148
edits
Thirdparty: Difference between revisions
→Overview
| Line 1: | Line 1: | ||
= Authors == | |||
*'''Dan Witte''' <dwitte@mozilla.com> | |||
= Overview = | = Overview = | ||
'''Problem:''' | '''Problem:''' Privacy on the web is not well controlled by the user. There are cases where the user has explicit and desired relationships with sites (or, in the broader sense, entities), and also expects and understands that those entities may have relationships with other entities. A good example of this is Facebook Connect, where establishing a relationship between the user, a site such as Digg, and Facebook is an explicit and desirable thing; in these cases, the user has given ''informed consent''. | ||
However, there are cases where this is not true. This may be due to ''implicit consent'', where a legitimate relationship exists but the user is not aware of it; in other cases, ''unintended consent'', where a relationship exists that, were the user aware of its existence and scope, would not agree to it. Examples of the former could be the Facebook "Like" button, which can allow Facebook to determine what sites a user is visiting without their knowledge; or credit unions, where the exchange of information (via the browser) with a third party domain to implement various banking functions is common. An example of the latter would be online advertising companies building behavioral databases of user behavior, consisting of their actions across many sites over time. Such databases, if expansive enough in scope, can be used to gather ''personally identifiable information'' (PII) without user expectation or consent. | |||
'''Goals:''' | '''Goals:''' | ||
*Stop behavioral tracking to the maximum extent possible, except where the user specifically wants it. (Note: this includes more than cookies.) | *Stop behavioral tracking to the maximum extent possible, except where the user specifically wants it. (Note: this includes more than cookies.) | ||