Josh's Space

With the advent of Google’s SPDY improvements to the HTTP protocol, could we see an end in sight to the practice of sharding content on web sites?

In the news today (from The Register) Google report a 15% increase in speed when using SPDY to communicate to their web services from Chrome browsers. The SPDY technology seems to establish a single TCP session in which multiple HTTP like requests are managed in an efficient manner. It means, for instance, that multiple requests can be processed concurrently rather than the two (or six in recent browsers) per domain limit.

The practice of content sharding is used, in part, to achieve a similar effect. It allows browsers to believe they’re downloading from different servers and so they can initiate more concurrent connections. Another benefit is in reducing the payload of cookies by using domains the cookies haven’t been set for.

SPDY should take care of all of this for us. And, in fact, using separate domains to serve images, CSS and Javascript will perform worse with SPDY as there will be multiple TCP sessions established. So, assuming this technology becomes more widely available on the server side, we should probably start selectively sharding content on the basis of the capabilities of the user agent.

Article 66 of this set of directives, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:En:PDF, from the Official Journal of the European Union states that:

“Third parties may wish to store information on the equipment  of a user, or gain  access to information  already stored, for a number of purposes, ranging  from the legitimate  (such as certain  types of cookies)  to those involving unwarranted intrusion into the private sphere (such as spy­ware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.”

It’s not clear to me what “third parties” constitutes, but I assume it does not include the owner of the website the user is visiting. So Google Analytics / Ominiture Site Catalyst would count as a third party.

It’s possible you could interpret the use of an eCommerce site as a user explicitly requesting the service of browsing products for the purpose of purchasing. If you could, then the storage of analytics tags could be interpreted as being necessary to provide an effective browse and purchase experience through process of analysis and improvement. Then it might pass as being the “legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user”. It does feel rather tenuous though.

This is all personal opinion and is not legal advice. Please seek somewhere else to pin the blame if you get taken to court for not asking your customers for permission to store cookies!