IRC log of dnt on 2011-09-21

Timestamps are in UTC.

13:02:20 [RRSAgent]
RRSAgent has joined #dnt
13:02:20 [RRSAgent]
logging to
13:02:34 [karl]
rrsagent, make logs public
13:03:01 [fielding]
fielding has joined #dnt
13:03:18 [karl]
Meeting: Tracking Protection WG F2F - Day 1 - 21 September 2011
13:03:28 [karl]
Topic: Intro
13:04:48 [tlr]
tlr has joined #dnt
13:04:50 [karl]
Matthias Schunter is introducing the goals of the group
13:05:16 [karl]
scribe: Karl Dubost
13:05:16 [karl]
scribenick: karl
13:06:16 [karl]
matthias: my goal being referee and moderator in this group. very aware of my own privacy
13:06:41 [jmayer]
jmayer has joined #dnt
13:06:54 [karl]
… Instead of having 50 niche solutions, we would like to get a shared solution.
13:07:10 [fjh]
fjh has joined #dnt
13:07:39 [fjh]
Zakim, who is here?
13:07:39 [Zakim]
Team_(dnt)13:00Z has not yet started, fjh
13:07:40 [Zakim]
On IRC I see fjh, jmayer, tlr, fielding, RRSAgent, karl, EdFelten, aleecia, kcs, clay, Zakim, npdoty, mischat, hober
13:07:48 [karl]
… Our solution must aim at improving the privacy in a way that privacy advocate can support
13:08:11 [enewland]
enewland has joined #dnt
13:08:15 [EdFelten]
EdFelten has left #dnt
13:08:18 [karl]
… I have no clear idea on how to do it. So we need your input.
13:08:30 [edfelten]
edfelten has joined #dnt
13:09:06 [kcs1]
kcs1 has joined #dnt
13:09:13 [ifette]
ifette has joined #dnt
13:09:13 [karl]
… We want a solution which is reasonable and efficient. Not big, but simple. And something that anyone can support.
13:10:09 [karl]
… there is no really viable alternative. Things will stay the same and shattered across the industry.
13:10:20 [karl]
… The mission is challenging, sometimes perceived as impossible.
13:10:58 [karl]
… We will need constructive inputs, sometimes thinking out of the box. I value progress.
13:11:15 [tl]
tl has joined #dnt
13:11:25 [karl]
… We will be using the W3C tracking tool to help us.
13:11:41 [karl]
… Do not wait the last minute for giving your input.
13:11:49 [karl]
… Early input is very valuable.
13:12:17 [karl]
… Everybody is allowed to ask questions. I will myself ask many stupid questions.
13:12:38 [karl]
… please use the queue for asking questions.
13:12:46 [karl]
… your hands for new topics
13:13:01 [karl]
… your pen for for answering
13:13:04 [aleecia]
13:13:07 [aleecia]
13:13:25 [karl]
aleecia: Use also IRC
13:13:36 [ifette]
Zakim, who's your daddy?
13:13:36 [Zakim]
Ralph is taking good care of me but you all are my family, ifette
13:13:42 [karl]
matthias: It will not be easy.
13:14:00 [karl]
… We will not be able to solve these in two days.
13:14:08 [karl]
… let's get started.
13:14:27 [karl]
13:14:36 [Dan]
Dan has joined #dnt
13:15:10 [scott]
scott has joined #dnt
13:15:28 [Cris]
Cris has joined #dnt
13:15:45 [karl]
matthias: I would like to do a quick round. 3 min each.
13:15:53 [karl]
… - who you are?
13:16:05 [karl]
… - 2 to 3 success criterias
13:16:18 [karl]
… - where are you from?
13:16:57 [Zakim]
Team_(dnt)13:00Z has now started
13:17:04 [Zakim]
+ +1.617.715.aaaa
13:17:47 [alex_]
alex_ has joined #dnt
13:18:04 [npdoty]
Zakim, aaaa is StarConferenceRoom
13:18:05 [Zakim]
+StarConferenceRoom; got it
13:18:27 [karl]
… we will be writing our success criteria on post it notes and we be sticking them on the wall.
13:18:34 [karl]
… later on
13:21:28 [jkaran]
jkaran has joined #dnt
13:22:25 [ifette]
Zakim, ifette is scribe
13:22:25 [Zakim]
sorry, ifette, I do not recognize a party named 'ifette'
13:22:34 [npdoty]
Scribe: ifette
13:22:45 [npdoty]
Zakim, who is on the phone?
13:22:45 [Zakim]
On the phone I see StarConferenceRoom
13:22:45 [karl]
scribenick: ifette
13:23:05 [ifette]
scribenick: ifette
13:24:46 [ifette]
Agenda+ Intros
13:24:55 [ifette]
take up agendum 1
13:24:58 [npdoty]
Erika McCallister, NIST, lots of standards, but just observing today
13:25:06 [ifette]
Erica McCallister: observing
13:25:26 [ifette]
Jennifer karen: hello
13:25:31 [ifette]
tlr: A broadly deployed spec quickly
13:25:38 [npdoty]
13:25:40 [ifette]
Clay Webster: CBS, representing online publishers
13:25:45 [ifette]
... not too many publishers here.
13:26:13 [ifette]
... third party definition that helps consumer privacy
13:26:23 [ifette]
Kevin Trille: TRUSTe
13:26:44 [ifette]
... understand how browser works with ad solution
13:26:52 [ifette]
s/ad solution/ad tag solution/
13:26:59 [ifette]
... has been US centric so far, different in EU
13:27:16 [ifette]
... large band of consumers with different values, need to consider people with extreme privacy protection and safe advertising
13:27:32 [ifette]
... complex topic, consumers haven't done well with cookie controls, need to avoid niche solutions
13:27:39 [ifette]
Erica Newland: CDT
13:27:46 [ifette]
rrsagent, bookmark?
13:27:46 [RRSAgent]
13:28:01 [ifette]
David Wainberg: observing
13:28:06 [David]
David has joined #dnt
13:28:10 [ifette]
... want to see policy drive more than technology
13:28:29 [ifette]
s/CDT/CDT: want to help consumers/
13:28:30 [Kevin]
Kevin has joined #DNT
13:28:36 [ifette]
Roy Fielding: UX and content management side
13:29:01 [ifette]
... clear definition of tracking
13:29:03 [npdoty]
s/UX/representing Adobe, UX/
13:29:21 [ifette]
... tell websites I don't want to be tracked is a bad summary, people don't know what it means and it's over-broad
13:29:27 [ifette]
Shane Wiley: Yahoo
13:29:33 [ifette]
ScribeNick: ifette
13:29:44 [ifette]
... balance privacy and datacenter operations
13:29:50 [ifette]
... take into consideration self regulatory work
13:29:59 [ifette]
... let consumers selectively exercise control
13:30:05 [ifette]
Chris Olsen: Privacy at FTC
13:30:14 [ifette]
... supporting self regulating efforts to improve transparency, customer choice
13:30:25 [ifette]
... preliminary report laid out criteria for a consumer control mechanism
13:30:49 [ifette]
... universality, ease of use, persistence, effective, enforceable, addresses collection not just use. Want definitions.
13:30:54 [ifette]
rrsagent, bookmark?
13:30:54 [RRSAgent]
13:31:12 [ifette]
... third party issues also important
13:31:46 [ifette]
Ed Felten: Chief technologist at FTC. Provide consumers with effective choice and confidence to consumers that they will get what they think they are going to get. Allow for reasonable innovation in industry
13:31:55 [ifette]
... areas with not so much controversy, hope we can move towards concerete standards
13:32:02 [ifette]
... hope we can move towards consensus on others
13:32:04 [schunter]
schunter has joined #dnt
13:32:23 [ifette]
Bret Errer: echo adobe, what does tracking mean definition-wise?
13:32:41 [ifette]
... is "tracking" an encumbered term?
13:32:45 [npdoty]
s/Bret Errer/Brett Error/
13:33:10 [ifette]
Jonathan Mayer: stanford, care about getting a definition that gives choice over data collection not just use. Want path to adoption in browsers and industries.
13:33:21 [ifette]
... want to do it in a few months
13:33:34 [npdoty]
<laughter at getting everything done in a couple months>
13:34:09 [ifette]
Ed O'Connor: WebKit team at Apple, success: making sure we have definitions and descriptions clear to users, implementers, authors
13:34:18 [ifette]
... technology people are willing to interoperably implement
13:34:21 [ifette]
Kevin Smith: Adobe
13:34:30 [ifette]
... wanted to see Cheers
13:34:33 [ifette]
... got to see it last night
13:34:39 [ifette]
13:34:44 [ifette]
... clear concise definitions
13:34:56 [ifette]
... implementation
13:35:03 [Brett]
Brett has joined #dnt
13:35:24 [ifette]
Charles Perkins: freelance identity and relationship nuance, XMPP Jabber etc at IETF. Success: definition of who you are. True name vs pseudonymity
13:35:47 [ifette]
... important even in the context of tracking, pseudonymous status may allow more tracking if it's truly pseudonymous
13:35:55 [ifette]
... hoping to have core spec with extensions to allow more complexity later
13:36:16 [ifette]
Aleecia McDonald: thrilled to see diverse representation at the group
13:36:19 [ifette]
... success is about end users
13:36:34 [ifette]
... variation in what people want
13:36:44 [ifette]
... better ads, personalization... vs concern about privacy
13:36:50 [ifette]
... and swing voters in the middle
13:36:56 [ifette]
... many ppl don't understand technlology in the background
13:37:03 [ifette]
13:37:07 [ifette]
... stop the arms race
13:37:16 [ifette]
... user preference, enable people to take direct steps with TPLs,
13:37:21 [ifette]
... enables business to thrive and flourish
13:37:26 [ifette]
... implementable
13:37:44 [ifette]
Matthias Schunter: IBM, tried to make criteria clear earlier
13:37:49 [ifette]
... I'm a European
13:37:59 [ifette]
... get European inputs and get link to EU regulators
13:38:11 [ifette]
... don't want 50 different solutions (for different regions)
13:38:23 [ifette]
Nick Doty: W3C and UC Berkeley
13:38:30 [ifette]
... share criteria
13:38:38 [ifette]
... want to see the process itself work
13:39:00 [ifette]
Jules Paulinetsky: future of privacy forum
13:39:05 [ifette]
... push the process along
13:39:19 [ifette]
Peter XXX: technology director at EFF
13:39:47 [edfelten]
Names: Jules Polonetsky, Peter Eckersley
13:39:50 [npdoty]
13:39:57 [ifette]
... criteria for success: based on a belief that third party ads / metrics need things from server logs that can be delivered by strongly anonymous methods, but not enough incentive for development for those methods
13:40:05 [ifette]
... incentivize industry participants to develop and deploy those methods
13:40:27 [npdoty]
13:40:30 [ifette]
... whatever community delivers should be simple way to gain control over who records your activities
13:40:46 [ifette]
... subtle and hard, but need to partition issue of data retention for fraud detection purposes from other purposes
13:40:57 [ifette]
... find a way to make sure fraud detection doesn't become back channel for how tracking happens
13:41:33 [ifette]
Sean Harvey: Google, straightforward goals. Common standard, easy to use, genuinely useful without undue / unnecessary harm to industry
13:41:54 [ifette]
Ian Fette: Google, from Chrome team and speaking in that context
13:42:10 [tl]
tl has joined #dnt
13:42:12 [ifette]
Kimon Zorbas: IAB in Bruxelles
13:42:20 [ifette]
... difficult to define what is meaningful for users, different challenges and interests
13:42:27 [ifette]
... not forget different jurisdictional backgrounds
13:42:33 [ifette]
... debate in Europe alien to privacy framework they haev
13:42:36 [ifette]
13:42:44 [ifette]
... look at how the pieces fit into a larger / bigger framework
13:42:53 [ifette]
Alex D: With Nielsen
13:43:00 [npdoty]
13:43:03 [ifette]
... people know what we do
13:43:09 [ifette]
13:43:21 [ifette]
... able to measure audiences from different web contexts / pages
13:43:29 [ifette]
... and should be device agnostic
13:43:41 [ifette]
... what we come up with on the internet, but there's devices on the net using other protocols
13:43:51 [ifette]
... do we want to have something for these devices as well
13:43:58 [ifette]
... give people using Roku, smart TV etc confidence
13:44:05 [ifette]
... backwards compatability
13:44:20 [ifette]
Frederick Hirsch: Nokia
13:44:26 [ifette]
... observing at the present
13:44:56 [ifette]
... understand how it fits into larger issue of privacy. convey user intent. Issues of secondary use, retention
13:45:03 [ifette]
... related to DNT
13:45:26 [ifette]
Dan McKinney: product development for WPP digital
13:45:30 [ifette]
... several businesses
13:45:30 [jkaran]
Hi Ian -I'm from DoubleVerify - I saw you didn't catch my intro. We are here to ensure that the standards decided on here can be incorporated into our DAA Self-regulatory program product (we are a certified vendor of the DAA).
13:45:42 [ifette]
... looking for clear definition on what "track" is
13:45:50 [ifette]
jkaran, sorry, it's hard :)
13:45:57 [karl]
List of WG Participants<-
13:46:02 [ifette]
Scott Julian: effective measure. Same vein as Nielsen.
13:46:12 [ifette]
... I'm australian, but we operate in SE asia / EMENA
13:46:24 [ifette]
... success criteria about guidance
13:46:35 [ifette]
... came to have a great framework people agree on that we can quickly implement
13:46:50 [ifette]
Cris Francisco: Software development at Blue Cava
13:46:57 [ifette]
... fraud detection and online advertisement
13:47:04 [ifette]
... definition on types of data impacted by DNT
13:47:12 [ifette]
... do not collect behavioural ad data, or broader
13:47:16 [ifette]
... first vs third party
13:47:24 [ifette]
... consistent across browsers
13:47:40 [ifette]
... balance between consumer privacy tools while supporting benefits of advertising supported internet
13:47:45 [ifette]
Thomas Lowenthal: M ozilla
13:47:51 [ifette]
s/M ozilla/Mozilla/
13:47:57 [ifette]
... come up with a definition that works for users
13:48:01 [ifette]
... feature users will actually want to use
13:48:06 [ifette]
... not break the open web
13:48:28 [ifette]
... have to be able to create a nice UI for. Concise expression even if there's complexity behind the scenes
13:48:36 [ifette]
Mike Zaneis: IAB from DC office
13:48:38 [ifette]
... echo David
13:48:47 [ifette]
... hope policy will drive and technology will inform
13:49:03 [ifette]
... working through first vs third party issues important
13:49:12 [ifette]
... represent DAA (digital advertising alliance). self regulatory body in the uS
13:49:15 [ifette]
13:49:21 [ifette]
13:49:27 [ifette]
... working to get members into compliance
13:49:39 [ifette]
... hope we won't add confusion to marketplace
13:49:44 [ifette]
... beginning to see consistency in market
13:50:06 [ifette]
Amy Colando: Microsoft, want a healthy and robust ecosystem for providers, consumers
13:50:11 [ifette]
... alignment with self regulatory work
13:50:26 [ifette]
... personally, want to better understand W3C process
13:50:28 [ifette]
Karl Dubost: Opera
13:50:34 [ifette]
... previously W3C
13:50:46 [ifette]
... privacy is not binary thus binary solutions will fial
13:50:48 [ifette]
13:50:53 [ifette]
... super easy to implement system
13:51:01 [ifette]
... if it's too complex people won't do it
13:51:08 [npdoty]
"ideally one day to implement"
13:51:15 [ifette]
... allow users to block without saying it. don't disclose i am blocking things
13:51:22 [ifette]
... set the right expectation for users
13:51:36 [ifette]
Sue Gluck: Microsoft
13:51:47 [ifette]
... IE privacy lawyer as well as Windows privacy lawyer
13:51:48 [edfelten]
13:51:57 [ifette]
... not experienced with W3C, looking forward to learning more and appreciate patience
13:52:08 [Dan_]
Dan_ has joined #dnt
13:52:20 [ifette]
... success learn more about how the technology works on advertising side
13:52:41 [ifette]
... we all need to expand our sphere of knowledge and stand in each others' shoes
13:52:52 [ifette]
... we all need to represent the people not in the room, e.g. consumers
13:52:56 [ifette]
... but also small publishers
13:53:18 [ifette]
... finally, this should be simultaneously easy to implement even for smaller businesses
13:53:29 [ifette]
... and something consumers can understand
13:53:32 [ifette]
... want balance
13:53:54 [ifette]
Richard Weaver: deputy privacy officer at Comscore
13:54:04 [ifette]
... reaching consumers and making sure they understand what's happening
13:54:21 [ifette]
Thomas Pottjegort: Comscore, responsible for data collection
13:54:42 [ifette]
... want to be ethical and do the right thing
13:55:05 [ifette]
rrsagent, bookmark?
13:55:05 [RRSAgent]
13:55:35 [ifette]
Matthias Schunter: happy to see overlap in goals
13:56:40 [ifette]
Zakim, close this agendum
13:56:40 [Zakim]
agendum 1 closed
13:56:41 [Zakim]
I see nothing remaining on the agenda
13:56:45 [ifette]
Agenda+ walk through agenda
13:56:49 [tlr]
13:56:50 [ifette]
Zakim, next agenda
13:56:50 [Zakim]
agendum 2. "walk through agenda" taken up [from ifette]
13:56:59 [ifette]
Matthias Schunter: will walk through W3C process
13:57:02 [ifette]
... then a break
13:57:07 [ifette]
Agenda+ W3C process
13:57:24 [ifette]
Agenda+ presentation by Thomas of Princeton workshop results
13:57:45 [ifette]
Agenda+ Aleecia walking us through the charter
13:58:21 [ifette]
Agenda+ group exercise clustering expectations
13:58:41 [ifette]
Agenda+ actual work (regulatory definition items)
13:58:44 [ifette]
Agenda+ technology items
13:58:50 [ifette]
Zakim, agenda?
13:58:50 [Zakim]
I see 7 items remaining on the agenda:
13:58:52 [Zakim]
2. walk through agenda [from ifette]
13:58:54 [Zakim]
3. W3C process [from ifette]
13:58:55 [Zakim]
4. presentation by Thomas of Princeton workshop results [from ifette]
13:58:57 [Zakim]
5. Aleecia walking us through the charter [from ifette]
13:58:59 [Zakim]
6. group exercise clustering expectations [from ifette]
13:59:01 [Zakim]
7. actual work (regulatory definition items) [from ifette]
13:59:03 [Zakim]
8. technology items [from ifette]
13:59:31 [ifette]
... dinner at Legal Seafood
13:59:38 [ifette]
... self hosted dinner, but have reservation
14:00:32 [ifette]
... tomorrow we will talk about technical deliverables
14:01:45 [ifette]
... if you want to reach consensus, all proposals must be discussed in a larger group
14:01:45 [fjh]
Are we talking about task forces here?
14:01:49 [aleecia]
14:01:53 [ifette]
... this group doesn't decide for everyone what to think
14:02:20 [aleecia]
The idea was to perhaps have smaller subgroups, then come back together to discuss more fully
14:02:23 [davidwainberg]
davidwainberg has joined #dnt
14:02:31 [ifette]
... should we do things differently? other opinions?
14:02:38 [ifette]
... people want break?
14:02:59 [ifette]
Roy Fielding: editors need to be selected for the three drafts
14:03:06 [ifette]
Aleecia McDonald: editors not yet announced
14:03:40 [ifette]
Matthias: if you are interested in editing, ping us
14:03:49 [aleecia]
For example, 5 groups all talking about the same thing at once, coming together to then talk through the issue
14:04:54 [ifette]
Zakim, close agendum
14:04:54 [Zakim]
I don't understand 'close agendum', ifette
14:05:01 [ifette]
Zakim, close this agendum
14:05:01 [Zakim]
agendum 2 closed
14:05:02 [Zakim]
I see 6 items remaining on the agenda; the next one is
14:05:04 [Zakim]
3. W3C process [from ifette]
14:06:33 [suegl]
suegl has joined #dnt
14:08:03 [Brett]
Zakim, who is on the phone?
14:08:03 [Zakim]
On the phone I see StarConferenceRoom
14:09:49 [kcs]
kcs has joined #dnt
14:09:55 [trackbot]
trackbot has joined #dnt
14:09:55 [trackbot]
Sorry... I don't know anything about this channel
14:09:55 [trackbot]
If you want to associate this channel with an existing Tracker, please say 'trackbot, associate this channel with #channel' (where #channel is the name of default channel for the group)
14:10:08 [npdoty]
trackbot, associate this channel with #tracking
14:10:08 [trackbot]
Associating this channel with #tracking...
14:11:59 [ifette]
Zakim, next agendum
14:11:59 [Zakim]
agendum 3. "W3C process" taken up [from ifette]
14:12:00 [amyc]
amyc has joined #dnt
14:12:09 [ifette]
tlr: ... thsi discussion is inevitable
14:12:09 [npdoty]
14:12:12 [ifette]
14:12:22 [ifette]
Zakim, agenda?
14:12:22 [Zakim]
I see 6 items remaining on the agenda:
14:12:23 [Zakim]
3. W3C process [from ifette]
14:12:25 [Zakim]
4. presentation by Thomas of Princeton workshop results [from ifette]
14:12:27 [Zakim]
5. Aleecia walking us through the charter [from ifette]
14:12:29 [Zakim]
6. group exercise clustering expectations [from ifette]
14:12:30 [ifette]
... W3C is a consensus organization
14:12:31 [Zakim]
7. actual work (regulatory definition items) [from ifette]
14:12:32 [Zakim]
8. technology items [from ifette]
14:12:49 [ifette]
... listen to each other, work through iissues in cooperative spirit
14:13:02 [ifette]
... tools built to support that
14:13:08 [ifette]
... another value is interoperability
14:13:18 [ifette]
... works and uniform in the right way, implementable
14:13:25 [ifette]
... not here to write xforms2
14:13:33 [ifette]
s/xforms2/something that cannot work on the web at large/
14:13:48 [ifette]
... something that fits into the overall architecture of the web, not break foundational architecture
14:14:27 [ifette]
... next, want a comprehensible spec that has meaning and is useful
14:14:31 [ifette]
... how do we get there?
14:14:50 [ifette]
... prep phase (at the end now)
14:15:17 [ifette]
... then start a WG, which works on documents
14:15:36 [ifette]
... next break would be a great time to volunteer to edit
14:16:08 [ifette]
... iterate, build consensus over time and publish working drafts along the way
14:16:16 [ifette]
... WDs ARE drafts and will have open questions
14:16:29 [ifette]
... eventually will get to last call
14:16:35 [ifette]
... get broad public review
14:16:47 [ifette]
... work through comments
14:17:01 [ifette]
... then candidate recommendation
14:17:06 [ifette]
... collect information about implementations
14:17:19 [ifette]
... then formal review (proposed recommendation)
14:17:35 [ifette]
... tools: Mailing list
14:17:40 [ifette]
... irc (here)
14:17:42 [alex_]
alex_ has joined #dnt
14:17:45 [ifette]
... and issue and action tracker
14:17:48 [npdoty]
14:18:04 [npdoty]
if anyone is still having issues with the mailing list, please let me know
14:18:39 [ifette]
ACTION: tlr to close this action, created as an example so people can see what actions look like and where they are DUE 2011-09-25
14:18:40 [trackbot]
Created ACTION-2 - Close this action, created as an example so people can see what actions look like and where they are DUE 2011-09-25 [on Thomas Roessler - due 2011-09-28].
14:18:54 [npdoty]
14:19:08 [ifette]
14:19:08 [trackbot]
ACTION-2 -- Thomas Roessler to close this action, created as an example so people can see what actions look like and where they are DUE 2011-09-25 -- due 2011-09-28 -- OPEN
14:19:08 [trackbot]
14:19:10 [Kevin]
Kevin has joined #DNT
14:19:20 [ifette]
tlr: issue tracking helps structure the discussion
14:19:30 [ifette]
... open questions (what about third party? is this or that involved?)
14:19:36 [ifette]
... these are distinct things that can be tracked
14:19:41 [kimon]
kimon has joined #dnt
14:19:44 [ifette]
... WGs keep public lists of issues
14:19:57 [ifette]
ISSUE: Example issue to be closed, so people can see what an issue looks like.
14:19:58 [trackbot]
Created ISSUE-1 - Example issue to be closed, so people can see what an issue looks like. ; please complete additional details at .
14:20:06 [ifette]
Zakim, close ISSUE-1
14:20:06 [Zakim]
I don't understand 'close ISSUE-1', ifette
14:20:21 [npdoty]
trackbot, close ISSUE-1
14:20:22 [trackbot]
ISSUE-1 Example issue to be closed, so people can see what an issue looks like. closed
14:20:22 [Zakim]
+ +1.949.483.aabb
14:20:54 [ifette]
Zakim, Issue-1?
14:20:54 [Zakim]
I don't understand your question, ifette.
14:20:57 [ifette]
Zakim, issue 1?
14:20:57 [Zakim]
I don't understand your question, ifette.
14:21:04 [npdoty]
trackbot, ISSUE-1?
14:21:04 [trackbot]
Sorry, npdoty, I don't understand 'trackbot, ISSUE-1?'. Please refer to for help
14:21:06 [ifette]
trackbot, issue-1?
14:21:06 [trackbot]
Sorry, ifette, I don't understand 'trackbot, issue-1?'. Please refer to for help
14:21:33 [ifette]
close ACTION-2
14:21:33 [trackbot]
ACTION-2 Close this action, created as an example so people can see what actions look like and where they are DUE 2011-09-25 closed
14:21:38 [ifette]
close ISSUE-1
14:21:38 [trackbot]
ISSUE-1 Example issue to be closed, so people can see what an issue looks like. closed
14:21:46 [karl]
14:21:54 [ifette]
tlr: in issues we explain where we are coming from, respond comments
14:22:02 [ifette]
... we also accept comments from the public during the process
14:22:07 [ifette]
... mailing list is publcly archived
14:22:34 [npdoty]
… issues also help the group to document issues and not come back to the same issues forever, determine what the group's status is
14:22:39 [ifette]
... encourage discussions on mailing list
14:23:15 [ifette]
... publishing drafts is another key component
14:23:22 [ifette]
... we have an aggressive schedule
14:23:31 [ifette]
... publish drafts with lots of open issues to get early review and visibility
14:23:34 [ifette]
... drafts visible to public
14:24:01 [ifette]
... minutes are also public
14:24:03 [karl]
q+ to use for editor's drafts
14:24:09 [jkaran]
So drafts are published, but any questions go into the issues list, correcT?
14:24:10 [ifette]
... taken on IRC and published 48h after
14:24:32 [ifette]
jkaram, questions typically come to the mailing list and the working group members and/or chairs open issues or actions based on those questions/comments
14:24:42 [ifette]
tlr: discusses irc commands
14:24:47 [aleecia]
14:24:50 [aleecia]
14:24:58 [aleecia]
zakim, mute me
14:24:58 [Zakim]
sorry, aleecia, I do not know which phone connection belongs to you
14:25:01 [[Thomas]]
[Thomas] has joined #dnt
14:25:12 [ifette]
zakim, who is on the phone?
14:25:12 [Zakim]
On the phone I see StarConferenceRoom, +1.949.483.aabb
14:25:17 [Mike]
Mike has joined #dnt
14:25:25 [ifette]
tlr: we do collaborative scribing. everyone is a potential victim
14:25:31 [aleecia]
(if it wasn't clear - zakim is a bot, not a human)
14:26:10 [ifette]
14:26:10 [trackbot]
ACTION-2 -- Thomas Roessler to close this action, created as an example so people can see what actions look like and where they are DUE 2011-09-25 -- due 2011-09-28 -- CLOSED
14:26:10 [trackbot]
14:26:12 [pde]
pde has joined #dnt
14:26:12 [ifette]
14:26:12 [trackbot]
ISSUE-1 -- Example issue to be closed, so people can see what an issue looks like. -- closed
14:26:12 [trackbot]
14:27:08 [ifette]
tlr: actions need to have clear owner, date
14:27:16 [ifette]
... if you can't do it, find someone else or change the date
14:27:36 [aleecia]
^change the date^go back to the group/chairs
14:27:44 [aleecia]
...ideally early
14:27:47 [ifette]
aleecia, depends on the group
14:27:48 [edfelten]
edfelten has left #dnt
14:28:02 [efelten]
efelten has joined #dnt
14:28:04 [ifette]
tlr: discusses meaning of consensus (look at the slides)
14:29:08 [pde]
is there a page somewhere that documents these queue management and issue management tools?
14:29:33 [npdoty]
Tracker documentation
14:29:39 [fielding]
14:29:41 [ifette]
... generally we achieve consensus people can live with. not everyone will necessarily be enthusiastic
14:29:51 [npdoty]
Zakim IRC documentation
14:30:28 [ifette]
tlr: discusses standing and what good standing means
14:31:02 [ifette]
... currently not intending to apply "bad standing" / "good standing" to this WG
14:31:12 [ifette]
... but important people consider the reasoning of the points behind "good standing"
14:31:12 [pde]
anyone mind if I put these in the channel status while people may still be joining
14:31:13 [pde]
14:31:22 [Kevin_]
Kevin_ has joined #dnt
14:31:23 [ifette]
... e.g. please show up to groups
14:31:45 [ifette]
... and deliver action items in time
14:31:56 [fjh]
fjh has joined #dnt
14:32:32 [ifette]
tlr: finally, respect conflict of interest polict
14:32:35 [ifette]
14:32:42 [ifette]
... if you are in three companies please disclose all three
14:32:48 [ifette]
... no covert agents
14:33:13 [KevinT]
KevinT has joined #dnt
14:33:42 [ifette]
tlr: last call - this is where we think we're done, we get broader review and address issues and document dependencies
14:33:49 [ifette]
... we're not really done at that point though
14:34:44 [ifette]
... group needs to address all comments
14:35:06 [ifette]
... some may be previously considered, at which point you provide a link to previous discussion
14:35:18 [ifette]
... unless new points are raised at which point we may reopen discussion
14:35:26 [ifette]
... there is a back and forth with the commenters
14:35:51 [ifette]
... after LC is a call for implementations
14:36:04 [ifette]
... group collects information about implementations and whether there are problems in the spec w.r.t. implementation
14:36:19 [ifette]
... then transition to formal review
14:36:35 [ifette]
tlr: left the patent policy out of the slides
14:36:36 [ifette]
... oops
14:36:44 [ifette]
... want to produce specs implementable on a royalty free basis
14:38:02 [karl]
14:38:23 [fielding]
I forgot to mention that I am on the board of the Apache Software Foundation, which is also a W3C member, but my role here is just to represent Adobe
14:38:28 [ifette]
Jonathan Mayer: to what extent does w3c process allow for discussion of business confidential information?
14:38:35 [ifette]
tlr: information shared is at least visible to all w3c members
14:38:43 [ifette]
... this is a needle which must be threaded
14:38:56 [ifette]
... if there are pieces of info based on confidential info you may need to abstract/obfuscate it
14:39:01 [ifette]
... we can't deal with this in general
14:39:20 [ifette]
... exception made in CR phase for implementation phase
14:39:25 [ifette]
... re: who has made the implementation
14:39:38 [ifette]
... and the WG simply sees the list of test cases that "implementation A, B, C" satisfy
14:39:48 [ifette]
... suspect that won't be the issue here
14:39:54 [ifette]
... but this is not the place to share confidential analytics data
14:40:39 [aleecia]
ws addressing - example of good process
14:41:14 [ifette]
tlr: failure modes include groups where everyone observes, or people get bogged down in analysis too early
14:41:28 [ifette]
... over-engineering complexity
14:42:07 [ifette]
... timelines designed to keep this at bay
14:42:13 [ifette]
... groups may also self-implode
14:42:26 [ifette]
Karl Dubost: groups may also lack the right people
14:42:43 [tlr]
14:44:26 [tlr]
14:44:39 [aleecia]
please don't just object, also offer what you want to see as a solution
14:45:07 [ifette]
tlr: discusses
14:45:22 [ifette]
... important to include proposed reolutions in objections
14:45:22 [ifette]
ack karl
14:45:22 [Zakim]
karl, you wanted to use for editor's drafts
14:46:19 [aleecia]
information on W3C process:
14:46:25 [ifette]
tlr: would strongly advice using for editors draft and have that be publicly visible
14:46:40 [ifette]
tl: what does it mean?
14:46:46 [ifette]
tlr: they're on the web in version control system
14:47:56 [ifette]
Matthias: would like to move on, any objection to coffee break?
14:47:59 [ifette]
Zakim, close this agendum
14:47:59 [Zakim]
agendum 3 closed
14:48:00 [Zakim]
I see 5 items remaining on the agenda; the next one is
14:48:02 [Zakim]
4. presentation by Thomas of Princeton workshop results [from ifette]
14:48:43 [ifette]
ScribeNick: cris
14:48:59 [Brian]
Brian has joined #dnt
14:50:02 [ifette]
scribenick: cris
14:50:06 [ifette]
zakim, scribenick: cris
14:50:06 [Zakim]
I don't understand 'scribenick: cris', ifette
14:51:04 [clp]
clp has joined #dnt
14:51:12 [Zakim]
14:55:14 [mischat_]
mischat_ has joined #dnt
15:06:29 [npdoty]
npdoty has joined #dnt
15:11:39 [KevinT]
KevinT has joined #dnt
15:15:17 [clp]
Hello everyone, break about to end. --Charles L. Perkins, Virtual Rendezvous,
15:19:41 [amyc]
amyc has joined #dnt
15:19:58 [ifette]
ScribeNick: cris
15:20:50 [ifette]
ScribeNick: ifette
15:20:54 [ifette]
tlr: we met in princeton
15:20:58 [ifette]
... and had about 80 people
15:21:09 [cris]
cris has joined #dnt
15:21:11 [ifette]
... find out what we should focus on
15:21:19 [ifette]
... showing slides from workshop
15:21:23 [ifette]
ScribeNick: cris
15:21:24 [cris]
how did we get here? (history)
15:21:30 [aleecia]
(thank you)
15:21:37 [scott]
scott has joined #dnt
15:21:58 [cris]
tlr: prevalence of tracking on the web
15:22:14 [efelten]
efelten has joined #dnt
15:22:37 [cris]
what are the expectations of users?
15:22:49 [npdoty]
s/what are/... what are/
15:23:27 [cris]
studies on what users felt about opting in?
15:23:27 [npdoty]
Zakim, next agendum
15:23:27 [Zakim]
agendum 4. "presentation by Thomas of Princeton workshop results" taken up [from ifette]
15:23:58 [cris]
introduction of mozilla DNT header
15:24:36 [npdoty]
Safari "Send Do Not Track HTTP Header" menu item
15:24:44 [cris]
msft: introduced Tracking Protection Lists (TPL)
15:25:21 [npdoty]
Microsoft member submission:
15:25:50 [cris]
big question...what does Do Not Track mean?
15:26:12 [cris]
there are different views on the matter
15:26:49 [fjh]
fjh has joined #dnt
15:27:08 [cris]
discussing scope limitations and requirements on properties of tracking controls
15:27:15 [npdoty]
CDT requirements: simple, universal, comprehensive, inclusive, effective, seamless, persistent, usable
15:27:50 [cris]
there currently is not a two-way dialog between consumer and publisher on DNT
15:29:03 [ifette]
s/ what are the/... what are the/
15:29:10 [ifette]
s/studies on/... studies on/
15:29:24 [ifette]
s/introduction of mozilla/... introduction of mozilla/
15:29:43 [ifette]
s/msft: introduced/... microsoft introduced/
15:29:49 [ifette]
s/big question/... big question/
15:29:50 [cris]
another view: canadian law ... third parties "web trackers are breaking the law"
15:29:50 [pde]
this argument from bluekai ("as current conceived DNT does not facilitate a transparent two-way dialog between the user and the publisher") a question to address is whether such dialogues should happen in HTTP headers, in web UI, or some mixture of the two
15:29:53 [npdoty]
cris, if you can start continuing lines with "… " (as per ifette), then it'll be easier for me to compile the minutes later
15:29:59 [ifette]
s/another view:/... another view,/
15:30:19 [ifette]
s/there are different/... there are different/
15:30:28 [ifette]
s/discussing scope/... discussing scope/
15:30:37 [ifette]
s/there currently is not/... there currently is not/
15:30:37 [pde]
s/this argument/from this argument/
15:31:19 [cris]
FTC criteria for do not track: consumer criteria should be universal, usable, persistent, effective and enforceable
15:31:26 [cris]
will do on the next line
15:31:36 [ifette]
s/FTC/... FTC/
15:32:45 [cris]
...european countries view "cookies should be opt-in"
15:33:13 [ifette]
s/...european/... european/
15:33:34 [cris]
...UC Berkeley: challenge to get DNT done in a year
15:33:50 [aleecia]
ePrivacy Directive, article 5(3): [PDF, sorry]
15:33:51 [ifette]
s/...UC/... UC/
15:34:11 [cris]
... the Tracking Protection Working Group Charter now exists (we're here)
15:35:15 [cris]
... we need to come up with Tracking Preference expression, definition, and compliance
15:35:45 [npdoty]
charter, including the list of deliverables, is available here:
15:35:45 [cris]
... and recommendation for Tracking Selection Lists
15:35:56 [ifette]
15:36:18 [ifette]
Zakim, agenda?
15:36:18 [Zakim]
I see 5 items remaining on the agenda:
15:36:19 [Zakim]
4. presentation by Thomas of Princeton workshop results [from ifette]
15:36:20 [Zakim]
5. Aleecia walking us through the charter [from ifette]
15:36:22 [Zakim]
6. group exercise clustering expectations [from ifette]
15:36:22 [cris]
... first in person meeting 9/21-9/22 in Cambridge, MA
15:36:23 [Zakim]
7. actual work (regulatory definition items) [from ifette]
15:36:25 [Zakim]
8. technology items [from ifette]
15:37:11 [npdoty]
Kimon: Article 5(3) is about consent, not necessarily opt in
15:37:44 [cris]
... Kimon: discussing european law
15:38:04 [npdoty]
s/... Kimon/Kimon/
15:39:10 [cris]
... aleecia: out of scope opt in vs opt out
15:39:27 [npdoty]
s/... aleecia/aleecia/
15:40:02 [cris]
ian: what the default tracking setting is greatly affects solution
15:40:35 [cris]
aleecia: how does the standard change?
15:41:16 [karl]
should we record an issue for it?
15:41:24 [cris]
matthias: let's follow up with how to deal with opt in an opt out at later time?
15:41:59 [cris]
???: definition of tracking will affect the solution
15:42:08 [npdoty]
15:42:39 [[Thomas]]
[Thomas] has joined #dnt
15:42:55 [npdoty]
jkaran: +1 on Ian, Brett
15:44:45 [cris]
joel: we should spend time understanding issues and uses of opt in or opt out
15:44:56 [npdoty]
15:45:03 [efelten]
15:45:09 [cris]
matthias: issues: exact definition of tracking and data collection
15:45:24 [sudbury]
sudbury has joined #dnt
15:45:25 [cris]
... default (opt in and opt out) and user interface ideas
15:45:37 [fjh]
fjh has joined #dnt
15:46:10 [karl]
15:46:10 [trackbot]
ISSUE-1 -- Example issue to be closed, so people can see what an issue looks like. -- closed
15:46:10 [trackbot]
15:46:31 [fielding]
q+, to wonder if we can make an assumption of default = off for technical direction and let that stand as advice in recommendations
15:46:38 [tlr]
tlr has joined #dnt
15:46:40 [karl]
15:46:41 [trackbot]
ISSUE-2 does not exist
15:46:43 [fielding]
15:46:49 [cris]
david wainberg: discuss privacy risks with solutions
15:47:16 [karl]
ISSUE-2: What is the meaning of DNT (Do Not Track) header?
15:47:16 [trackbot]
Sorry... adding notes to ISSUE-2 failed, please let sysreq know about it
15:47:37 [karl]
ISSUE: What is the meaning of DNT (Do Not Track) header?
15:47:37 [trackbot]
Created ISSUE-2 - What is the meaning of DNT (Do Not Track) header? ; please complete additional details at .
15:48:39 [aleecia]
(meta: we'll hit these issues after lunch)
15:48:48 [fielding]
15:49:25 [ifette]
ISSUE: what is the granularity of the choice we expect users to make?
15:49:25 [trackbot]
Created ISSUE-3 - What is the granularity of the choice we expect users to make? ; please complete additional details at .
15:49:49 [ifette]
zakim, next agendum
15:49:49 [Zakim]
agendum 5. "Aleecia walking us through the charter" taken up [from ifette]
15:50:17 [cris]
matthias: discuss what we are trying to do with wg
15:51:18 [amyc]
amyc has joined #dnt
15:51:19 [cris]
... interactions between TPL, TP-Expression, and DNT
15:51:42 [npdoty]
one document to describe the technical interaction between the browser and server
15:52:09 [npdoty]
and another (compliance, definitions) to describe what the server does once it's reached the server
15:52:45 [cris]
aleecia: almost done with process side of discussion
15:52:56 [cris]
... want to discuss charter
15:52:57 [aleecia]
15:53:31 [clp]
clp has joined #dnt
15:53:34 [cris]
... will have weekly teleconferences
15:53:45 [cris]
... will have face to face meetings
15:54:08 [cris]
... out of scope: user interface
15:54:58 [cris]
ian: agree, but we can't avoid UI
15:55:35 [cris]
nick: guidelines of user experience would be in scope
15:57:27 [npdoty]
tl: we can talk about the UI, understand the implications of the UI, without specifying it
15:58:28 [cris]
aleecia: tracking selection list = TPL
15:59:08 [Zakim]
- +1.949.483.aabb
15:59:22 [cris]
... we have w3c dependencies for collaboration with other w3c groups
16:00:27 [cris]
???: wants to add section for best current practices
16:00:36 [npdoty]
16:00:44 [fjh]
fjh has joined #dnt
16:00:49 [aleecia]
16:00:50 [npdoty]
s/practices/practices (like BCP from the IETF world)/
16:01:11 [tl]
tl has joined #dnt
16:01:15 [jkaran]
jkaran has joined #dnt
16:01:22 [cris]
aleecia: showing calendar
16:01:51 [npdoty]
FPWD out by October 6th, even though there won't be general agreement
16:02:00 [cris]
... schedule working draft by oct 6th
16:02:25 [karl]
16:02:26 [cris]
... Oct 13 - deadline for second face to face meeting
16:03:04 [cris]
... Oct 25th - internal issue cut-off
16:03:21 [cris]
... Nov 1st - next face to face meeting in Santa Clara
16:03:40 [npdoty]
s/Nov 1st/Oct 31st-Nov 1st/
16:04:37 [cris]
... Jan 30 - last call for comments on Dec draft
16:05:50 [cris]
... Apr 30 - candidate recommendation document
16:06:10 [cris]
... May 11 - request for transition
16:06:26 [cris]
... May 22 - proposed recommendation
16:07:00 [cris]
... drafts should go out on Tues and Thurs (quick iterations)
16:07:05 [clp]
clp has joined #dnt
16:07:50 [cris]
... discussing issues (with format and associated email thread)
16:08:17 [aleecia]
example issue:
16:08:59 [ifette]
ISSUE: what is the default? Is this an opt-in or an opt-out?
16:09:00 [trackbot]
Created ISSUE-4 - What is the default? Is this an opt-in or an opt-out? ; please complete additional details at .
16:09:00 [cris]
???: request to put calendar/schedule online
16:09:10 [tlr]
16:09:55 [cris]
aleecia: Oct 31st-Nov 1st Santa Clara (face to face)
16:10:06 [tlr]
ACTION: nick to put meeting calendar on WG home page
16:10:06 [trackbot]
Created ACTION-3 - Put meeting calendar on WG home page [on Nick Doty - due 2011-09-28].
16:10:11 [cris]
trick or treat? :)
16:10:25 [tlr]
16:10:59 [cris]
aleecia: "short" papers from princeton are online
16:11:39 [npdoty]
16:12:10 [tlr]
16:13:45 [davidwainberg]
davidwainberg has joined #dnt
16:14:06 [cris]
... we have a lot of work ahead of us (esp at beginning)
16:14:44 [cris]
matthias: lunchtime
16:15:00 [kcs]
kcs has left #dnt
16:15:42 [cris]
thomas: legal seafood reservation for 40 people at 7pm 9/21
16:16:21 [Zakim]
16:20:31 [npdoty]
npdoty has joined #dnt
16:21:55 [clp]
Lunch until 1:30 pm FYI
16:35:33 [sudbury]
sudbury has joined #dnt
16:37:01 [Zakim]
+ +1.818.575.aacc
16:37:03 [Zakim]
- +1.818.575.aacc
16:45:43 [scott]
scott has joined #dnt
16:53:04 [npdoty]
npdoty has joined #dnt
16:55:45 [aleecia]
aleecia has joined #dnt
16:57:19 [sudbury]
sudbury has joined #dnt
16:59:51 [fielding]
fielding has joined #dnt
17:09:55 [scott]
scott has joined #dnt
17:18:52 [cris]
cris has joined #dnt
17:34:03 [scott]
scott has joined #dnt
17:34:44 [cris]
matthias: time to go organize and categorize the success criteria with sticky notes
17:35:22 [efelten]
efelten has joined #dnt
17:38:15 [[Thomas]]
[Thomas] has joined #dnt
17:42:15 [Brett]
Brett has joined #dnt
17:44:23 [jmayer]
jmayer has joined #dnt
17:44:35 [jmayer]
Scribe: jmayer
17:45:03 [fielding]
please add "Good one-sentence description of DNT scope for use in browser config" (I am stuck on an Apache board meeting call outside)
17:46:27 [Brett]
ScribeNick: jmayer
17:46:46 [clp]
Doing an exercise on the wall
17:47:19 [ifette]
next agendum
17:47:39 [suegl]
suegl has joined #dnt
17:48:05 [ifette]
move to agendum 6
17:48:15 [cris]
matthias: review of the sticky board categorization
17:48:52 [cris]
sounds fine...let me know
17:49:29 [amyc]
amyc has joined #dnt
17:49:42 [jmayer]
aleecia: reminding group to think about use cases
17:50:01 [ifette]
17:50:17 [ifette]
agenda+ talk about what is tracking
17:50:24 [jmayer]
... going to spend 20 minutes addressing "What is tracking?"
17:50:32 [ifette]
close agendum 6
17:50:38 [ifette]
the agenda order is 9, 7, 8
17:50:49 [ifette]
zakim, next agendum
17:50:49 [Zakim]
agendum 9. "talk about what is tracking" taken up [from ifette]
17:51:08 [jmayer]
... inviting thoughts from input documents
17:51:21 [jmayer]
... first component: semantics
17:51:22 [jkaran]
jkaran has joined #dnt
17:51:26 [tlr]
ScribENick: jmayer
17:51:27 [jmayer]
... second component: exemptions
17:51:45 [jmayer]
... differing opinions on what should be exempted, and to what extent
17:52:04 [jmayer]
... third component: monolithic?
17:52:18 [jmayer]
... is this a binary choice, or more options for users?
17:52:48 [jmayer]
... fourth component: notice and feedback?
17:52:56 [jmayer]
... should there be a response, and if so, what should it do?
17:53:07 [tl]
s/binary choise/monolithic choice across all sites
17:53:30 [tl]
s/more options/per-site decisions
17:53:56 [jmayer]
... everyone has a view of what tracking means
17:54:00 [tl]
17:54:11 [jmayer]
... often conflicting
17:54:16 [jmayer]
... inviting input on what tracking means
17:54:18 [npdoty]
ack tl
17:54:31 [jmayer]
Thomas Lowenthal: we should start with a broad definition and add exemptions
17:54:39 [Zakim]
17:54:54 [tl]
17:54:56 [jmayer]
... "Anything that accumulates attributes or particular pieces of information about a user, a browser, or perhaps even a device."
17:54:59 [fjh]
fjh has joined #dnt
17:55:15 [jmayer]
Peter Eckersley: EFF has a blog post on this
17:55:28 [jmayer]
... broad definition, with exemptions
17:55:33 [jmayer]
... quoting from blog post
17:55:46 [jmayer]
17:55:48 [npdoty]
"retention of information that can be used to connect records of a person's actions or reading habits across space, cyberspace or time"
17:56:19 [pde]
npdoty: you beat me to it :)
17:56:34 [pde]
I was quoting myself from this blog post:
17:56:44 [jmayer]
Ian Fette: would define more narrowly, e.g. behavioral tracking
17:56:59 [jmayer]
... thinks it will be difficult to make progress with a broad definition
17:57:09 [npdoty]
"collecting data to generate a profile of a user"
17:57:12 [jmayer]
... "Collecting data to generate a profile of a user."
17:57:30 [pde]
ifette: I should have said what I thought the exceptions were
17:58:16 [pde]
since I think those go a long way toward bridging between the broad definitions tl and I were starting with, and the narrower one you thought we could move forward with
17:58:17 [jmayer]
Charles Perkins: "realtime or historical collection of information that in the aggregate is considered private by the user"
17:58:24 [alex]
alex has joined #dnt
17:59:37 [jmayer]
brett error: think about consumer expectations and what consumers should be able to ask about
17:59:42 [pde]
Brett: is this you?
18:00:30 [jmayer]
... do you expect your library to forget you?
18:00:42 [jmayer]
Thomas Lowenthal: I think this is about needed data collection
18:01:33 [jmayer]
Shane Wiley: if a broad definition, should have a caveat for "across non-associated sites or experiences"
18:01:44 [jmayer]
Aleecia: please clarify
18:01:58 [jmayer]
Shane Wiley: should be able to apply to apps, devices, and others
18:02:14 [jmayer]
Ed Felten: what's the difference between peter's and ian's definitions?
18:02:14 [tl]
s/Thomas Lowenthal: I think this is about needed data collection/Thomas Lowenthal: I think that the most important exception is for the information needed to provide & use the service
18:03:10 [efelten]
s/Ed Felten/efelten/
18:03:47 [jmayer]
pde: We have exemptions in our definition for first parties, fraud, clear opt-back-in, and where needed to provide a service
18:03:59 [jmayer]
aleecia: trying to hold off on the exemptions discussion
18:04:11 [jmayer]
efelten: still looking for a clarification
18:04:46 [npdoty]
shawn: aggregate reach calculation, frequency capping
18:04:59 [ifette]
18:05:07 [KevinT]
TRUSTe definition of behavioral targeting (subset of tracking):
18:05:13 [jmayer]
Sean Harvey: would like to use data collection for aggregate statistics and frequency capping
18:05:16 [KevinT]
"Behavioral Targeting" is the collection and use of information on an Individual's Online activity over a period of time for the purpose of developing and using predictive models to determine potential future behavior or interests.
18:05:27 [fielding]
fielding has joined #dnt
18:05:40 [ifette]
rrsagent, bookmark?
18:05:40 [RRSAgent]
18:06:06 [jmayer]
XXX: "Information about individual users or machines across sites of multiple owners"
18:06:24 [efelten]
18:06:32 [tlr]
slides fro, this morning:,
18:06:49 [jmayer]
jkaran: wondering if a broad definition is possible given all the things even one company might do that could be considered tracking
18:06:51 [tl]
s/slides fro,/slides from
18:06:54 [tlr]
18:06:55 [ifette]
s/kimon/Thomas Pottjegort/
18:08:25 [jmayer]
karl: this is about unique ids and linkability
18:08:32 [jmayer]
... that includes an ip address
18:08:56 [jmayer]
scott: about collection of attributions about an individual user
18:09:01 [jmayer]
... about "do not track me"
18:09:12 [jmayer]
... about uniqueness of attributes
18:09:13 [ifette]
s/scott/Scott Julian/
18:09:21 [ifette]
scribenick: ifette
18:09:36 [ifette]
Jonathan Mayer: tracking masks a first order question about what are users concerned about, what should users be concerned about
18:09:42 [ifette]
... it's not about profiling or specific use of data
18:09:43 [karl]
s/linkability/linkability of data/
18:09:51 [fjh]
+1 to user centric definition
18:09:53 [ifette]
... but that there are companies with a list of a user's reading habits, or large portion of what they've seen on the web
18:10:01 [ifette]
... regardless of what that is used for, that necessitates a broader definition
18:10:13 [ifette]
... if you think the concern is narrower, that mandates a narrower definition
18:10:22 [ifette]
... would like to hear what people think users are/should be concerned about
18:10:30 [ifette]
ScribeNick: jmayer
18:10:48 [tl]
tracking definitions piratepad
18:10:50 [tl]
18:11:58 [jmayer]
Mike Zaneis: many parties are trying to get to an end result
18:12:15 [jmayer]
... almost everything we're talking about is tracking
18:12:25 [jmayer]
... the DAA's definition is very broad
18:12:40 [npdoty]
"basically, collection of data over time across sites"
18:12:50 [fjh]
18:12:53 [jmayer]
... we have to be honest that with many exceptions, Do Not Track won't cover all tracking
18:12:55 [jmayer]
18:13:28 [jmayer]
scott: we need to figure out what the problem is, and how to frame the question we're asking users
18:13:43 [jmayer]
... "do you want free content on sites?"
18:13:51 [npdoty]
18:14:21 [jmayer]
mattias: we need a common understanding of what we mean
18:15:02 [efelten]
18:15:49 [npdoty]
jmayer: want to get at the underlying concern, some people think it's about seeing ads based on what they do on other sites, other people upset about profiles being created, others (including myself) about collection of reading habits at all
18:16:41 [jmayer]
Charles Perkins: concern is no explicit, simple description of tradeoff between functional content and privacy
18:16:51 [karl]
some users, not all users.
18:17:09 [jmayer]
Shane Wiley: blended conversation between what users are concerned about/should be concerned about and what we do
18:17:20 [jmayer]
... "Do Not Track" is a buzzphrase with press and FTC
18:17:43 [jmayer]
... I don't believe that "Do Not Track" has left the station
18:17:55 [jmayer]
... we can choose a new name
18:18:13 [npdoty]
I thought Shane was making the opposite point, that there's actually too much friction to try to re-name
18:18:33 [karl]
s/we can choose/we can't choose/
18:18:40 [jmayer]
... concern is profiling and tracking across sites
18:18:47 [karl]
s/don't believe/believe/
18:18:48 [jmayer]
ifette: what is realistic to expect?
18:19:14 [jmayer]
... asking web services to forget a user's interaction is unrealistic
18:19:53 [jmayer]
fjh: not following process, think we should be working through definition and exemptions
18:20:57 [fjh]
Some exemptions can involve some complexity so trying to capture in a single definition at the start can be hard
18:21:05 [ifette]
Jules: would it be worth defining the contexts in which we're defining tracking?
18:21:40 [fjh]
Tom and Scott offered what appears to be a simple and user-centric, simple, starting point
18:21:40 [jmayer]
Jules Polonetsky: Do we need a single definition of tracking, or would it be ok to have two or three?
18:22:04 [fjh]
18:22:08 [fjh]
18:22:34 [jmayer]
tl: there are two approaches, start broad and add exemptions, or give specific examples of tracking
18:23:12 [jmayer]
Jules: there are a range of sensitivities around tracking, we should accommodate them
18:24:22 [jmayer]
Brett: I don't understand what we collectively view the problem to be
18:24:27 [jmayer]
... here's what I think it is
18:25:14 [jmayer]
... I don't think we're saying that when a consumer gives a first party some information, she expects the first party to not have the information
18:25:42 [jmayer]
... if I haven't given information to a site and it personalizes for me, that's the problem
18:26:16 [jmayer]
pde: EFF's problem is that other companies see what you read on the New York Times or a dating site. Companies that the user doesn't expect to give their information to.
18:26:20 [jmayer]
Brett: I agree.
18:27:28 [jmayer]
fielding: Storing information on the third-party is the issue. There's no way to avoid a third party storing an audit of where content appears. That's needed for click fraud prevention. Would silo data.
18:27:43 [pde]
Brett: I think we are making progress, right?
18:27:48 [jmayer]
... Should be stored by a specific advertising network for each site.
18:28:07 [karl]
Thinking about indirect tracking such as the mail I sent to a user with his data being tracked, my address information shared with a friend and put in a system which does data mining.
18:28:16 [jmayer]
KevinT: Have to distinguish between general use case and sensitive information, e.g. medical information.
18:28:30 [jmayer]
... Concerns about identifiability of information are a driver.
18:28:45 [fjh]
Can the combination of data that is not sensitive become sensitive when combined?
18:28:53 [jmayer]
Amy Colando: Consumers differ in what they think is ok.
18:28:56 [pde]
fielding: leaving companies the necessary room to fight clickfraud while preventing that from being an open-ended record of their reading habits is in my view the most insolube part of DNT
18:29:22 [pde]
something like "siloing" may be the best we can do
18:29:25 [jmayer]
pde: we have some ideas on it, talk later
18:29:49 [jmayer]
Amy Colando: we need to work on making choice and what's going on more transparent for consumers
18:29:50 [fielding]
pde, I think we should focus on DNT preventing sharing of data rather than collection of data
18:29:55 [pde]
siloing, along with limited retention and other things
18:30:08 [tl]
emphasis: when third parties need to store data, it should be as an agent of the first party, and strictly siloed
18:30:22 [pde]
fielding: whereas my view is we should just exempt collection that feeds into a siloed clickfraud prevention process
18:30:25 [jmayer]
kimon: think we should be talking about browsers
18:30:41 [karl]
active sharing with someone else through a service doesn't mean sharing with the company offering the service. Example: Discussions of two friends in a cafe or on the phone. You do not want your discussion analyzed.
18:30:50 [jmayer]
... might be more room to agree there
18:31:25 [pde]
18:31:26 [tlr]
18:31:30 [tl]
i would like to reiterate karl's position strongly
18:31:32 [jmayer]
aleecia: wide range of views, closer than expected
18:32:00 [jmayer]
... starting from princeton, broad definition with exemptions
18:32:23 [jmayer]
... we'll wind up with a definition
18:32:33 [jmayer]
... it'll be a point of contention whether it's narrow or broad
18:32:37 [jmayer]
... and what's exempted
18:33:53 [tlr]
18:33:58 [jmayer]
Charles Perkins: we could try using adjectives around tracking, e.g. "behavioral tracking"
18:34:11 [tlr]
matthias: 1. what is tracking as first issue — take this list in there
18:34:12 [ifette]
ISSUE: What is the definition of tracking?
18:34:12 [trackbot]
Created ISSUE-5 - What is the definition of tracking? ; please complete additional details at .
18:34:24 [ifette]
ISSUE: What are the underlying concerns? Why are we doing this / what are people afraid of?
18:34:24 [trackbot]
Created ISSUE-6 - What are the underlying concerns? Why are we doing this / what are people afraid of? ; please complete additional details at .
18:34:28 [tlr]
… 2. what are underlying concerns, why do we do this, what are people afraid of — document
18:34:48 [tlr]
… 3. what types of tracking exist, how is tracking used — click fraud, frequency tracking
18:34:49 [ifette]
ISSUE: What types of tracking exists, and what are the use cases for these types of tracking?
18:34:49 [trackbot]
Created ISSUE-7 - What types of tracking exists, and what are the use cases for these types of tracking? ; please complete additional details at .
18:34:59 [tlr]
… would like to see a list what are the useful things that are done with these dat
18:35:02 [Brett]
karl: Agreed. The phone company should not collect information about me by evesdropping on my calls.
18:35:05 [tlr]
18:35:11 [ifette]
18:35:11 [trackbot]
ISSUE-2 -- What is the meaning of DNT (Do Not Track) header? -- raised
18:35:11 [trackbot]
18:35:15 [ifette]
18:35:15 [trackbot]
ISSUE-3 -- What is the granularity of the choice we expect users to make? -- raised
18:35:15 [trackbot]
18:36:02 [jmayer]
photos of the whiteboard will be available
18:36:17 [karl]
s/karl: Agreed/karl, Agreed/
18:36:50 [jmayer]
schunter: issue of exemptions
18:37:11 [KevinT]
Input document: TRUSTe consumer research on OBA ( - specific q's around DNT and perceived threats
18:37:12 [jmayer]
... last issue is transparency and better informing users
18:37:34 [jmayer]
ISSUE How do we enhance transparency and consumer awareness?
18:37:37 [npdoty]
crowd: user awareness, education
18:37:45 [jmayer]
ISSUE: How do we enhance transparency and consumer awareness?
18:37:45 [trackbot]
Created ISSUE-8 - How do we enhance transparency and consumer awareness? ; please complete additional details at .
18:38:23 [jmayer]
aleecia: four buckets to work through: semantics, exemptions, monolithic?, and notice and feedback
18:39:09 [jmayer]
aleecia: semantics is the base case
18:39:30 [ifette]
zakim, agenda?
18:39:30 [Zakim]
I see 3 items remaining on the agenda:
18:39:32 [Zakim]
9. talk about what is tracking [from ifette]
18:39:34 [Zakim]
7. actual work (regulatory definition items) [from ifette]
18:39:35 [Zakim]
8. technology items [from ifette]
18:39:41 [ifette]
agenda+ use cases
18:39:46 [ifette]
zakim, close this agendum
18:39:46 [Zakim]
agendum 9 closed
18:39:47 [Zakim]
I see 3 items remaining on the agenda; the next one is
18:39:49 [Zakim]
7. actual work (regulatory definition items) [from ifette]
18:39:53 [ifette]
zakim, take up agendum 10
18:39:53 [Zakim]
agendum 10. "use cases" taken up [from ifette]
18:40:02 [jmayer]
aleecia: moving on to use cases
18:40:52 [jmayer]
davidwainberg: preface that there are many commonalities among definitions
18:41:06 [sudbury]
sudbury has joined #dnt
18:41:20 [jmayer]
... privacy risk is complex, about who stores data, how, and more
18:41:34 [jmayer]
... use case 1: retargeting
18:41:56 [jmayer]
... user visits site A, views a product; visits unaffiliated site B, sees an ad for the product
18:42:10 [jmayer]
... just a single data point used for retargeting
18:42:31 [jmayer]
... use case 2: interest segments stored in a cookie
18:42:49 [jmayer]
... use case 3: cookie used as an ID for a server-side store
18:43:01 [jmayer]
... all three have very different risk profiles
18:43:31 [jmayer]
Shane Wiley: disagree with davidwainberg
18:43:49 [jmayer]
... all three use cases would fall into Do Not Track
18:44:16 [fjh]
... And would no longer occur if user elects dnt
18:44:30 [jmayer]
pde: non-linkable forms of segment targeting should be ok
18:45:32 [jmayer]
aleecia: question is whether we should have an exemption for client-side segmenting
18:45:36 [ifette]
scribenick: ifette
18:45:37 [npdoty]
pde saying segmented targeting (not uniquely-identifiable) fine even under Do Not Track
18:45:49 [ifette]
jonathan mayer: disagree with peter in what he just said, but agree with what he said two months ago
18:46:06 [ifette]
... way he's thought about this is to bring a holistic definition of the high level semantics
18:46:16 [ifette]
... at the same time allow things that don't engender privacy concerns
18:46:22 [ifette]
... is to lump that into privacy buckets
18:46:26 [ifette]
18:46:37 [ifette]
... disagreements around how the balance lies
18:46:53 [ifette]
... broad definition leads to lots of exemptions, narrow definition has fewer exemptions
18:47:06 [ifette]
... re: segments in cookies
18:47:27 [ifette]
... on that specific issue of client side data storage, would like to not get too far into specifics because there's many options with marginally different privacy options
18:47:37 [ifette]
... if we just say "it's a client side storage thing" and leave the details for later
18:47:40 [ifette]
scribenick: jmayer
18:48:40 [jmayer]
Sharles Perkins: as long as it's pseudonymous we shouldn't be worried
18:48:47 [ifette]
18:48:50 [efelten]
18:48:55 [jmayer]
tl: i don't think that's a consensus view
18:49:14 [pde]
jmayer: what do you think I changed my opinion over the past two months?
18:49:14 [jmayer]
Brett: how information came to be on the client matters a lot, e.g. a cookie sync
18:49:24 [pde]
s/over/of over/
18:49:52 [jmayer]
Sean Harvey: use case 1: first party on own site
18:50:11 [jmayer]
... use case 2: third party across multiple websites
18:51:08 [jmayer]
... use case 3: companies like CBS that use a third-party vendor with a third-party cookie, but used as just a software tool and with only the website able to read the data
18:51:24 [jmayer]
... use case 4: companies that collect data on their own sites and want to leverage that data on other sites
18:51:41 [tl]
it's important to note that users have no idea what first and third parties are
18:52:06 [jmayer]
... doubleclick is 3, google display network is 2
18:52:58 [jmayer]
Shane Wiley: pure first party, pure third party, first party as third party, third party as first party
18:53:27 [jmayer]
... a lot of discussion of first party as a third party, e.g. the facebook like button
18:53:47 [[Thomas]]
[Thomas] has joined #dnt
18:54:12 [jmayer]
ISSUE: Understand all the different first- and third-party cases.
18:54:13 [trackbot]
Created ISSUE-9 - Understand all the different first- and third-party cases. ; please complete additional details at .
18:55:44 [jmayer]
Charles Perkins: need to be able to explain to the user what these use cases are
18:56:10 [jmayer]
karl: suppose someone has an account with gmail
18:56:21 [jmayer]
... they're ok with being tracked by google
18:56:28 [jmayer]
... i'm on my own personal server for email
18:56:41 [jmayer]
... and I email someone who uses gmail
18:57:01 [jmayer]
Sean Harvey: Google would be a first party in this case.
18:58:51 [tl]
tl has joined #dnt
18:59:15 [jmayer]
Chris Olsen: suppose I'm forbes, and there's data collection on other websites, and i want to use that for ad targeting
18:59:24 [jmayer]
Sean Harvey: that's a third-party product
18:59:38 [fjh]
Is email like trash, once you put it out it isn't private or yours ( depending on receivers choices) ?
19:00:11 [jmayer]
Shane Wiley: yahoo analytics product allows a customer to request that their data be stored in a silo
19:00:55 [pde]
fjh: perhaps a better way of fitting that slightly off-topic email example into the framework we've been discussing, is that Google's receipt of the email you sent is necessary for the completion of a transaction you requested, and therefore is covered by an exception even if it's tracking
19:01:15 [jmayer]
Kevin Smith: how are first party as first party and third party as first party separate
19:01:22 [jmayer]
Charles Perkins: the third party might be untrusted
19:01:56 [jmayer]
npdoty: Depends on what "silo" means. Can have significant implications for users.
19:03:12 [jmayer]
jkaran: many third parties can be brought in with a single ad
19:03:13 [pde]
is "tag" an advertising term for a javascript include?
19:03:45 [jmayer]
enewland: separating out first and third parties can be circular, but valuable
19:04:40 [jmayer]
Thomas Pottjegort: if you silo data, it would be wise to anonymize the data before storing it
19:05:14 [jmayer]
Charles Perkins:users might expect that some first party uses would be covered
19:05:19 [jmayer]
... for example inside google
19:05:53 [jmayer]
Mike Zaneis: small companies with distinct brands can also be difficult for a definition
19:06:10 [fjh]
Pde, depends on how you define essential.
19:06:24 [jmayer]
zakim, bookmark?
19:06:24 [Zakim]
I don't understand your question, jmayer.
19:06:26 [karl]
note that "email" was just an example of a Web service in the case of gmail. You could use any services using Web standards to communicate across domain names (not silos) where the consumption of data of someone else might end up to the creation of a profile without having even agreed on any terms about it.
19:06:32 [npdoty]
rrsagent, bookmark?
19:06:32 [RRSAgent]
19:06:43 [fjh]
19:07:08 [jmayer]
Clay Webster: there can be difficulties where there are differences in branding or logo or domains
19:07:22 [jmayer]
... for example, this weird thing we did for awhile
19:07:42 [jmayer]
... we have to be a first party for ourselves
19:09:10 [fjh]
But I see your point, pde
19:09:12 [jmayer]
pde: Responding to Charles Perkins, there will be cases where consumers are concerned about one entity sharing information internally. But it's a company's problem if it violates consumer expectations. That's very different from different domain names.
19:09:32 [jmayer]
Amy Colando: Defining first party is a key foundation, probably can't get it done today.
19:09:47 [ifette]
ISSUE: What is a first party? As an example, CBS and C|Net are the same company but visually distinct websites/brand, is this a first party relationship?
19:09:48 [trackbot]
Created ISSUE-10 - What is a first party? As an example, CBS and C|Net are the same company but visually distinct websites/brand, is this a first party relationship? ; please complete additional details at .
19:09:52 [jmayer]
... Good reasons for third parties to keep data without anonymizing it.
19:10:16 [jmayer]
Shane Wiley: Recall that in the EU there are different definitions, data controller vs. data processor.
19:10:28 [pde]
fjh: I think it's reasonable to say that the recipient's mx servers (and anything they forward to) are a necessary part of email transactions; and per karl's example I think this would work equally well for any other back-end protocol that users interact with through websites
19:10:32 [karl]
what is data controller? What is data processor.
19:10:55 [karl]
s/fjh: I think/fjh, I think/
19:11:44 [fjh]
Perhaps karl's point can be restated as how can user DNT request be handled when no direct 1st party relationship is involved
19:11:56 [jmayer]
... there's a t least three versions of first party, common branded, same domain, and affiliated
19:12:12 [karl]
thanks fjh for clarifying my concern :) in a better way that I did.
19:12:43 [jmayer]
davidwainberg: Why do these definitions matter?
19:12:58 [jmayer]
Shane Wiley: Because we're going to reference the often.
19:13:16 [pde]
clp: looking at the youtube homepage, the word "google" does not appear on it anywhere. I would not be surprised if a large fraction of Youtube's users were unaware that the site was owned by Google.
19:13:44 [jmayer]
aleecia: Issues about user expectations and implementation.
19:13:55 [jmayer]
schunter: Our aim is to surface issues, we're doing that.
19:14:10 [adrianba]
adrianba has joined #dnt
19:14:45 [npdoty]
ISSUE: document a longer list of use cases -- what's going on today
19:14:46 [trackbot]
Created ISSUE-11 - Document a longer list of use cases -- what's going on today ; please complete additional details at .
19:15:05 [karl] RAISED ISSUE so far
19:15:59 [jmayer]
KevinT: Are apps in scope?
19:16:11 [jkaran]
jkaran has joined #dnt
19:16:12 [npdoty]
ISSUE: how does tracking require relation to unique identities, pseudonyms, etc.?
19:16:13 [trackbot]
Created ISSUE-12 - How does tracking require relation to unique identities, pseudonyms, etc.? ; please complete additional details at .
19:17:06 [jmayer]
schunter: Apps aren't excluded from scope, would address at some point.
19:17:14 [npdoty]
ISSUE: what are the requirements for DNT on apps/native software in addition to browsers?
19:17:14 [trackbot]
Created ISSUE-13 - What are the requirements for DNT on apps/native software in addition to browsers? ; please complete additional details at .
19:19:09 [ifette]
ISSUE: How does what we talk about with 1st/3rd party relate to European law about data collector vs data processor?
19:19:09 [trackbot]
Created ISSUE-14 - How does what we talk about with 1st/3rd party relate to European law about data collector vs data processor? ; please complete additional details at .
19:19:25 [jmayer]
Kimon: not clear who's a controller or processor under eu law
19:19:49 [jmayer]
Brett: Have to consider how personal the data being collected is.
19:19:59 [ifette]
ISSUE-14: How does what we talk about with 1st/3rd party relate to European law about data controller vs data processor
19:19:59 [trackbot]
ISSUE-14 How does what we talk about with 1st/3rd party relate to European law about data collector vs data processor? notes added
19:20:45 [npdoty]
didn't get what that last issue was
19:20:48 [jmayer]
19:20:52 [jmayer]
19:20:53 [fjh]
Zakim, who is here?
19:20:53 [Zakim]
On the phone I see StarConferenceRoom, [Microsoft]
19:20:55 [Zakim]
On IRC I see adrianba, [Thomas], sudbury, fielding, alex, fjh, amyc, suegl, jmayer, Brett, efelten, scott, cris, npdoty, davidwainberg, clp, tlr, KevinT, Brian, pde, kimon,
19:20:58 [Zakim]
... trackbot, Dan_, schunter, ifette, enewland, RRSAgent, karl, clay, Zakim, hober
19:20:59 [MZ]
MZ has joined #dnt
19:21:27 [jmayer]
KevinT: Have to deal with special treatment for children.
19:22:36 [jmayer]
tl: differences between legal questions about what's personal and technical questions about whether users can be identified
19:22:57 [jmayer]
ISSUE: What special treatment should there be for children's data?
19:22:57 [trackbot]
Created ISSUE-15 - What special treatment should there be for children's data? ; please complete additional details at .
19:25:07 [aleecia]
aleecia has joined #dnt
19:25:31 [jmayer]
[organizational discussion]
19:26:17 [jkaran]
jkaran has joined #dnt
19:26:39 [jmayer]
schunter: propose to break into small groups, each focuses on a narrow set of issues
19:27:50 [Brett]
zakim, who is on the phone?
19:27:50 [Zakim]
On the phone I see StarConferenceRoom, [Microsoft]
19:28:03 [Brian]
Brian Tschumper from Microsoft on phone
19:28:05 [clp]
19:28:10 [jmayer]
[decision: discuss everything as a group]
19:29:10 [npdoty]
ACTION for nick to set up iCal subscribable version of our events calendar
19:29:10 [trackbot]
Sorry, couldn't find user - for
19:29:27 [npdoty]
ACTION: nick to set up iCal subscribable version of our events calendar
19:29:27 [trackbot]
Created ACTION-4 - Set up iCal subscribable version of our events calendar [on Nick Doty - due 2011-09-28].
19:33:51 [tl]
tl has joined #dnt
19:36:55 [David]
David has joined #dnt
19:42:59 [fjh]
fjh has joined #dnt
19:55:18 [clp]
I will try to transcribe the next section, This is Charles L. Perkins, clp,
19:58:13 [aleecia]
zakim, who is on the phone?
19:58:13 [Zakim]
On the phone I see StarConferenceRoom, [Microsoft]
19:58:27 [aleecia]
Hi - is Microsoft JC Cannon?
19:58:40 [Brian]
Microsoft is Brian Tschumper
19:58:46 [cris]
cris has joined #dnt
19:58:51 [aleecia]
Thank you!
19:59:22 [aleecia]
zakim, [microsoft] has BrianTschumper
19:59:22 [Zakim]
+BrianTschumper; got it
20:00:26 [scott]
scott has joined #dnt
20:03:00 [fielding]
fielding has joined #dnt
20:03:34 [scott]
scott has joined #dnt
20:06:45 [npdoty]
npdoty has joined #dnt
20:10:44 [clp]
Session begins
20:10:51 [clp]
Notes that there will be weekly telephone conferences
20:10:59 [clp]
SHow of hands for timezones
20:11:32 [clp]
About equal between PDT and ET then about 1/2 as many in other timezones
20:11:36 [clp]
1 from Australia
20:12:13 [clp]
11 am ET 8 am PT 5 pm Central Europe
20:13:45 [sudbury]
sudbury has joined #dnt
20:13:45 [clp]
Notes that Europeans have trouble with 10/31 and 11/1 meeting anyway
20:13:59 [clp]
Suggestion to moving it one hour later
20:14:30 [clp]
90 min call, weekly
20:15:01 [sudbury_]
sudbury_ has joined #dnt
20:15:45 [karl]
20:15:59 [karl]
karl has joined #dnt
20:18:28 [Dan]
Dan has joined #dnt
20:18:36 [clp]
5 conflicts on Thur
20:18:39 [clp]
4 on Tuesday
20:18:42 [clp]
2 for Wed
20:18:58 [clp]
at noon 9 6 for ET / PT / Central EU
20:19:13 [clp]
Wed chosen
20:19:27 [clp]
noon ET, 9am PT, 6 pm Central Europe.
20:19:29 [clp]
(for now)
20:20:45 [clp]
Send Aleecia email if you have issues with this time / day
20:20:48 [karl]
20:20:50 [clp]
She will try to work it out
20:21:15 [clp]
Take the next section as a Lightning Round
20:21:27 [scott]
scott has joined #dnt
20:21:35 [npdoty]
scribenick: clp
20:21:39 [clp]
Alex: is the phone number published?
20:21:40 [clp]
yes it will be
20:21:56 [karl]
October 30, DST ends in Europe
20:21:56 [karl]
November 6, DST ends in USA
20:21:56 [karl]
known as the messy week for teleconferences
20:21:58 [clp]
No judgements fast rounds now is the idea
20:22:25 [clp]
Semantics and Exceptions, hopefully separate first
20:22:37 [tlr]
tlr has joined #dnt
20:22:40 [clp]
20:22:55 [efelten]
efelten has joined #dnt
20:23:07 [clp]
First exchange of preference, then site behavior will change
20:23:22 [clp]
Shane: will we begin with use cases from last time?
20:23:48 [clp]
Issues: 1-- data collection, 2-- data use
20:23:59 [clp]
(context 3rd party)
20:24:32 [clp]
Thomas: isn't semantics and exception/exemptions really the same thing?
20:24:55 [clp]
Trying to keep separate? No, let's give up and combine the first discussion.
20:25:08 [npdoty]
s/Trying/aleecia: Trying/
20:25:19 [clp]
Thomas: can we straw poll this?
20:25:37 [clp]
Not now.
20:25:45 [jmayer]
jmayer has joined #dnt
20:26:12 [clp]
Issues for what it means to Comply with getting a Don Not TRack signal
20:26:22 [clp]
EG 1st party Data collection:
20:26:49 [clp]
Jules: What is "collecting" in semantics?
20:27:00 [clp]
Collecting, Loggging, etc.
20:27:13 [clp]
Caching eg, is that collecting?
20:27:30 [npdoty]
ISSUE: what does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.)
20:27:31 [trackbot]
Created ISSUE-16 - What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) ; please complete additional details at .
20:27:34 [clp]
David: Retention, Accumulation, Profile
20:27:43 [fjh]
fjh has joined #dnt
20:28:03 [clp]
Attribution, Identification (another term)
20:28:06 [efelten]
20:29:29 [npdoty]
scribenick: npdoty
20:29:40 [npdoty]
jkaran: data use by 1st party
20:29:46 [clp_]
clp_ has joined #dnt
20:29:50 [clp_]
20:29:51 [npdoty]
… data collection methods, HTTP cookies and other technology types
20:29:59 [npdoty]
scribenick: clp
20:30:05 [clp_]
Time/Space device etc. <missed a few lines>
20:30:22 [clp_]
Atrribution / Identifiable
20:30:27 [clp_]
Time/space Devices
20:30:38 [clp_]
Parties -- what is definition of "Party"?
20:30:50 [clp_]
Issue: Data use by 1st Party
20:30:50 [trackbot]
Created ISSUE-17 - Data use by 1st Party ; please complete additional details at .
20:31:00 [clp_]
Data collection -- cookies or not
20:31:41 [clp_]
Issue: Collection definition (not sure I said the prefix before?)
20:31:41 [trackbot]
Created ISSUE-18 - Collection definition (not sure I said the prefix before?) ; please complete additional details at .
20:31:57 [clp_]
Issue: Data collection / Data use (3rd party)
20:31:57 [trackbot]
Created ISSUE-19 - Data collection / Data use (3rd party) ; please complete additional details at .
20:32:02 [clp_]
OK thanks
20:32:13 [clp_]
20:32:34 [clp_]
What isn't covered? Is there a magic button that gives you privacy? Do not track button does what?
20:32:59 [clp_]
Some linkage.... what is not part of this?
20:33:14 [clp_]
Common denominator.... why is it in scope of the button?
20:33:22 [npdoty]
s/What/... What/
20:33:29 [clp_]
Is there something that makes it belong on this page?
20:33:34 [npdoty]
s/Some linkage/... Some linkage/
20:33:43 [npdoty]
s/Common/... Common/
20:33:48 [npdoty]
s/Is there/... Is there/
20:33:59 [clp_]
... is it PII and no cookie etc?
20:34:17 [clp_]
(forgot) *blushes*
20:34:41 [clp_]
Mattias: can we focus just on the tracking part?
20:34:54 [jmayer]
would like to flag - the legal notion of PII is very different from the technical question of what information is identifiable
20:35:16 [clp_]
Shane: exception focus... so the ability for consumer to grant an exception... it's important to Yahoo and regulators -- need external auditibility
20:35:22 [npdoty]
ISSUE: different types of data, what counts as PII, and what definition of PII
20:35:23 [trackbot]
Created ISSUE-20 - Different types of data, what counts as PII, and what definition of PII ; please complete additional details at .
20:35:38 [clp_]
... outside operations, analytics and/or research
20:35:46 [clp_]
... fraud detection and defence
20:35:55 [clp_]
Mattias: examples?
20:36:30 [clp_]
Shane: prove in an audit that you didn't exceed promises, or that billing was properly done, etc.
20:37:06 [clp_]
... DNT compliance audit
20:37:18 [npdoty]
ISSUE: enable external audit of DNT compliance
20:37:19 [trackbot]
Created ISSUE-21 - Enable external audit of DNT compliance ; please complete additional details at .
20:37:49 [npdoty]
ISSUE: still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.)
20:37:49 [trackbot]
Created ISSUE-22 - Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.) ; please complete additional details at .
20:38:03 [npdoty]
ISSUE: possible exemption for analytics
20:38:03 [trackbot]
Created ISSUE-23 - Possible exemption for analytics ; please complete additional details at .
20:38:18 [npdoty]
ISSUE: possible exemption for fraud detection and defense
20:38:19 [trackbot]
Created ISSUE-24 - Possible exemption for fraud detection and defense ; please complete additional details at .
20:38:25 [clp_]
... network quality is industry term - showing your Ads in places that are reputable
20:38:33 [npdoty]
ISSUE: possible exemption for research purposes
20:38:34 [trackbot]
Created ISSUE-25 - Possible exemption for research purposes ; please complete additional details at .
20:38:55 [clp_]
Clay: ... lots of overlap... but denial of service prevention... store but maybe not use for this
20:39:17 [clp_]
Peter: ... decent fraud will handle that hopefully
20:39:31 [clp_]
Shane: just so we know advocates don't like a general exception there FYI
20:39:32 [npdoty]
ISSUE-22: should cover denial of service attacks, click fraud
20:39:32 [trackbot]
ISSUE-22 Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.) notes added
20:39:56 [clp_]
Clay: we need the semantics well published
20:40:10 [clp_]
... the auditing will have to mesh well
20:40:27 [clp_]
Aleecia: lead time? what are you saying?
20:40:37 [clp_]
Clay: yes, substantial lead time, before this kicks in
20:40:56 [clp_]
Matthias: easier for them, kick off issues
20:41:08 [clp_]
Clay: have you had a SOCKS (sp?) audit? Avoid at all cost!
20:41:20 [npdoty]
s/SOCKS/SOX (Sarbanes Oxley)/
20:41:57 [clp_]
... is there a limited defacto opt-in with having to explicitly opt in, e.g. zip code provided ...
20:42:20 [clp_]
... eg, if you're not being prompted yet you are supplying info, does it opt you in?
20:42:34 [clp_]
Aleecia: if you provide e.g. your billing address...
20:42:54 [clp_]
Jules breaks in: but someone then explicitly gives more info, not billing
20:43:10 [clp_]
Ed Fellen: how does this differ from the consumer consent?
20:43:16 [clp_]
Clay: widget on a page
20:43:21 [efelten]
s/Ed Fellen/efelten/
20:43:22 [npdoty]
20:43:26 [clp_]
Thomas Rossler: I go to site foo
20:43:33 [clp_]
... it shows me something
20:43:39 [clp_]
Kevin: eg a weather widget?
20:44:03 [clp_]
Thomas: does the 3rd party... yes, thank you
20:44:26 [clp_]
Clay: 3rd party widget and others providing explicit consent
20:44:32 [npdoty]
ISSUE: providing data to 3rd-party widgets -- does that imply consent?
20:44:33 [trackbot]
Created ISSUE-26 - Providing data to 3rd-party widgets -- does that imply consent? ; please complete additional details at .
20:45:02 [tlr]
example: 3rd party weather widget from gets information while embedded with, does this count as consent for to track me when I visit
20:45:45 [clp_]
Thomas from ComScore: there is one exception he is not sure why it is an exception / issue
20:46:55 [clp_]
Matthias: it's perfectly OK to exempt something ... if its an exclusion it's evident anyway
20:47:32 [clp_]
Kimon: Zorba the Greek... to remember ... not sure about debate... at first don't want to be tracked... yet now I like Google, OK for them to track me
20:47:44 [tlr]
kimon: I might decide I don't want to be tracked — but may permit some specific site to track me regardless?
20:47:49 [clp_]
... revoke the DNT for explicit cases?
20:47:50 [tlr]
… other point, going into frequency capping
20:48:10 [npdoty]
ISSUE: mechanism to revoke Do Not Track for specific entities (maybe I really like Google), "opt back in"
20:48:10 [trackbot]
Created ISSUE-27 - Mechanism to revoke Do Not Track for specific entities (maybe I really like Google), "opt back in" ; please complete additional details at .
20:48:13 [clay_]
clay_ has joined #dnt
20:48:23 [clp_]
... Post click or other methods, e.g. conversion, advert --> sale
20:48:23 [[Thomas]]
[Thomas] has joined #dnt
20:48:39 [clp_]
... those should not be excluded
20:48:59 [clp_]
... asks Shane
20:49:09 [clp_]
Shane: yes, when we talk about 3rd party widgets: 2 concepts:
20:49:15 [clp_]
... impression vs interaction
20:49:25 [clp_]
... see affliate ad vs they click on it
20:49:35 [clp_]
Scott: Law enforncement requirements?
20:50:04 [npdoty]
ISSUE: different rules for impression of and interaction with 3rd-party ads/content
20:50:24 [efelten]
ISSUE: Exception for mandatory legal process
20:50:24 [trackbot]
Created ISSUE-28 - Exception for mandatory legal process ; please complete additional details at .
20:50:32 [clp_]
Charles: fits into my larger point: existing law, policy, how we fit into it
20:51:02 [npdoty]
ISSUE: tracking that may be required by law enforcement
20:51:03 [trackbot]
Created ISSUE-29 - Tracking that may be required by law enforcement ; please complete additional details at .
20:51:07 [clp_]
Erica: .. for policy or legal reasons we don't want DNT to apply to them... are there things that we just don't think are NOT in the scope of this?
20:51:34 [clp_]
... data aggregation EG, collects lots of data, selling to someone else
20:52:16 [clp_]
... not online explicitly tracking ... data sharing / enhancementdata in offline world, combined with online
20:52:18 [clp_]
20:52:30 [clp_]
(said the above last part)
20:52:51 [clp_]
Jules: commerce site, just sells the data, seems like we saying it has to have seomthing to do with online tracking?
20:53:37 [clp_]
... is offline the only exemption? replicating privacy law and existing ... are we including don't give that data to them?
20:53:48 [clp_]
Matthias: What privacy problems are out of scope?
20:54:46 [npdoty]
ISSUE: will Do Not Track apply to offline aggregating or selling of data?
20:54:46 [trackbot]
Created ISSUE-30 - Will Do Not Track apply to offline aggregating or selling of data? ; please complete additional details at .
20:54:49 [clp_]
Jonathon: Minimization... in some cases privacy concern might be minimal, but in many cases lots of tech apporaches
20:55:09 [clp_]
... to what extent so we want to recommend tech / nice tech?
20:55:26 [clp_]
... broad exceptions yet some tech might be better for implementing them?
20:55:55 [clp_]
... frequency capping eg, we are NOT going to allow it in .... but may be allow it in this other case, where minimization makes a difference
20:56:12 [clp_]
Peter: The technical conditional nature of exemption
20:56:37 [clp_]
Aleecia: Is it reasonable for us to only have exemption only based on the tech they use?
20:56:44 [npdoty]
ISSUE: minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions)
20:56:44 [trackbot]
Created ISSUE-31 - Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions) ; please complete additional details at .
20:57:11 [clp_]
Peter: is it a particular detailed choice like language, or just general tech choices
20:57:43 [clp_]
Jonathon: high level... is it reasonable to ask people to ever adopt or not a given tech...
20:58:00 [clp_]
Shane: are there reasonable tech. exemptions
20:58:11 [pde]
I'm more comfortable with "specific approaches" than "specific technologies"
20:58:15 [npdoty]
ISSUE-31: Shane: do you get exemptions by using particular technical implementations?
20:58:15 [trackbot]
ISSUE-31 Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions) notes added
20:58:31 [pde]
clp_: Peter == pde
20:58:32 [clp_]
Brett: we also need to address... the sharing of data between entities
20:58:36 [clp_]
... cookie sync'ing
20:58:49 [clp_]
... beacon calls ... more of a Use Case
20:59:07 [clp_]
Matthias: do we alll agree we know what cookie sync'ing is?
20:59:38 [clp_]
Brett: a 3rd party reads in a 1st party cookie, makes it their own and use it everywhere else (beacon)
20:59:56 [clp_]
Peter: For example, Cookie ID1 and ID2 are the same is one EG
21:00:00 [npdoty]
ISSUE: sharing of data between entities via cookie syncing / identity brokering
21:00:00 [trackbot]
Created ISSUE-32 - Sharing of data between entities via cookie syncing / identity brokering ; please complete additional details at .
21:00:08 [clp_]
Brett: may be covered in the linking section.
21:00:22 [clp_]
Brad: complexity of the choice we ask users to make
21:00:30 [pde]
s/are the same/are the same person/
21:00:38 [clp_]
... are you actually exposing these exemptions to users, or just saying these are them
21:00:52 [npdoty]
ISSUE: complexity of user choice (are exemptions exposed to users?)
21:00:52 [trackbot]
Created ISSUE-33 - Complexity of user choice (are exemptions exposed to users?) ; please complete additional details at .
21:01:27 [clp_]
Aleecia: many ways of slice/dice the DNT
21:01:40 [clp_]
... no split one choice
21:01:49 [clp_]
... DNT either on or off
21:02:25 [clp_]
Thomas Lowenthal: ... user said on/off separately from what you do (on/off), there are multiple states the user could be in
21:02:54 [clp_]
Aleecia: that is in Notices and Feedback
21:02:58 [clp_]
Shane: what do you mean again?
21:03:05 [clp_]
Aleecia: One possibility, one button.
21:03:14 [clp_]
Scott: aggregate analytics
21:03:29 [npdoty]
ISSUE: possible exemption for aggregate analytics
21:03:30 [trackbot]
Created ISSUE-34 - Possible exemption for aggregate analytics ; please complete additional details at .
21:04:11 [clp_]
Kevin: if you have individual exemptions... can a site then ask the user, hey for US is it OK for US (this site) to track this now?
21:04:22 [clp_]
... opt back in just for this site
21:04:44 [npdoty]
ISSUE-27: Kevin (Adobe): users should be able to opt back in for either a first or third party
21:04:45 [trackbot]
ISSUE-27 Mechanism to revoke Do Not Track for specific entities (maybe I really like Google), "opt back in" notes added
21:05:00 [clp_]
Brett: Want a way to express the level of trust, for tracking.
21:05:18 [clp_]
Shane: Brand, and/or affiliated network... what is the definition of a party?
21:05:21 [npdoty]
ISSUE-27: opting back in for a brand, for "an affiliated party"
21:05:21 [trackbot]
ISSUE-27 Mechanism to revoke Do Not Track for specific entities (maybe I really like Google), "opt back in" notes added
21:05:36 [clp_]
Ed Felten: how interacts with other existing programs
21:06:02 [clp_]
Aleecia: including industry self-regulation
21:06:07 [npdoty]
ISSUE: how will DNT interact with existing opt-out programs (industry self-reg, other)?
21:06:07 [trackbot]
Created ISSUE-35 - How will DNT interact with existing opt-out programs (industry self-reg, other)? ; please complete additional details at .
21:06:18 [fjh]
fjh has joined #dnt
21:06:39 [clp_]
Thomas ComScore: behavior Ads / content ... tracking is not the issue, but that the content has changed because of what I did before...
21:07:01 [clp_]
Aleecia: Two tiers? ONe is just behaviorally targeted Ads the othe rot just persinalization
21:07:14 [clp_]
Thomas: yes
21:07:34 [clp_]
XXX: I have the idea we need a split, don't know how we decide.
21:07:34 [karl]
another issue is people with shared devices and/or cybercafes. The browser (the device) is not the person. Specifically in third world countries
21:07:52 [amyc]
amyc has joined #dnt
21:07:54 [clp_]
Jonathon: made draw laughter... you could go all the way toward declarative P3P
21:07:59 [clp_]
21:08:02 [npdoty]
ISSUE: should DNT opt-outs distinguish between behavioral targeting and other personalization?
21:08:02 [trackbot]
Created ISSUE-36 - Should DNT opt-outs distinguish between behavioral targeting and other personalization? ; please complete additional details at .
21:08:12 [clp_]
...specific biz user roles in ecosystem
21:08:15 [efelten]
s/made draw/this might draw/
21:08:31 [clp_]
Thomas Lowenthal: that seems to be explicitly out of scope
21:08:40 [clp_]
Aleecia: If not deep, OK, if deep, out of scope.
21:09:03 [clp_]
Kevin: as an actual consumer, what data is being kept, why, and is it only the advantage for me or just for you?
21:09:07 [tl]
for reference: "The Working Group will not design mechanisms for the expression of complex or general-purpose policy statements."
21:09:24 [clp_]
... something that wide is doable?
21:09:26 [npdoty]
ISSUE: granularity could be as complex as something P3P-style, based on business types and uses
21:09:26 [trackbot]
Created ISSUE-37 - Granularity could be as complex as something P3P-style, based on business types and uses ; please complete additional details at .
21:09:42 [clp_]
... I am fine with the company keeping the info, for this reason, ...
21:10:00 [clp_]
... part of the split is so wide... conceptually that's what is driving me as the consumer
21:10:11 [clp_]
Aleecia: some categories can then be rolled up
21:10:27 [clp_]
Kevin: Why they want GPS, if it makes sense, will say yes.
21:10:47 [clp_]
Scott: That covers a lot of what I want to say.
21:11:07 [npdoty]
ISSUE-37: could have exemptions that are based on different types of use ("I'm okay with anonymized use for research")
21:11:08 [trackbot]
ISSUE-37 Granularity could be as complex as something P3P-style, based on business types and uses notes added
21:11:28 [clp_]
Kevin: setting up a DNT on exception and rules, just noting the user doesn't even know its happening, still invisible
21:11:42 [clp_]
... consideration of when tracking is actually happening
21:12:07 [clp_]
Aleecia: anonymized data, splitting based on data use
21:12:36 [clp_]
Kimon: term of Europe, anonmized means something else perhaps, render a data set anonymous
21:12:55 [npdoty]
21:13:00 [clp_]
Shane: break the tie with production system, here in US a random ID is OK, in EU, used repetitively is not OK
21:13:23 [efelten]
s/ID is OK/ID is not PII/
21:13:35 [clp_]
Karl: meaning of DNT with user process in 3rd world country where computer / browser used by many people not just one
21:13:56 [clp_]
... mobile phone shared by community
21:14:06 [npdoty]
ISSUE: granularity for different people who share a device or browser
21:14:06 [trackbot]
Created ISSUE-38 - Granularity for different people who share a device or browser ; please complete additional details at .
21:14:32 [clp_]
Clay: goes alone with mobile, be able to toggle based on geographically ... don't want to be tracked via GPS
21:14:49 [clp_]
... don't transmit my location ever ... yes
21:15:06 [clp_]
... other possibly use/not use DNT just for this session
21:15:11 [npdoty]
ISSUE: tracking of geographic data (however it's determined, or used)
21:15:11 [trackbot]
Created ISSUE-39 - Tracking of geographic data (however it's determined, or used) ; please complete additional details at .
21:15:27 [npdoty]
ISSUE: enable Do Not Track just for a session, rather than being stored
21:15:27 [trackbot]
Created ISSUE-40 - Enable Do Not Track just for a session, rather than being stored ; please complete additional details at .
21:15:46 [npdoty]
21:15:46 [trackbot]
ISSUE-12 -- How does tracking require relation to unique identities, pseudonyms, etc.? -- raised
21:15:46 [trackbot]
21:17:49 [clp_]
Charles: True Name vs pseiduonymity
21:18:02 [clp_]
... also social networks as analogy to trust in brand / groups of them
21:18:25 [clp_]
Jennifer: we you use tracking negative but interest based targeting is positive
21:18:36 [clp_]
... a way to discuss this with users, words matter
21:18:50 [npdoty]
ISSUE: consistent way to discuss tracking with users (terminology matters!)
21:18:50 [trackbot]
Created ISSUE-41 - Consistent way to discuss tracking with users (terminology matters!) ; please complete additional details at .
21:18:50 [clp_]
... be consistent, alleviate confusion
21:19:28 [clp_]
Charles: Monolithic is where my social networking thing fits
21:19:43 [clp_]
Matthias: a channel from the browser from the site is there a back channel?
21:20:28 [clp_]
Cris: use cases.... make tracking more prominent in the browser
21:20:33 [clp_]
... e.g. you see Green or a lock
21:20:42 [clp_]
Aleecia: as a UI issue, we won't go into that
21:21:03 [npdoty]
ISSUE: feedback to the user from the browser when Do Not Track is turned on
21:21:03 [trackbot]
Created ISSUE-42 - Feedback to the user from the browser when Do Not Track is turned on ; please complete additional details at .
21:21:10 [clp_]
Cris: DNT enabled, educate user: here's how the site will change because of DNT being "on"
21:21:30 [clp_]
...either that, condition of using this site is ... we will capture this info., share this with those guys, etc.
21:21:38 [clp_]
...or you can pay a monthly subscription
21:22:06 [clp_]
Aleecia: vaguely like a Privacy policy is one, another is choice: money or lose functyionaliyu
21:22:24 [clp_]
Cris: Android... why access to my call list? Sure, I will give that up
21:22:47 [clp_]
Karl: Do you mean the server should be able to directly change the setting in the web page?
21:22:58 [npdoty]
ISSUE: sites should be able to let the user know their options when they arrive with Do Not Track
21:22:59 [trackbot]
Created ISSUE-43 - Sites should be able to let the user know their options when they arrive with Do Not Track ; please complete additional details at .
21:23:03 [clp_]
Cris: Yes, right, like in Firefox they provide that header,, so they can detect and set it up.
21:23:09 [clp_]
Jonathos: 3 use cases
21:23:27 [clp_]
....1 measure detect who is making a commitment to DNT
21:23:35 [npdoty]
ISSUE: ability to measure/detect who is honoring Do Not Track at a technical level
21:23:36 [trackbot]
Created ISSUE-44 - Ability to measure/detect who is honoring Do Not Track at a technical level ; please complete additional details at .
21:24:01 [clp_]
... 2 regulatory hook here, companies making commitments here is only way now, have feedback mechanism into US Law
21:24:04 [npdoty]
ISSUE: companies making public commitments with a "regulatory hook" for US legal purposes
21:24:04 [trackbot]
Created ISSUE-45 - Companies making public commitments with a "regulatory hook" for US legal purposes ; please complete additional details at .
21:24:29 [clp_]
... 3 some users might want to engage in self-help, this site promises DNT, user says only use those sites
21:24:54 [clp_]
Aleecia: reads back some:
21:25:20 [clp_]
... Know who supports DNT across ecosystem (exhaustive list), not just of the sites I was visiting
21:25:24 [clp_]
Jonathon: both would be nice
21:25:30 [npdoty]
ISSUE: enable users to do more granular blocking based on whether the site responds honoring Do Not Track
21:25:30 [trackbot]
Created ISSUE-46 - Enable users to do more granular blocking based on whether the site responds honoring Do Not Track ; please complete additional details at .
21:25:40 [clp_]
... interface right in browser, and also list
21:25:50 [clp_]
Aleecia: regulatory hook?
21:26:25 [clp_]
Jonathon: US Law... without all details.... if a company makes a representation, then violates it, would be to make DNT enforceable via these committments
21:26:48 [npdoty]
ISSUE-44: useful both for broader crawling analysis and for per-site notice about which items are responsive
21:26:48 [trackbot]
ISSUE-44 Ability to measure/detect who is honoring Do Not Track at a technical level notes added
21:26:50 [clp_]
Shane: challenge/response method, or texturally in Privacy Policy, former in IETF draft
21:27:14 [clp_]
Amy: question for Jonathon
21:27:20 [clp_]
... co branded page?
21:27:29 [npdoty]
ISSUE-45: a way to address "toothless" complaints or enforcement issues for Do Not Track
21:27:29 [trackbot]
ISSUE-45 Companies making public commitments with a "regulatory hook" for US legal purposes notes added
21:27:54 [clp_]
Jonathon: providing some ability to know who is honoring it... combined page... broader web context is another... users, reseachers, regulators, stakeholders, etc.
21:28:01 [npdoty]
21:28:08 [clp_]
Amy: collaborative résponse creation OK?
21:28:21 [clp_]
Aleecia: role up, multiple entities
21:28:46 [clp_]
Kimon: not sure the regulatory hook,, would not work out with 27 regulatory jurisdictions
21:28:58 [clp_]
... unless it is personal data
21:29:19 [clp_]
... program of accountability.... isn't it under that heading?
21:29:35 [clp_]
Jonathon: both self-regulation and law, both useful here...
21:29:43 [clp_]
... he thinks law is doable, taking it offline
21:30:22 [clp_]
Alecia -- US and EU could differ, self-regulatory, and auditing can be bundled together, feedback mechanism
21:30:24 [npdoty]
ISSUE-45: could be useful for enforcement either through regulation or self-regulation; "accountability"; could be EU/US jurisdiction distinctions
21:30:24 [trackbot]
ISSUE-45 Companies making public commitments with a "regulatory hook" for US legal purposes notes added
21:30:35 [clp_]
Shane: self regulation should have teeth via Audits.
21:32:13 [clp]
clp has joined #dnt
21:32:24 [clp]
...missed a few due to crash
21:32:35 [clp]
Roy Fielding: issue
21:32:37 [npdoty]
ISSUE: should the response from the server point to a URI of a policy (or an existing protocol) rather than a single bit in the protocol?
21:32:38 [trackbot]
Created ISSUE-47 - Should the response from the server point to a URI of a policy (or an existing protocol) rather than a single bit in the protocol? ; please complete additional details at .
21:32:54 [tlr]
ISSUE-47: candidates: HTTP link relationship, .well-known, ...
21:32:54 [trackbot]
ISSUE-47 Should the response from the server point to a URI of a policy (or an existing protocol) rather than a single bit in the protocol? notes added
21:33:24 [clp]
Thomas Lowenthal: re-propose, suggest use case: challenge / response, specific proposal
21:33:33 [clp]
Matthias: Details not ironed out yet
21:33:50 [clp]
Nick: are there specific details here?
21:34:39 [clp]
Thomas: Challenge is 1, server says I am going to follow 1, or allow 0. I see you are requesting DNT, and I as server may or may not accept that.
21:34:51 [tlr]
21:34:54 [clp]
Thomase ComScore: that means for exception you also have to...
21:35:00 [clp]
Thomas Lowenthal: No
21:35:28 [clp]
... reply sent depends on why . what... taken offline
21:35:37 [npdoty]
ISSUE: response from the server could both acknowledge receipt of a value and (separately) whether the server will honor it
21:35:38 [trackbot]
Created ISSUE-48 - Response from the server could both acknowledge receipt of a value and (separately) whether the server will honor it ; please complete additional details at .
21:35:45 [tlr]
ISSUE-48: alternate design choice for ISSUE-47
21:35:46 [trackbot]
ISSUE-48 Response from the server could both acknowledge receipt of a value and (separately) whether the server will honor it notes added
21:36:06 [clp]
Kevin: reframe ... with the Icon system ... is there a response with every back/forth so you can see it happening
21:36:15 [clp]
... self asserted compliance vs audited compliance
21:36:23 [clp]
... more weight to oversight?
21:37:33 [clp]
Aleecia: Self-asstered compliane, useful feedback, <back and forth with Kevin>
21:37:41 [clp]
... independent audit
21:38:11 [clp]
Frederick: why not comply?
21:38:33 [clp]
Aleecia: Facebook says we do not comply with the way that compact policies work rather than having tokens as part of that
21:38:37 [clp]
... it exists now
21:38:49 [clp]
Shane: no pen but have a use case
21:39:00 [clp]
... depending on how we go about allowing the user to give consent
21:39:22 [clp]
... leave it to parties to give consent vs (lost)
21:39:37 [clp]
Aleecia: ... opt in using some other procedure
21:39:50 [npdoty]
Shane: a common use case for specifying that you don't comply is the use case of noting that you the user have opted back in through some out-of-band measure
21:40:10 [clp]
Kevin Adobe: as a consumer once I click that box user assumes there is no tracking, but actually we can't tell... you may still be tracked
21:40:24 [clp]
Peter: or they could lie and track you anyway
21:40:36 [clp]
Aleecia: Notice of sites that DON'T give notice
21:41:26 [npdoty]
ISSUE-48: could enable the browser to tell the user that they may still be tracked
21:41:27 [trackbot]
ISSUE-48 Response from the server could both acknowledge receipt of a value and (separately) whether the server will honor it notes added
21:41:38 [ifette]
zakim, agenda?
21:41:38 [Zakim]
I see 3 items remaining on the agenda:
21:41:40 [Zakim]
7. actual work (regulatory definition items) [from ifette]
21:41:42 [Zakim]
8. technology items [from ifette]
21:41:42 [Zakim]
10. use cases [from ifette]
21:41:48 [ifette]
agenda 7-
21:41:51 [clp_]
clp_ has joined #dnt
21:41:51 [ifette]
agenda 8-
21:41:52 [ifette]
agenda 10-
21:41:56 [ifette]
agenda+ closing remarks
21:41:59 [clp_]
Matthias: closing
21:42:02 [ifette]
zakim, take up agendum 11
21:42:02 [Zakim]
agendum 11. "closing remarks" taken up [from ifette]
21:42:05 [clp_]
(missed a few lines again due to crash)
21:42:22 [clp_]
Matthias: now we have all the boards .... catch all these balls in the air and put into documents somehow
21:42:31 [karl]
We opened 48 issues. 47 in fact. we closed the first one.
21:42:42 [npdoty]
… very positive so far, people listening to each other
21:42:52 [clp_]
... original agenda... too early for tech... best if we take the issues list and sort it, make little groups... tackle some of the issues
21:43:15 [clp_]
... if I would be me
21:43:31 [clp_]
... I would do the basic things first, find what they are, start there, in each issue
21:43:35 [clp_]
... smaller groups ideal
21:43:56 [clp_]
... drop yourself into issue interest groups
21:44:08 [clp_]
... report results back to larger group, then iterate
21:44:39 [clp_]
Aleecia: slip deadline on other deliverables?
21:44:44 [clp_]
Matthias: I don't know
21:44:59 [clp_]
... what we should do tomorrow: morning: ironing out issue
21:45:13 [clp_]
... afternoon sort issues into documents, create resolved and unresolved
21:45:33 [clp_]
W3C guy: agenda adjustment on the fly usually a bad idea
21:45:41 [npdoty]
s/W3C guy/tlr/
21:45:47 [clp_]
... may want to reallocate the time, a dinner discussion
21:46:06 [clp_]
... equal time, e.g. tech deliverable longer time needed
21:46:20 [clp_]
Brad: we are proposing breaking into groups for issues
21:46:32 [clp_]
... but people in the room don't agree, not that they don't understand them
21:46:34 [npdoty]
21:47:06 [clp_]
... example of meaningful group discussion
21:47:22 [clp_]
Matthias: 1st party 3rd party, carve out all the cases, document them
21:47:29 [clp_]
Brad: expand and geneate
21:47:36 [npdoty]
21:47:56 [clp_]
Matthas: identify preliminary agreement... make proposals, plausible conclusion / solution
21:48:11 [clp_]
... focuses energy, makes results more tangible
21:48:36 [clp_]
Roy: anyone who raised an issue, gives mailing list your own description of what the issue means
21:48:51 [clp_]
Brad: only members can see issues, so some can't see them
21:49:16 [clp_]
tlr: you can send email, that will get registered and linked properly
21:49:38 [clp_]
KimonL I have not received such email
21:49:38 [fielding]
fielding has joined #dnt
21:49:50 [clp_]
Aleecia: subscribe if you have not, archives are public
21:49:51 [karl]
21:49:59 [karl]
Mailing list
21:49:59 [ifette]
rrsagent, please draft the minutes
21:49:59 [RRSAgent]
I have made the request to generate ifette
21:50:15 [clp_]
Matthias: end, dinner at 7 pm at Legal Sea Food
21:50:21 [clp_]
... map on wall
21:50:27 [clp_]
... end session.
21:50:38 [ifette]
rrsagent, make minutes public
21:50:38 [RRSAgent]
I'm logging. I don't understand 'make minutes public', ifette. Try /msg RRSAgent help
21:50:41 [fielding]
21:50:44 [ifette]
rrsagent, make record public
21:50:53 [Zakim]
21:51:06 [Zakim]
21:51:07 [Zakim]
Team_(dnt)13:00Z has ended
21:51:09 [Zakim]
Attendees were +1.617.715.aaaa, StarConferenceRoom, +1.949.483.aabb, +1.818.575.aacc, BrianTschumper
21:57:51 [aleecia]
aleecia has joined #dnt
22:29:10 [npdoty]
npdoty has joined #dnt
22:38:10 [enewland]
enewland has joined #dnt
23:05:27 [aleecia]
aleecia has joined #dnt