in the urlbar is clearly not something that can be considered as integral to the functioning of a particular site. | |||
:2. There are two cases when clicking on a link: a) the link is targeted at the same domain; b) it is not. For the former, what we do is irrelevant. For the latter, by and large, it means the link is not integrally related -- I strongly doubt, for instance, that any federated login processes use <href> tags pointing at their domain. ''Is this really true? Are there other relevant use cases?'' | |||
:3. The answer to this really depends on what use cases exist on the web. Someone out there undoubtedly uses document.location to implement an authentication scheme. Need more hard data here. However, I suspect that the right thing to do is consider it unrelated. | |||
:4. This case is clearer. Many services, such as bit.ly, immediately and permanently redirect to a target. Sites that redirect from ''original'' to ''target'' and back to ''original'' probably mean the two are related, and could easily be an implementation of federated login. It could also be an implementation of an auto-redirect ad. What we do here is important to get right. | |||
:The key is [TBD...] | |||
Since it's an obvious hole, we have to track first party context through redirects. (So going to digg.com --> redirect to clickthrough ad on ads.google.com --> click back to digg.com would maintain a first party context of digg.com throughout.) If we didn't, those clickthrough ads would be first parties, and could track the user across sites. | Since it's an obvious hole, we have to track first party context through redirects. (So going to digg.com --> redirect to clickthrough ad on ads.google.com --> click back to digg.com would maintain a first party context of digg.com throughout.) If we didn't, those clickthrough ads would be first parties, and could track the user across sites. | ||