Dominion and Domains: Here’s How to Fix the Web
Source: A Complete Introduction to Terry Pratchett’s Password.
“Data-driven thinkingIs written by members of the media community and contains new ideas about the digital revolution in media.
Today’s column is written by James Rosewell, Founder and CEO of 51Degrees.
The Word Wide Web Consortium (W3C) was created to standardize an open World Wide Web for all.
As such, this powerful body seeks to agree on technical standards for interoperability between browsers.
Within the W3C is an entity called Technical Architecture Group (TAG) which defines the architectural direction of the web and includes in its members a character no less illustrious than Sir Tim Berners-Lee, “father of the Internet.”
But there is an inherent problem with the fundamental principles that TAG relies on to make its decisions.
Google has recognized this. One of Chrome Privacy Sandbox’s proposals, First-Party Sets (FPS), calls for bundling domains it owns, such as youtube.com and google.com, and treating them as one domain from a standpoint. data sharing. .
This proposal recently justified a W3C TAG public report in which he observed that: “This proposal undermines the concept of origin, and we see the origin [domain name] as a structural pillar of Web architecture. “
This statement highlights a central problem, which is that the architecture of the Web is no longer suited to its purpose and that the “structural pillar” of domain names needs to be upgraded.
“Origin” is a geek synonym for domain, which is the name associated with a web page in the address bar of a web browser. The domain name is affiliated with the brand of the organization that operates the website and security is provided via a padlock icon.
For example, the domain name and hence the primary origin of this article is adxchanger.com.
The domain names of partners that help publishers operate their web properties are not visible to the user and are referred to as third party origins.
Google is clean Chrome Blog explicitly defines “third party” as follows: “If the domain associated with a cookie is an external service and not the website in the user’s address bar, this is considered cross-site (or ‘third party’) context.”
W3C and TAG consider third party origins untrustworthy. But this ignores the fact that the use of these “third party” providers is controlled by the first relying party with which the individual has chosen to interact.
Dominion over data distribution
When people agree to the terms and conditions, it’s an agreement with a legal entity, not with a domain name.
For example, Google legal entity operates many domains. If people consent to Google collecting and processing their personal data, Google undoubtedly wants this consent to be applied to all domains and services operated by Google, regardless of the domain names used.
But how do you communicate this in today’s web architecture? Google’s FPS proposal shows us that Google itself realizes that we have to look beyond domain names for a solution.
While the concept of FPS may seem simple, it’s actually unfair to small businesses. If a small business needs a service that it cannot create or operate on its own, it will look to a competitive market of supply chain vendors to provide that service. Some of the many services that most publishers rely on include website analytics, fraud prevention, shopping cart or payment technologies, and advertising.
It is common for small businesses to band together to compete with large organizations.
These companies, however, could not become a leading set.
W3C and TAG acknowledge this when they said in their FPS report: “It is likely that this proposal will only benefit large, powerful entities that control both the implementation and the services.”
Origin of the upgrade
And so, I argue that now is the time to upgrade the “origin” pillar of the web. In order to ensure a level playing field, we need to improve the transparency and auditability of data transfers to people, regardless of the organization that collects and processes their personal data.
We need a structure that allows people to trust the first party supply chain choices they interact with. This means providing them with:
- Verifiable identity of the brand whose property they interact with
- Transparency to see the supply chains that organizations rely on
- Auditability to prove that confidentiality choices are respected
- Penalties for parties who break the law or rules
To the right: Sample consent user interface from SWAN.community with icon passcode protection for email address.
the SWAN.community project, of which this author is one of the founders, is a way of superimposing such a method on the existing web, not only conceptually but also in practice.
TAG is made up of passionate and talented engineers. But they are neither lawyers nor businessmen – and they have, in the past, interrupted discussion of the points advocated in this article, which is, of course, disappointing. For an example, see this GitHub thread on choosing the supply chain.
However, the web is for everyone, not just trillion dollar companies, browser vendors, and the people who build the web. We need to work together to ensure that TAG and W3C engage with the wider community of businesses and people who use the standards they propagate to promote a level playing field.
People and authors (aka, editors or operators of websites in the W3C language) should take precedence over browser implementers.
It should also be noted that what we are talking about here is not limited to the open web. If a brand wants to send their own proprietary data to improve advertising inside a walled garden, this too is considered an inter-site data transfer.
I urge you to make your voice heard before it’s too late – and there are many, mostly free, ways to participate in the W3C debate.
- Raise an issue against the TAG Security and Privacy Questionnaire to request a review. (free)
- Join W3C Community Privacy Group and advocate for a change in architecture regarding origins or support others. (free)
- Follow the proposals on the Community Web Incubation Group (WICG) and highlight the advantages for the group of rethinking the concept of “origin”. (free)
- Visit swan.community and join the project. (free)
- Join the W3C and vote in the December 2021 elections to select different TAG members who are open to these changes. (not free)
While you may never have contacted W3C, I can assure you that W3C wants to hear more voices – especially those that are traditionally under-represented, such as small publishers, brands and their marketing agencies. .
As we reform the web, let’s make sure we establish the policies and architecture that allow new start-ups, small businesses, and most importantly, individuals around the world to participate online without being constrained by unilateral decisions of the world. dominant platforms.
W3C and TAG provide a way to solve the problems faced by digital advertising. But all of our voices are needed for this approach to be successful.