IRC log of dnt on 2011-09-22

Timestamps are in UTC.

01:23:15 [aleecia]
aleecia has joined #dnt
01:25:56 [KevinT]
KevinT has joined #dnt
01:42:05 [ifette]
ifette has joined #dnt
01:42:37 [ifette]
ifette has joined #dnt
01:51:57 [davidwainberg]
davidwainberg has joined #dnt
01:52:14 [tlr]
tlr has joined #dnt
01:53:06 [tlr]
ISSUE-23: general case of ISSUE-34
01:53:06 [trackbot]
ISSUE-23 Possible exemption for analytics notes added
01:53:07 [tlr]
ISSUE-34: special case of ISSUE-23
01:53:07 [trackbot]
ISSUE-34 Possible exemption for aggregate analytics notes added
01:54:29 [schunter]
schunter has joined #dnt
01:57:30 [tlr]
issue-28?
01:57:30 [trackbot]
ISSUE-28 -- Exception for mandatory legal process -- raised
01:57:30 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/28
01:57:35 [tlr]
issue-29?
01:57:35 [trackbot]
ISSUE-29 -- Tracking that may be required by law enforcement -- raised
01:57:35 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/29
01:57:45 [tlr]
issue-28: duplicate of issue-29?
01:57:45 [trackbot]
ISSUE-28 Exception for mandatory legal process notes added
01:57:51 [tlr]
issue-29: duplicate of issue-28?
01:57:51 [trackbot]
ISSUE-29 Tracking that may be required by law enforcement notes added
02:00:41 [tlr]
rrsagent, draft minutes
02:00:41 [RRSAgent]
I have made the request to generate http://www.w3.org/2011/09/22-dnt-minutes.html tlr
02:00:45 [tlr]
rrsagent, make record public
02:09:42 [npdoty]
npdoty has joined #dnt
02:10:02 [tlr]
ISSUE: third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party?
02:10:02 [trackbot]
Created ISSUE-49 - Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/49/edit .
02:10:51 [tl]
tl has joined #dnt
02:19:51 [karl]
karl has joined #dnt
02:32:22 [sudbury]
sudbury has joined #dnt
03:28:20 [schunter]
schunter has joined #dnt
12:44:26 [RRSAgent]
RRSAgent has joined #dnt
12:44:26 [RRSAgent]
logging to http://www.w3.org/2011/09/22-dnt-irc
12:45:03 [npdoty]
rrsagent, make logs public
12:49:26 [sudbury]
sudbury has joined #dnt
12:52:29 [aleecia]
aleecia has joined #dnt
12:53:05 [schunter]
schunter has joined #dnt
12:57:20 [Brett]
Brett has joined #dnt
12:57:33 [efelten]
efelten has joined #dnt
12:58:45 [dwainberg]
dwainberg has joined #dnt
13:01:46 [tl]
tl has joined #dnt
13:01:59 [npdoty]
issue-49?
13:01:59 [trackbot]
ISSUE-49 -- Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? -- raised
13:01:59 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/49
13:03:06 [ifette]
ifette has joined #dnt
13:03:07 [Zakim]
Team_(dnt)13:00Z has now started
13:03:14 [Zakim]
+ +1.617.715.aaaa
13:03:20 [jkaran]
jkaran has joined #dnt
13:03:29 [alex_]
alex_ has joined #dnt
13:03:46 [npdoty]
ScribeNick: npdoty
13:03:56 [npdoty]
matthias: welcome
13:04:03 [npdoty]
… quite some progress yesterday, identified almost 50 issues
13:04:13 [npdoty]
… thanks to the scribes from yesterday
13:04:16 [npdoty]
<applause>
13:04:27 [Dan]
Dan has joined #dnt
13:05:16 [KevinT]
KevinT has joined #dnt
13:05:23 [Frank]
Frank has joined #dnt
13:05:40 [devqc]
devqc has joined #dnt
13:06:01 [enewland]
enewland has joined #dnt
13:06:12 [devqc]
devqc has left #dnt
13:06:20 [suegl]
suegl has joined #dnt
13:06:26 [scott]
scott has joined #dnt
13:06:30 [npdoty]
amy, erika, kevin, tl
13:06:35 [ifette]
Agenda?
13:06:42 [ifette]
Zakim, agenda?
13:06:42 [Frank_]
Frank_ has joined #dnt
13:06:45 [Zakim]
I see nothing on the agenda
13:06:59 [npdoty]
Agenda: http://www.w3.org/2011/tracking-protection/agenda-20110922
13:07:09 [Frank]
Frank has left #dnt
13:07:12 [npdoty]
agenda+ detailed discussion of issues
13:07:37 [npdoty]
agenda+ Tracking Preference Expression
13:07:47 [npdoty]
agenda+ Tracking Selection Lists
13:08:17 [WileyS]
WileyS has joined #dnt
13:08:26 [clay]
clay has joined #dnt
13:08:29 [npdoty]
matthias: go through each issues, discuss, hope to resolve each of the issues
13:08:36 [npdoty]
Zakim, next agendum
13:08:37 [Zakim]
agendum 1. "detailed discussion of issues" taken up [from npdoty]
13:09:05 [tlr]
tlr has joined #dnt
13:09:18 [npdoty]
ISSUE-17?
13:09:18 [trackbot]
ISSUE-17 -- Data use by 1st Party -- raised
13:09:18 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/17
13:09:53 [fielding]
fielding has joined #dnt
13:10:06 [npdoty]
aleecia: rather than deciding whether part of the key definition or exemptions, we just want to know whether it's covered or not
13:10:18 [npdoty]
… if I visit a first party with Do Not Track on, should there be any difference
13:10:33 [acolando]
acolando has joined #dnt
13:10:39 [npdoty]
fielding: will browsers send the DNT header to first party sites, if they make first party requests?
13:10:42 [KevinS]
KevinS has joined #DNT
13:10:55 [npdoty]
aleecia: as it stands today, I think first parties get the header
13:11:02 [acolando]
Shane: 2 things
13:11:10 [npdoty]
scribenick: acolando
13:11:15 [acolando]
.. starting position should be 1st party not do anything
13:11:28 [acolando]
... 1st party to receive signal and pass on
13:11:50 [acolando]
Nick: NYT should tell that signal received
13:11:58 [Frank]
Frank has joined #dnt
13:12:01 [acolando]
... NYT can request pay or registration
13:12:33 [acolando]
Shane: first party may serve diff type of ad to user sending DNT
13:12:49 [ifette]
ISSUE: Are DNT headers sent to first parties?
13:12:50 [trackbot]
Created ISSUE-50 - Are DNT headers sent to first parties? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/50/edit .
13:13:18 [Erika]
Erika has joined #dnt
13:13:35 [acolando]
ISSUE: should 1st party have any response to DNT signal
13:13:36 [trackbot]
Created ISSUE-51 - Should 1st party have any response to DNT signal ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/51/edit .
13:13:55 [acolando]
Thomas: just because does not want targeted ads, not owrthless customer
13:14:07 [acolando]
... still possible to monetize
13:14:11 [npdoty]
s/Thomas/tl/
13:15:30 [acolando]
Shane: not that extreme, industry research shows OBA does provide increase in value over other ads
13:15:51 [acolando]
Jonathan: has been discredited
13:15:56 [[Thomas]]
[Thomas] has joined #dnt
13:16:13 [fjh]
fjh has joined #dnt
13:16:37 [karl]
karl has joined #dnt
13:16:43 [jmayer]
jmayer has joined #dnt
13:16:53 [efelten]
s/Jonathan/jmayer/
13:17:00 [jmayer]
I have a brief writeup on the Beales study at http://donottrack.us/bib/#sec_economics
13:17:26 [jmayer]
There was lengthy discussion of the study at the Yale ISP Symposium "From Mad Men to Mad Bots"
13:17:36 [jmayer]
Video may be available
13:17:49 [amyc]
amyc has joined #dnt
13:18:19 [amyc]
??: if first parties are monetizing they need this information and to pass
13:18:45 [amyc]
Jennifer: in terms of 1st party receiving info, need to to know what to do because work with third parties
13:18:51 [WileyS]
Beales Study: http://www.networkadvertising.org/pdfs/Beales_NAI_Study.pdf
13:18:51 [npdoty]
s/??/David Wainberg/
13:19:04 [amyc]
... may need to deliver button or call to ad server, response depends on signal
13:19:20 [jmayer]
By way of background, the Beales study was paid for by an industry group and not peer reviewed.
13:19:21 [amyc]
... whatever user says, what if user has different cookies from self-reg program?
13:19:54 [amyc]
... DNT turned off, but user has opted out of that entity / site
13:20:24 [cris]
cris has joined #dnt
13:20:25 [amyc]
... what if user has registered with company and provded demo info through registration
13:20:42 [amyc]
... can ads be provided on demo, rather than BT
13:21:04 [amyc]
ISSUE: what if conflict between opt-out cookie and DNT?
13:21:04 [trackbot]
Created ISSUE-52 - What if conflict between opt-out cookie and DNT? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/52/edit .
13:21:31 [amyc]
ISSUE: How should opt-out cookie and DNT signal interact?
13:21:31 [trackbot]
Created ISSUE-53 - How should opt-out cookie and DNT signal interact? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/53/edit .
13:21:55 [amyc]
ISSUE: can first party provide targeting based on registration information even while sending DNT
13:21:55 [trackbot]
Created ISSUE-54 - Can first party provide targeting based on registration information even while sending DNT ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/54/edit .
13:22:23 [amyc]
Ed: clarifying question - how would cookie conflict?
13:22:45 [amyc]
Jennifer: can opt out of individual companies on opt-out page
13:22:56 [amyc]
... and default DNT is sent to all sites
13:23:12 [amyc]
Ed: does absence of opt-out cookie reflect consent to be tracked?
13:23:37 [amyc]
Jennifer: if DNT is turned on, and user hasn't opted out, then tracking should not happen
13:24:00 [amyc]
... if DNT is on, but user has opted in to customization, then may have conflict
13:24:08 [amyc]
Ed: self reg does not offer opt-in
13:24:36 [amyc]
Shane: rferences w3c submission, agrees with Ed
13:24:47 [amyc]
... if you receive opt-out cookie or DNT signal, honor it
13:25:12 [amyc]
... only race condition is that user has set opt out cookie, but through DNT quid pro quo dialogue
13:25:34 [amyc]
... would user consent to that dialogue override opt-out?
13:25:54 [amyc]
CBS: BT opt out is different than tracking
13:26:09 [amyc]
Thomas: can't have BT without tracking
13:26:30 [amyc]
Jonathan: can do BT without tracking, references research
13:26:54 [amyc]
ISSUE: What is relationship between behavioral advertising and tracking, subset, different items?
13:26:54 [trackbot]
Created ISSUE-55 - What is relationship between behavioral advertising and tracking, subset, different items? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/55/edit .
13:27:34 [amyc]
Aleecia: six possible conditions with chart
13:28:00 [jmayer]
Several papers on interest-targeted advertising without server-side third-party tracking at http://donottrack.us/bib/#sec_technology
13:28:12 [Frank__]
Frank__ has joined #dnt
13:28:32 [amyc_]
amyc_ has joined #dnt
13:28:54 [amyc_]
Shane: if DNT definition equates to opt-out definition, then treat the same
13:29:18 [amyc_]
Aleecia: what if user has opt out cookie and DNT off?
13:29:39 [amyc_]
Jennifer: opting back in may be equivalent to removal of opt-out cookie
13:30:04 [amyc_]
Aleecia: we agree on two things, open issue what happens when DNT/opt out doesnt agree
13:30:07 [Zakim]
+??P1
13:30:21 [amyc_]
... what happens when users opt back in
13:30:47 [amyc_]
Chris: do we have dispute where DNT is on, and no opt out cookie? just honor DNT
13:30:49 [npdoty]
ISSUE: what if DNT is unspecified and an opt-out cookie is present?
13:30:49 [trackbot]
Created ISSUE-56 - What if DNT is unspecified and an opt-out cookie is present? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/56/edit .
13:31:15 [amyc_]
Jonathan: possible first party issue
13:31:31 [npdoty]
ISSUE: What if an opt-out cookie exists but an "opt back in" out-of-band is present?
13:31:32 [trackbot]
Created ISSUE-57 - What if an opt-out cookie exists but an "opt back in" out-of-band is present? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/57/edit .
13:31:34 [amyc_]
... one approach is that first party may or should do something, leave discretion
13:31:51 [amyc_]
... example, Google could disable web search history feature if DNT is on
13:32:42 [amyc_]
Aleecia: example is that Google just uses its existing Google optout for analytics
13:33:04 [amyc_]
Sue: does that have possiblity of confusing user, and companies choose to go above and beyond
13:33:23 [amyc_]
.. how will users know what to expect
13:33:31 [laurengelman]
laurengelman has joined #dnt
13:33:43 [karl]
| DNT: 1 | DNT unspec | DNT: 0 | OptBackIn|
13:33:43 [karl]
---------------------------------------------------
13:33:43 [karl]
OOC | | | | |
13:33:43 [karl]
---------------------------------------------------
13:33:43 [karl]
NO OCC | | | | |
13:33:44 [karl]
---------------------------------------------------
13:33:48 [karl]
OCC=Opt-Out Cookies
13:33:55 [amyc_]
... area of competition
13:34:16 [efelten]
s/OCC/OOC/
13:34:18 [npdoty]
tl: rather than an area of confusion, maybe it's an area of competition for sites to respond to users who express a preference for more privacy and less tracking
13:34:23 [amyc]
amyc has joined #dnt
13:34:34 [amyc]
Kimon: who knows what users want, many different things
13:34:47 [amyc]
... may want services and customizaiton on website
13:35:16 [amyc]
... should be technology neutral, perhaps not refer to opt-out cookie, but all technologies used for tracking
13:35:24 [amyc]
Matthias: problem is generic
13:35:46 [amyc]
... finish table and discuss by email, then document as issue
13:36:07 [npdoty]
ISSUE: what if DNT is explicitly set to 0 and an opt-out cookie is present?
13:36:08 [trackbot]
Created ISSUE-58 - What if DNT is explicitly set to 0 and an opt-out cookie is present? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/58/edit .
13:36:09 [amyc]
... OK to send DNT header to first party?
13:36:23 [amyc]
... seems like agreement on that point
13:36:33 [tlr]
q+
13:36:37 [amyc]
Kimon: should first party know?
13:36:51 [tlr]
q-
13:37:10 [amyc]
Nick: two question - should we send to first party; should first party do something
13:37:18 [amyc]
Aleecia: just looking at first question
13:37:35 [amyc]
David: what if client has logic about what DNT signal to send to whom
13:37:53 [amyc]
... should first party also know what signals sent to third parties on page
13:38:16 [npdoty]
ISSUE: should the first party be informed about whether the user has sent a DNT header to third parties on their site?
13:38:16 [trackbot]
Created ISSUE-59 - Should the first party be informed about whether the user has sent a DNT header to third parties on their site? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/59/edit .
13:38:29 [amyc]
Aleecia: should or must first parties know what is sent to third parties on their site
13:38:55 [Frank_]
Frank_ has joined #dnt
13:39:11 [amyc]
Aleecia: parties may not know if 1st or third party
13:39:16 [npdoty]
ISSUE: will a recipient know if it itself is a 1st or 3rd party?
13:39:16 [trackbot]
Created ISSUE-60 - Will a recipient know if it itself is a 1st or 3rd party? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/60/edit .
13:39:51 [npdoty]
close ISSUE-17, DNT signal will be sent to first parties
13:39:52 [clp]
clp has joined #dnt
13:39:58 [amyc]
... no disagreement, closes issue
13:39:58 [amyc]
Aleecia: anyone who disagrees that first party must receive signal?
13:40:05 [clp]
Charles L. Perkins, Virtual Rendezvous, arriving.
13:40:12 [jmayer]
One easy approach to sharing Do Not Track status across domains is postMessage, see http://donottrack.us/cookbook
13:40:25 [karl]
ISSUE-51?
13:40:26 [trackbot]
ISSUE-51 -- Should 1st party have any response to DNT signal -- raised
13:40:26 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/51
13:40:28 [amyc]
ifette: how would you tell a site whether they are first party or not?
13:40:37 [fielding]
ISSUE-50?
13:40:37 [trackbot]
ISSUE-50 -- Are DNT headers sent to first parties? -- raised
13:40:37 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/50
13:40:46 [karl]
ISSUE-50?
13:40:46 [trackbot]
ISSUE-50 -- Are DNT headers sent to first parties? -- raised
13:40:46 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/50
13:41:14 [npdoty]
close ISSUE-50
13:41:15 [trackbot]
ISSUE-50 Are DNT headers sent to first parties? closed
13:41:34 [karl]
ISSUE-50: The answer is yes. It has been decided to close it through consensus at WG F2F on September 22.
13:41:34 [trackbot]
ISSUE-50 Are DNT headers sent to first parties? notes added
13:41:43 [npdoty]
effectively, ISSUE-17 has been split into 50 and 51
13:42:43 [npdoty]
ifette: it may be a difficult engineering challenge to determine whether an iframe is actually in a first party or third party context (as in Google embedding iframes of other Google domains)
13:43:12 [amyc_]
amyc_ has joined #dnt
13:43:38 [amyc_]
Kevin: can provide meta data around domains
13:43:48 [amyc_]
... won't solve first party or third party, but browser may be able to look in registry
13:44:19 [amyc_]
Charles: can separate whether information is known externally, whether what is going on in browser
13:44:42 [amyc_]
... interesting to know relationships
13:44:53 [hober]
s/Charles/clp/
13:45:13 [amyc_]
ifette: a site could publish something that shows everything that it considers part of itself
13:45:38 [amyc_]
Charles: right, then could hide information in case iframe does not want to be known
13:46:19 [amyc_]
Aleecia: sites could publish everything it considers to be part of a site, could be part of reco
13:46:36 [amyc_]
??: significant implementation cost
13:46:39 [clp]
I.e., RDF, site publishes metdata, useful for research auditing sep. from issue within the browser
13:46:46 [npdoty]
just fyi: http://www.w3.org/P3P/2003/12-domain-relationsships.html#Proposed
13:46:49 [clp]
Yes, but amazingly useful.
13:46:57 [npdoty]
s/??/Kevin_Adobe/
13:47:00 [amyc_]
Thomas: cookies that are not domain in browser bar
13:47:22 [amyc_]
... know same domain, don't know domains owned by same company
13:47:46 [karl]
domains != companies
13:47:47 [amyc_]
Charles: may solve problem, can list vendors
13:47:58 [amyc_]
... can publish all service providers
13:48:05 [amyc_]
... to a single site
13:48:21 [amyc_]
Aleecia: sites could publish what they are
13:48:34 [npdoty]
ISSUE: a site could publish a list of the other domains that are associated with them
13:48:35 [trackbot]
Created ISSUE-61 - A site could publish a list of the other domains that are associated with them ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/61/edit .
13:48:37 [amyc_]
... some info could be sent by iframes, not clear what that would look like
13:49:04 [amyc_]
... third possibility, no idea whether content knows it is third party or first party
13:49:06 [npdoty]
ISSUE: the browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context
13:49:06 [trackbot]
Created ISSUE-62 - The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/62/edit .
13:49:13 [KevinT]
KevinT has left #dnt
13:49:17 [amyc_]
... third is current state, we don't do anything
13:49:35 [KevinT]
KevinT has joined #dnt
13:49:37 [amyc_]
... another issue is meta data in registry, but may not solve issue
13:49:46 [amyc_]
... deeper technical issue, need to discuss more
13:50:14 [amyc_]
... even if goal is that first party exempt
13:50:39 [tl]
users can't tell the difference between first and third parties, and nor can we, so why talk about them at all?
13:51:05 [amyc_]
Matthas: separate technology from policy, if technology is able to detect third party vs first party
13:51:27 [amyc_]
Aleecia: request photo of white board
13:51:34 [jmayer]
it would be fairly straightforward to engineer websites so they know whether they're a first party or third party
13:52:04 [npdoty]
ISSUE-27?
13:52:04 [trackbot]
ISSUE-27 -- Mechanism to revoke Do Not Track for specific entities (maybe I really like Google), "opt back in" -- raised
13:52:04 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/27
13:52:25 [jmayer]
example: use gstatic1.com for google's static first-party content, gstatic3.com for google's static third-party content
13:52:41 [amyc_]
... maybe move to issue 27, skipping issue 49 that is treating 3rd party as 1st party
13:52:56 [amyc_]
Nick: provides summary of issues
13:52:58 [jmayer]
only issue is mishandling embeds google didn't intend, which i'm ok with
13:53:15 [amyc_]
nick - can you post this summary directly because i'm not keeping up
13:53:54 [amyc_]
*thanks nick
13:54:13 [clp]
Awesome readback :)
13:54:14 [npdoty]
open list of issues is here: http://www.w3.org/2011/tracking-protection/track/issues/raised
13:54:23 [clay]
Charles idea wrt site publishing the way to determine 1st party solves many problems and makes a lot more possible.
13:54:35 [amyc_]
Kevin: related issue is embedded first party things in site, like weather widget
13:54:45 [amyc_]
... users interacting directly
13:55:00 [amyc_]
... with widget, providing information directly
13:55:11 [amyc_]
... should be treated as first party
13:55:20 [npdoty]
ISSUE-26?
13:55:20 [trackbot]
ISSUE-26 -- Providing data to 3rd-party widgets -- does that imply consent? -- raised
13:55:20 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/26
13:55:22 [amyc_]
Aleecia: this is existing issue
13:55:48 [amyc_]
... many things fall into widget example
13:56:02 [amyc_]
TL: not clear that widgets should be treated as third party
13:56:12 [npdoty]
s/third party/first party/
13:56:12 [karl]
widgets, extensions, iframe, add-ons, etc.
13:56:28 [amyc_]
Charles: should consider whether user has intention of interacting of widget or service
13:56:32 [jmayer]
how the user interacts with a widget is also important to consider
13:56:48 [jmayer]
is scrolling a weather timeline enough to be tracked? (i think not.)
13:56:54 [npdoty]
jkaran to send out a summary of the discussion for issue 17
13:56:57 [amyc_]
Aleecia: ACTION; Jennifer to summarize and provide excel sheet
13:57:23 [npdoty]
ACTION: jkaran to summarize issue 17 and provide excel sheet
13:57:23 [trackbot]
Sorry, couldn't find user - jkaran
13:57:25 [amyc_]
... volunteer to summarize for Issue 27
13:57:29 [fielding]
Please use the projector to display the issue list.
13:57:33 [karl]
ISSUE-27?
13:57:33 [trackbot]
ISSUE-27 -- Mechanism to revoke Do Not Track for specific entities (maybe I really like Google), "opt back in" -- raised
13:57:33 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/27
13:58:09 [amyc_]
Dan: volunteers to create summary of issue 27
13:58:32 [amyc_]
Jonathan: starting point is using standard web technologies - no need for new technical mechanism - has examples
13:58:41 [amyc_]
... will post link
13:59:07 [amyc_]
... example of NYT pops up box asking for subscription or agreement to tracking
13:59:18 [amyc_]
... consent overrides DNT signal
13:59:30 [amyc_]
Shane: technical details about where stored?
13:59:48 [jmayer]
Some examples at http://donottrack.us/cookbook
13:59:57 [amyc_]
TL: challenge response system designed to deal with this situation; site responds with DNT 1 or DNT 0
14:00:15 [amyc_]
... this site thinks you consented to be tracked, do you agree
14:00:26 [amyc_]
... then user continues
14:00:48 [ifette]
ISSUE: should there be a popup dialog or something like that which should override DNT?
14:00:51 [trackbot]
Created ISSUE-63 - Should there be a popup dialog or something like that which should override DNT? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/63/edit .
14:01:06 [amyc_]
Jonthan: pop up is example
14:01:30 [npdoty]
ISSUE-63: a "popup" is just an example, the proposal from jmayer is that a site can use existing HTML to show the user a form to opt back in
14:01:30 [trackbot]
ISSUE-63 Should there be a popup dialog or something like that which should override DNT? notes added
14:01:37 [amyc_]
??: is user opting into NYT or all third parties on NYT?
14:01:52 [amyc_]
ifette: How to communicate to third parties on NYT
14:02:05 [amyc_]
Jonathan: could be any of these
14:02:17 [npdoty]
s/??/Clay/
14:02:34 [amyc_]
Clay: could NYT be third party tracker on other sites?
14:02:54 [amyc_]
Charles: what does it mean to say ok to track dialogue
14:03:03 [amyc_]
... in site registration issue
14:03:24 [kcs]
kcs has joined #dnt
14:03:24 [amyc_]
... who is user, may be multiple people using same browser
14:03:34 [amyc_]
... have to support that in general
14:04:22 [karl]
karl has joined #dnt
14:04:46 [amyc_]
ifette: expectations in having DNT on; click something when visit a site
14:05:05 [amyc_]
... should explore how that interacts with DNT, uses example of language setting
14:05:18 [amyc_]
... what is reasonable expectation
14:06:11 [amyc_]
Aleecia: thinks this is new issue, logged in vs logged out is relevant and another issue
14:06:20 [amyc_]
ISSUE: how does preference management work with DNT
14:06:21 [trackbot]
Created ISSUE-64 - How does preference management work with DNT ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/64/edit .
14:06:39 [amyc_]
ISSUE: how does logged in and logged out state work
14:06:39 [trackbot]
Created ISSUE-65 - How does logged in and logged out state work ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/65/edit .
14:06:59 [amyc_]
nick, i'm assuming that we can clean up issues later
14:07:28 [amyc_]
Dan: go to site, pop up window agree to what is in dialogue
14:07:35 [laurengelman]
if third party service provides service (collects data) for 1st party, it can provide the opt-in backend
14:07:43 [amyc_]
... does this carry over to third party site or apply only to first party
14:08:09 [amyc_]
Aleecia: if you consent how and how long does consent exist?
14:08:37 [amyc_]
ISSUE: can user be allowed to consent to both third party and first party to override general DNT?
14:08:37 [trackbot]
Created ISSUE-66 - Can user be allowed to consent to both third party and first party to override general DNT? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/66/edit .
14:08:41 [ifette]
ISSUE-64: As an example, if a user has DNT on and clicks something that sets a preference (e.g. clicking "German" as a language setting) what is the implication for that? Should the site have to gather explicit opt-in to be able to set a cookie, or are there implicit exemptions
14:08:41 [trackbot]
ISSUE-64 How does preference management work with DNT notes added
14:08:46 [tlr]
the yahoo paper: http://www.w3.org/2011/track-privacy/papers/Yahoo.pdf
14:08:57 [Zakim]
+ +1.202.263.aabb
14:09:06 [amyc_]
Shane: should be stored client side so that users can see what exceptions were granted
14:09:31 [amyc_]
... blend of TPL and DNT; DNT is overriding no, then user comes back to say yes to particular sites
14:10:09 [amyc_]
... can first party get permission for tracking Internet wide, as where rich media vendor collects consent on behalf of others
14:10:33 [npdoty]
ISSUE: should opt-back-in be stored on the client side?
14:10:33 [trackbot]
Created ISSUE-67 - Should opt-back-in be stored on the client side? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/67/edit .
14:10:47 [amyc_]
Aleecia: should we specify that consent stored client side in human readable way, should first party be able to collect consent web wide
14:11:11 [amyc_]
David: is there a time dimension to conflict, as where user sets DNT after consent?
14:11:12 [npdoty]
ISSUE-67: as proposed by Shane, this would allow interrogation on the client, changing these preferences by user on a browser, etc.
14:11:12 [trackbot]
ISSUE-67 Should opt-back-in be stored on the client side? notes added
14:11:23 [amyc_]
Aleecia: should add new column to table
14:11:35 [amyc_]
... thinks explicit consent should trump
14:11:49 [pde]
ifette: from our point of view, logging into a site could be made equivalent to optting-back-in (provdided the user is clear on this), while setting a language preference /ought/ not require those things
14:12:11 [pde]
why set a high-entropy cookie for a language setting?
14:12:13 [amyc_]
Jennifer: company could be doing many different things with cookies, from ads to content customization
14:12:13 [ifette]
s/ifette:/ifette,/
14:12:15 [pde]
why not just LANG=de?
14:12:28 [amyc_]
... are you opting out of all cookie uses, or just tracking (not defined)
14:12:38 [amyc_]
... related to discussion about opting out of data type
14:13:14 [npdoty]
s/ifette: from our/ifette, from our/
14:13:15 [amyc_]
Brett: two dialogue boxes from pop up plus challenge respons
14:13:23 [pde]
ifette, sorry that's the default behaviour of my IRC client
14:13:28 [ifette]
:)
14:13:40 [amyc_]
... better user experience if a single choice
14:13:48 [ifette]
pde, many sites have a system where rather than enumerating all the preferences a user may have set in the cookie, they simply list an id
14:13:50 [pde]
if I switch the ":" to a different character, does that fix the issue?
14:13:52 [amyc_]
Shane: challenge response does not have to have dialogue box
14:13:58 [amyc_]
... may not have UI
14:14:16 [ifette]
pde, the cookies and values get sent with each request, so if you send a ton of crap with each request it's problematic
14:14:29 [amyc_]
Aleecia: we are not designing dialogue boxes
14:14:43 [pde]
jmayer, okay, so what we're talking about here is whether Facebook's 3rd party widgets are translated into german?
14:14:45 [jmayer]
ifette, pde - recall this is about third parties, limited set of sites and options
14:14:47 [hober]
s/dialogue/dialog/
14:14:57 [amyc_]
Cris: need to import features between browsers, as in saving preferences and favorites across browsers
14:15:11 [amyc_]
... one user with multiple browsers
14:15:15 [pde]
since facebook as a 1st party can track the user for whatever purpose it wants
14:15:19 [amyc_]
Aleecia: in scope?
14:15:22 [jmayer]
sure, there's an example - i think it's plenty reasonable to ask facebook to use a language cookie
14:15:30 [amyc_]
TL: should be out of scope
14:15:37 [pde]
or alternatively,
14:15:41 [amyc_]
Shane: adds argument for client side storage
14:16:01 [npdoty]
ISSUE: should there be functionality for syncing preferences about tracking across different browsers?
14:16:02 [trackbot]
Created ISSUE-68 - Should there be functionality for syncing preferences about tracking across different browsers? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/68/edit .
14:16:13 [amyc_]
Charles: even if out of scope, perhaps footnote analogizing to how bookmarks
14:16:14 [enewland]
Facebook will suggest that you change your language on facebook.com based on your visits on different sites (e.g., suggest that you change your facebook.com experience to a german one after you visit a german-language site)
14:16:17 [pde]
when I log into a small 1st party site, it can use tracking methods to set complex prefrences for its 3rd parties (not sure when that would occur, though)
14:16:41 [npdoty]
ISSUE-68: tl: suggests this syncing feature is out of scope
14:16:41 [trackbot]
ISSUE-68 Should there be functionality for syncing preferences about tracking across different browsers? notes added
14:16:46 [amyc_]
Jonathan: even though not designing UI, need to specify adequate notice and consent
14:16:56 [amyc_]
Aleecia: FTC would define this
14:17:17 [amyc_]
Jonathan: we should specify cannot hide in privacy policy
14:17:22 [npdoty]
ISSUE-68: Shane: even if this is out of scope, it might be another advantage of storing the opt-back-in on the client side
14:17:22 [trackbot]
ISSUE-68 Should there be functionality for syncing preferences about tracking across different browsers? notes added
14:17:36 [amyc_]
Matthias: seems like we can address
14:17:46 [laurengelman]
specification for mechanism for good notice is useful
14:17:49 [amyc_]
Charles: may, should, must possible
14:18:06 [amyc_]
Aleecia: do we say anything about double notice
14:18:29 [npdoty]
ISSUE: should the spec say anything about minimal notice? (ie. don't bury in a privacy policy)
14:18:29 [trackbot]
Created ISSUE-69 - Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy) ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/69/edit .
14:18:57 [amyc_]
Aleecia: requests picture of whiteboard before break
14:18:58 [clp]
Break after this last question
14:19:21 [jmayer]
i'm not seeing an issue it duplicates
14:19:34 [npdoty]
WileyS suggests that issues 42, 43, 44 may be similar to 69
14:19:35 [amyc_]
cris: regarding persistence of opt-in, could there be a discussion of how long DNT asks
14:19:41 [amyc_]
... do sites have to ask again
14:19:49 [amyc_]
... after a certain period of time
14:20:06 [karl]
FTR, usage of MUST, MAY, SHOULD, etc. "For example, they must not be used to try to impose a particular method on implementors where the method is not required for interoperability." — http://www.ietf.org/rfc/rfc2119.txt
14:20:20 [Lia]
Lia has joined #dnt
14:20:29 [amyc_]
Aleecia: for example, could require sites to seek additional consent after a certain period of time
14:20:55 [amyc_]
Jennifer: what happens when upgrade browser
14:21:12 [amyc_]
... does DNT persist across upgrades
14:21:17 [amyc_]
TL: out of scope
14:21:44 [npdoty]
ISSUE-68: should DNT persist across browser updates as well? (this may be out of scope)
14:21:44 [trackbot]
ISSUE-68 Should there be functionality for syncing preferences about tracking across different browsers? notes added
14:21:53 [amyc_]
Thomas: does it persist in client is out of scope
14:23:36 [npdoty]
ISSUE: does a past HTTP request with DNT set affect future HTTP requests? (expiration)
14:23:36 [trackbot]
Created ISSUE-70 - Does a past HTTP request with DNT set affect future HTTP requests? (expiration) ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/70/edit .
14:23:53 [clp]
Maybe not, if a policy decision needs to be made, like Do Not Call, DMA timout after 5 years
14:24:05 [clp]
^^Charles
14:24:30 [amyc]
amyc has joined #dnt
14:24:38 [Zakim]
+ +1.202.263.aacc
14:24:41 [npdoty]
ISSUE: does DNT also affect past collection or use of past collection of info?
14:24:41 [trackbot]
Created ISSUE-71 - Does DNT also affect past collection or use of past collection of info? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/71/edit .
14:24:41 [amyc]
Aleecia: do I honor preivously on
14:24:44 [pde]
jmayer, so imagine I'm a 1st party and I get some logs along with DNT. I am allowed to keep the logs, but I'm not allowed to send them to 3rd parties. I think I need to keep a record of the DNT header for as long as I keep the logs
14:24:49 [amyc]
Shane: take the most recent state
14:25:04 [amyc]
David: from single client or across devices?
14:25:26 [npdoty]
ISSUE-70?
14:25:26 [trackbot]
ISSUE-70 -- Does a past HTTP request with DNT set affect future HTTP requests? (expiration) -- raised
14:25:26 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/70
14:25:39 [npdoty]
close ISSUE-70
14:25:39 [trackbot]
ISSUE-70 Does a past HTTP request with DNT set affect future HTTP requests? (expiration) closed
14:25:54 [amyc]
Aleecia: subsequent visits where DNT is off, treat as DNT off
14:25:55 [npdoty]
ISSUE-70: take the most recent answer
14:25:56 [trackbot]
ISSUE-70 Does a past HTTP request with DNT set affect future HTTP requests? (expiration) notes added
14:26:03 [ifette]
RESOLUTION: If a user visits a site with DNT ON, and subsequently visits with DNT OFF, that subsequent visit is treated as DNT OFF
14:26:32 [clp]
Reconvene at 10:50 am
14:26:35 [karl]
ISSUE-70: HTTP is stateless, and so the server based its responses on each message.
14:26:35 [trackbot]
ISSUE-70 Does a past HTTP request with DNT set affect future HTTP requests? (expiration) notes added
14:26:47 [clp]
Back at 10 before 11 am
14:28:33 [Zakim]
-??P1
14:38:32 [Lia]
Hi Lia Sheena from FPF is here
14:41:41 [Jules]
Jules has joined #dnt
14:45:14 [cris]
cris has joined #dnt
14:49:33 [BrianTschumper]
BrianTschumper has joined #dnt
14:50:30 [Zakim]
+[Microsoft]
14:54:54 [clp]
coming back soon?
14:57:39 [karl]
ISSUE-70, close
15:00:04 [enewland]
scribenick: enewland
15:01:27 [npdoty]
npdoty has joined #dnt
15:02:50 [clp]
Coming back now
15:03:36 [npdoty]
scribenick: enewland
15:04:09 [enewland]
Aleecia: Two issues to start with. First, do we exempt analytics. Second, do we exempt aggregate analytics
15:04:27 [npdoty]
ISSUE-23?
15:04:27 [trackbot]
ISSUE-23 -- Possible exemption for analytics -- raised
15:04:27 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/23
15:04:32 [npdoty]
ISSUE-34?
15:04:32 [trackbot]
ISSUE-34 -- Possible exemption for aggregate analytics -- raised
15:04:32 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/34
15:05:21 [Clay]
Clay has joined #dnt
15:05:49 [enewland]
Tom: Analytics by a first party on itself should be excepted. Analytics by a third party acting as a contractor and stores information appropriately, it should be siloed. Siloed as specified by contract and by technology as well.
15:06:24 [enewland]
...To clarify. Where an analytics program is operated by a third party that is acting as a contractor and stores information appropriately, this analytics should be excepted
15:06:54 [enewland]
Jonathan: Siloing by tech is not sufficient. Information should be siloed by technology AND contractually
15:07:03 [enewland]
s/Jonathan/jmayer
15:07:30 [npdoty]
ISSUE-34?
15:07:30 [trackbot]
ISSUE-34 -- Possible exemption for aggregate analytics -- raised
15:07:30 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/34
15:07:34 [enewland]
Shane: For aggregate and anonymous reporting, contractual and technological requirements may not be necessary.
15:08:12 [amyc]
amyc has joined #dnt
15:08:25 [enewland]
Aleecia: what do we mean by aggregate?
15:09:10 [enewland]
Shane: Yahoo analytics may be used by site owners. Yahoo may use information collected across sites but used in the aggregate. And that should be exempted from DNT
15:09:30 [enewland]
Aleecia: to clarify -- as long as data is aggregated, DNT does not apply
15:09:38 [enewland]
Shane: yes
15:10:25 [enewland]
Matthias: Is it our job to set out the specific mechanisms of isolation?
15:10:35 [enewland]
David: What is the rationale for exempting analytics?
15:10:57 [enewland]
jmayer: We want to preserve comparative advantage on the web.
15:11:26 [enewland]
...we may want an exception for analytics and related stuff. eg ad serving too
15:12:32 [enewland]
matthias: so we need a distinction between those who are processing the data as contractors and those who are collecting/using it for their own purposes
15:13:27 [Justin-CDT]
Justin-CDT has joined #dnt
15:13:46 [efelten]
efelten has joined #dnt
15:14:03 [enewland]
... if we can guarantee that such where data is not being connected by these contractors, then this is an exemption and a principle we can apply
15:14:56 [enewland]
shane: if there are no independent rights to use that information, then yes, they should be excepted. but if they are using that info themselves, then the exception shoudlnt apply
15:15:19 [BrianTschumper]
[Microsoft] is Brian Tschumper
15:16:02 [enewland]
aleecia: independent use --- agent of first party
15:16:02 [npdoty]
ISSUE: basic principle: independent use as an agent of a first party
15:16:02 [trackbot]
Created ISSUE-72 - Basic principle: independent use as an agent of a first party ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/72/edit .
15:16:24 [npdoty]
Zakim, [Microsoft] is BrianTschumper
15:16:24 [Zakim]
+BrianTschumper; got it
15:17:21 [enewland]
aleecia: analytics is a special case, a subset of a larger case. About the role of a contractor where the contractor is taking data that is siloed and only using it for the purposes specified by the first party. is analytics worth treating separately from everything else within this larger case?
15:17:36 [Jules]
Jules Polonetsky is here on IRC and on and off the phone
15:17:43 [enewland]
shane: we still have to talk about analytics in the third party context
15:18:10 [npdoty]
enewland: are we basically drawing the data controller / data processor distinction from EU law?
15:18:21 [enewland]
erica: are we drawing a distinction here that is basically the data controller/data processor distinction in the EU
15:19:16 [Justin-CDT]
This is Justin Brookman, following on IRC, will call in after lunch.
15:19:24 [enewland]
X: the controller is the entity that makes the decisions. Can outsource activities to processor and retains responsibility for how the processor uses that information. But different countries may define roles a bit differently. There are also co-controllers
15:19:44 [npdoty]
s/X/Kimon/
15:19:59 [Zakim]
-BrianTschumper
15:20:03 [enewland]
... We also have to figure out what is data? how do we define data
15:20:24 [Zakim]
+[Microsoft]
15:21:02 [BrianTschumper]
?
15:21:21 [amyc]
amyc has joined #dnt
15:21:25 [fielding]
http://en.wikipedia.org/wiki/Analytics
15:21:32 [tl]
clarification from me: the data controller is the "owner" of the data, and responsible for it to the customers. a data processor is someone who is contracted to do something with that data, as an agent of the controller.
15:21:53 [enewland]
Aleecia: Charles is saying that there is a sub issue to the bound by siloed contract odes the contract persist after sale?
15:22:01 [enewland]
s/odes/does
15:22:10 [enewland]
s/odes/does/
15:22:26 [npdoty]
Charles: what if a first party collects data and then is bought out by another party who can then try to reuse the data?
15:23:05 [laurengelman]
owner is not going to be a super helpful term unless it is defined
15:23:40 [enewland]
Matthias: If a first party contract results in first party outsourcing functionality to an agent. Is that agent exempt from the DNT requirement provided it does not use that data for other purposes?
15:23:45 [fielding]
http://en.wikipedia.org/wiki/Web_analytics
15:24:52 [Zakim]
+??P38
15:25:20 [enewland]
X: Google Analytics -- In some cases the publisher agrees to share the data with google for aggregate usage, but the publisher can opt out fo this
15:25:24 [enewland]
s/fo/of/
15:26:10 [enewland]
Aleecia: we have an open issue that hasn'tt been resolved as to whether these parties need to be bound by contract, technology or both
15:26:12 [jmayer]
s/X/Sean Harvey
15:26:17 [jmayer]
s/X/Sean Harvey/
15:27:11 [enewland]
.... so do we have agreement that an agent that is bound in whatever way we determine to only use the data on behalf of the site should be treated as the site itself?
15:27:29 [enewland]
Shane: this can bleed into operational use case as well.
15:27:30 [Jules]
i agree!
15:27:47 [enewland]
Aleecia: Whether you are a contractor doing analytics or shipping, this principle applies.
15:28:20 [laurengelman]
what if you transfer it at the command of the first party to their partner?
15:28:50 [enewland]
jmayer: Clarifying Question. To vote on this issue, we need to first resolve whether the third party agent needs to be bound by contract, technology, or both
15:29:06 [enewland]
Aleecia: We are going to vote. Three options.
15:29:18 [Jules]
can we vote via IRC?
15:29:26 [enewland]
... We can say the agent must be bound by contract, bound by technology - open issue as to what it means, or both.
15:29:52 [enewland]
Matthias: A fourth option. Unspecified. Raise the policy objective in a technology neutral way.
15:30:15 [enewland]
Shane: or we could have a fourth option. Which is either (contract and technology) OR (technology)
15:30:36 [npdoty]
ISSUE: in order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract
15:30:36 [trackbot]
Created ISSUE-73 - In order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/73/edit .
15:31:02 [enewland]
Peter: So is a contract necessary on top of the technology? This can raise thorny issues with regards to existing contracts.
15:31:16 [enewland]
Jonathan: I don't mean a legal contract.
15:31:24 [enewland]
s/Jonathan/jmayer/
15:31:57 [enewland]
Aleecia: Can W3C create a contract requirement?
15:32:11 [enewland]
... question of authority here.
15:32:49 [enewland]
Matthias: We should say that the agent must ensure that the data can't be used in other contexts. And then just list some potential ways this could be achieved. Describe the ends that must be satisfied by these technologies rather than the means.
15:33:36 [enewland]
Brett: if the data CAN be combined, even if it's not combined. This is a privacy risk. eg, government access. So there should be no exception here, where the data can be combined
15:33:43 [jmayer]
s/I don't mean a legal contract./It can be any sort of legal commitment, so long as it's enforceable by both customers and regulators./
15:34:01 [enewland]
Kimon: That will be difficult to enforce. Hard to separate law from technology here.
15:35:28 [fielding]
I agree with Matthias
15:35:31 [enewland]
Shane: we need to be able to use data in the aggregate. useful for companies, society, etc. We don't want to be too overly prescriptive.
15:35:42 [tl]
tl has joined #dnt
15:36:21 [enewland]
npdoty: If we say that analytics providers can track you across multiple sites such that they use the data in the aggregate, then the government can go to the site, request the data, which is used in the aggregate but not held in the aggregate, and then DNT has provided no protection.
15:37:07 [enewland]
Peter: if we postpone here, are we postponing the question of what kind of technology should be used?
15:37:52 [tlr]
q+
15:38:09 [enewland]
Tom: On the question of people being bound legally. We can write in a specification what you need to do to comply with the specification. We can say that for a server to be in compliant with a certain standard, the CEO has to be wearing a blue hat. We can determine what is and is not compliance. Then if someone says they are compliant and they are not, then that is between the entity making that assertion and whoever they are making a false promise to
15:38:55 [enewland]
Kimon: If we exempt something, how much do we need to define it?
15:39:07 [npdoty]
David Wainberg: are there any examples of W3C or other technical specifications that make a requirement on companies of this type?
15:39:22 [jkaran]
jkaran has joined #dnt
15:39:32 [tl]
we need to define it completely, otherwise anything can get in under the exemption
15:39:35 [tlr]
q-
15:39:36 [enewland]
... If we agree that A is tracking and then we see web analytics is excluded and then define web analytics, we may impose a definition on the market that does not really accord with how the market is used today.
15:40:45 [npdoty]
fielding, can you help us scribe your last statement
15:40:53 [enewland]
Charles: We don't have to say do or don't do something. We can say should or may.
15:41:16 [enewland]
Matthias: We have been talking about must
15:42:23 [enewland]
Brett: If we are going to carve out an exception in this case, then the data must truly remain in a first party contract. If i am saying do not track me and i am retaining the same user id across sites, then i am being tracked across site. Period.
15:42:42 [enewland]
... there has to be no way to combine the information across different contexts if we are going to create an exception here.
15:43:42 [enewland]
Thomas: We are talking about an exchange of signals. Communication that when that byte or set of bytes goes over the wire, then here is what we expect you to do. There can be many ways to achieve the expected effect. We do not want to get too specific about how entities are supposed to achieve that effect.
15:43:42 [enewland]
.
15:43:46 [npdoty]
s/Thomas/tlr/
15:44:08 [karl]
agree++ to what tlr said
15:44:22 [enewland]
... This is a technical document. Let's focus on what the meaning of the messages is. The meaning of the messages that go over the wire. We can provide implementation guidance, but let's think to the effect that actually matters to the intent.
15:44:48 [enewland]
Aleecia: I would like to see if we have something we can get consensus on right now. If not, then I want someone to take action items to draft text, possibly competing proposals, and we will discuss this further on calls.
15:45:37 [enewland]
... I suggest that we start by looking to see if we have rough consensus around the idea that we will not specify whether the requirement is technical or contract. Instead that it is based on intent that contractors are bound not to use data in other contracts and must only use data on behalf of the first party site if they are to be treated as a first party themselves.
15:45:46 [enewland]
... is this something that, roughly, people in the room support?
15:45:55 [enewland]
David: we are talking about user level data, right? Not aggregate.
15:45:58 [enewland]
Aleecia: Yes.
15:46:09 [enewland]
... This is not just analytics
15:46:25 [fielding]
I was agreeing with Matthias that we should say that the agent must ensure that the data can't be used in other contexts -- the various ways in which the agent could ensure such a thing does not matter for the standard because only the effect is measurable and only the effect matters in terms of compliance.
15:46:26 [enewland]
Kimon: I might have reservations if this is broader than analtytics
15:46:45 [enewland]
Matthias: This is a question of principle. We know it is not articulated completely.
15:47:11 [enewland]
Kimon: We may need more clarification than a commahere.
15:47:22 [enewland]
David: What do we mean by use?
15:47:41 [enewland]
Peter: We need to put a technical component into that commitment.
15:48:03 [dwainberg]
Alecia: yes, we're talking about use constrained to the first party
15:48:13 [enewland]
... There are low hanging technical ways to do it. Our wording should specify that. As well as requiring a commitment as an actor
15:48:18 [npdoty]
s/Alecia/aleecia/
15:48:42 [enewland]
Peter: Must on the technical and should on the other commitment. But I would be ok in swapping that around.
15:48:52 [enewland]
Aleecia: We need some people to take action items for people to draft text.
15:49:21 [enewland]
Matthias: We have consensus that if the binding is sufficiently strong, then it is ok to treat these third party agents as first parties, it seems. But what is sufficiently strong?
15:49:45 [enewland]
Aleecia: But this question of what is sufficiently strong is a big deal. We need to resolve that first.
15:50:16 [npdoty]
"once Shane and Jonathan agree, then we're all set"
15:50:49 [enewland]
Shane: I am fine with us not specifying too specifically what sufficiently strong means.
15:51:05 [enewland]
Aleecia: Maybe we should assign action items and move on?
15:51:37 [enewland]
Thomas: I think we have some agreement. We have consensus on the general principle and what piece of this still needs to be worked out
15:51:43 [enewland]
Matthias: So do we call this issue closed?
15:51:53 [enewland]
Aleecia: I want us to move on, but I do not want us to close this issue.
15:52:12 [enewland]
Aleecia: Jonathan and Shane will draft action items.
15:52:20 [ifette]
ISSUE-23?
15:52:20 [trackbot]
ISSUE-23 -- Possible exemption for analytics -- raised
15:52:20 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/23
15:52:24 [ifette]
ISSUE-34?
15:52:24 [enewland]
... for Issues 23 and Issues 34
15:52:24 [trackbot]
ISSUE-34 -- Possible exemption for aggregate analytics -- raised
15:52:24 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/34
15:52:27 [fielding]
I argue that "tech" cannot be defined in any meaningful way that could reach consensus ... that is a rathole
15:53:02 [davidwainberg]
davidwainberg has joined #dnt
15:53:46 [npdoty]
<Shane and Jonathan agree on delaying deadlines>
15:54:06 [enewland]
Shane: How about writing up the issue by 9/30?
15:54:07 [ifette]
ACTION: Shane to draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) - due 2011-09-30
15:54:08 [trackbot]
Created ACTION-5 - draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) [on Shane Wiley - due 2011-09-30].
15:54:18 [ifette]
ACTION: Mayer to draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) - due 2011-09-30
15:54:19 [trackbot]
Created ACTION-6 - draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) [on Jonathan Mayer - due 2011-09-30].
15:54:28 [tlr]
action-5 due 2011-10-03
15:54:28 [trackbot]
ACTION-5 draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) due date now 2011-10-03
15:54:33 [tlr]
action-6 due 2011-10-03
15:54:33 [trackbot]
ACTION-6 draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) due date now 2011-10-03
15:54:39 [ifette]
tlr I thought we said next friday?
15:54:46 [tlr]
whooops, right
15:54:48 [tlr]
sorry
15:54:49 [karl]
http://www.w3.org/2011/tracking-protection/track/actions/open
15:55:04 [enewland]
Shane: I am going to be saying that you must sign up for something in here, must obligate your organization to do something, whether that be contract or technology. Different organizations will meet the obligation in differentw ays.
15:55:05 [ifette]
ACTION-5 due 2011-09-30
15:55:05 [trackbot]
ACTION-5 draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) due date now 2011-09-30
15:55:24 [ifette]
ACTION-5 due 2011-10-03
15:55:24 [trackbot]
ACTION-5 draft proposed text to resolve ISSUE-23 and ISSUE-34 (organizations should commit to blah, must do the following things) due date now 2011-10-03
15:56:02 [enewland]
Aleecia: Next we will talk about Issue 25, and then Issue 22
15:56:11 [enewland]
Zakim, ISSUE-25?
15:56:11 [Zakim]
I don't understand your question, enewland.
15:56:11 [npdoty]
ISSUE-73 may also apply to ISSUE-23 and -34
15:56:21 [ifette]
ISSUE-25?
15:56:21 [trackbot]
ISSUE-25 -- Possible exemption for research purposes -- raised
15:56:21 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/25
15:56:25 [enewland]
ISSUE-25?
15:56:25 [trackbot]
ISSUE-25 -- Possible exemption for research purposes -- raised
15:56:25 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/25
15:56:46 [enewland]
ISSUE-22?
15:56:46 [trackbot]
ISSUE-22 -- Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.) -- raised
15:56:46 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/22
15:56:59 [enewland]
Aleecia: Starting with Issue 25.
15:57:21 [enewland]
Shane: Many see 'analytics' and 'research' differently
15:58:12 [enewland]
... Information being used for research is not being used to directly impact an individual's experience. To us that is the difference between the two. The information might be at the individual level, but it's only used for the research purpose.
15:59:18 [Zakim]
-??P38
15:59:19 [enewland]
Aleecia: We have a suggested definition. That research is data that does not used to affect's a user's experience.
15:59:27 [enewland]
[disagreement]
16:00:39 [fielding]
What if the research is on how an individual uses the Web?
16:00:44 [enewland]
Jonathan: Data that does not identify the web history of an individual user. In a technical sense.
16:00:53 [enewland]
Jmayer -- is this your definition of research?
16:01:11 [jmayer]
Research or aggregate analytics.
16:01:29 [enewland]
Charles: but even if it's not used to directly impact a user's experience, the collection can affect how a user experiences the web, her feelings about privacy, etc.
16:01:40 [amyc]
jonathan, does that specifically mean, for example, that data set would not include IP addresses or cookie identifiers?
16:01:48 [enewland]
Ed: If we say yes to this exemption, is all collection for this purpose ok? Are there retention limits?
16:02:02 [enewland]
... This is an issue that may arise for alot of our issues
16:02:19 [npdoty]
s/Ed/efelten/
16:02:29 [enewland]
XX: So this is an exemption based on use?
16:02:32 [efelten]
s/alot of our issues/a lot of our proposed exemptions/
16:02:40 [Zakim]
- +1.202.263.aacc
16:02:44 [jmayer]
amyc, cookie identifiers for sure, ip addresses are a technical question where we need more research
16:02:47 [enewland]
Shane: Yes. There will be continued collection for a limited use exemption.
16:03:03 [enewland]
XXX: the point of doing research is to improve the user experience
16:03:11 [npdoty]
s/XXX/ifette/
16:03:16 [enewland]
Shane: Direct user experience. Like OBA
16:03:28 [enewland]
s/XX/ifette/
16:03:31 [Zakim]
+??P5
16:04:09 [enewland]
Shane: I can learn about a specific cookie and then change an experience in response to that specific cookie. That is OBA. In the research example, I collect information about individuals, and then apply the things i learn to the general population
16:04:56 [jmayer]
szhunter: i'm not sure what we're talking about
16:05:02 [npdoty]
Scott: how about "not directly addressable"?
16:05:04 [jmayer]
s/szhunter/schunter/
16:05:22 [enewland]
Shane: This is general use exemptions for DNT. not related to collection
16:05:56 [enewland]
... this is product improvement, etc.
16:06:04 [enewland]
Aleecia: Are you also seeing this as things like surveys
16:06:29 [enewland]
Shane: We have been discussing observed data. Surveys to me are declared information. That is different.
16:06:54 [enewland]
Scott: With surveying, would someone with DNT on never see a survey invite?
16:07:11 [enewland]
Aleecia: We have an issue, are surveys out of scope
16:07:18 [enewland]
ISSUE: Are surveys out of scope?
16:07:19 [trackbot]
Created ISSUE-74 - Are surveys out of scope? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/74/edit .
16:07:37 [enewland]
Shane: I posit that all declared data is out of scope. For the entire DNT conversation
16:07:44 [enewland]
Aleecia: that is already an issue
16:08:54 [enewland]
Roy: I am confused. We are talking about web analytics here? Not analytics in general? What do we mean by research? Think about legitimate research institutions. These require consent from individuals. Tracking someone across the web requires consent for legitimate research.
16:09:24 [tlr]
shane: we didn't really get to the aggregation question
16:09:44 [tlr]
erica: if the collection still records an individual history across the web, then there are still privacy concerns
16:09:48 [npdoty]
shane: "lots of ways to solve the government bogeyman problem"
16:10:34 [amyc]
amyc has joined #dnt
16:10:43 [npdoty]
shane: different technical measures (blinding, one-way hash, destroying keys, etc.) so that the data can be collected in such a way that even if the government accessed it they couldn't find the person's name
16:11:22 [npdoty]
erica: but even if it's not connected to a particular name, a pseudonym could allow for re-identification
16:11:33 [jmayer]
i completely agree with erica on this
16:11:35 [npdoty]
shane: well, there are questions of anonymization
16:12:11 [Zakim]
+ +1.425.681.aadd
16:12:44 [Zakim]
- +1.425.681.aadd
16:12:52 [enewland]
X: we are getting to a fundamental disagreement. Collection vs use. What does collection mean? What collection is permissible and what is not.
16:13:19 [npdoty]
s/X/Sean/
16:13:25 [npdoty]
Zakim, who is on the phone?
16:13:28 [Zakim]
On the phone I see +1.617.715.aaaa, +1.202.263.aabb, [Microsoft], ??P5
16:13:44 [npdoty]
Zakim, aaaa is WG-Live
16:13:44 [Zakim]
+WG-Live; got it
16:13:45 [enewland]
Sean: It is not appropriate to say DNT is on but let people collect information about you around the web for research purposes.
16:14:05 [npdoty]
Zakim, mute aabb
16:14:05 [Zakim]
+1.202.263.aabb should now be muted
16:14:11 [npdoty]
Zakim, mute [Microsoft]
16:14:11 [Zakim]
[Microsoft] should now be muted
16:14:16 [npdoty]
Zakim, mute ??P5
16:14:16 [Zakim]
??P5 should now be muted
16:14:35 [enewland]
Charles: what about ISPs? Then we already have collection and logging.
16:14:46 [enewland]
Aleecia: so this raises an issue. Are ISPs in or out of scope?
16:15:13 [enewland]
Thomas: we should stay on the application layer
16:15:18 [enewland]
... and not raise this as an issue
16:16:05 [laurengelman]
I am on the phone 415
16:16:10 [enewland]
Frederick: I'm concerned about the idea that hashing IDs is the same as anonymity. If we are talking individual records for individual entities. This is a privacy problem. Maybe we should use a 'should' here.
16:16:17 [enewland]
Shane: to get aggregate, you have to start with somethign else
16:16:20 [npdoty]
s/Frederick/fjh/
16:16:34 [npdoty]
… there is a point in time when you don't have aggregate data, even if you will at some point
16:16:35 [enewland]
fjh: So maybe it's a retention issue
16:16:50 [enewland]
Aleecia: Is hashing or trying to de-ietntify enough to be anonymous or should we require aggregate only?
16:16:53 [fielding]
I am talking too fast today. If "research" includes the study of humans activity (data collection of individual behavior for the sake of understanding that behavior), then legitimate research that complies with universally accepted human studies policies MUST obey the DNT preference because it expresses an opt-out. If "research" means studying something other than human activity, such as an aggregate set of paths from other sites and statistics regarding th
16:16:53 [fielding]
paths, then this should hall into the category of exemption by aggregation (i.e., we only want to exempt research if it is only stored in aggregate form).
16:17:04 [laurengelman]
<thanks for fixingthe beeping>
16:17:07 [enewland]
fjh: so-called anonymization may not work as well as want it to.
16:17:13 [ifette]
rrsagent, bookmark?
16:17:13 [RRSAgent]
See http://www.w3.org/2011/09/22-dnt-irc#T16-17-13
16:17:26 [enewland]
Kevin: what is the mechanism of exemption?
16:17:28 [npdoty]
fjh: we could have a SHOULD requirement about anonymization or measures against de-identification
16:17:28 [fielding]
s/hall/fall/
16:18:14 [enewland]
Kevin: How do companies claim exemptions?
16:18:26 [enewland]
ISSUE: How co companies claim exemptions and is that technical or not?
16:18:26 [trackbot]
Created ISSUE-75 - How co companies claim exemptions and is that technical or not? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/75/edit .
16:18:46 [fjh]
q?
16:18:54 [enewland]
Aleecia: We do not have consensus on this.
16:18:58 [clp]
lunch
16:19:00 [enewland]
Lunch time
16:19:02 [npdoty]
… confusion by talking about different layers (SSL for example separates into two layers)
16:20:45 [Zakim]
-[Microsoft]
16:27:15 [Zakim]
-??P5
16:29:46 [scott]
scott has joined #dnt
16:56:26 [clp]
clp has joined #dnt
16:56:31 [clp]
Back
16:58:07 [Justin]
Justin has joined #dnt
17:08:06 [Zakim]
+[Microsoft]
17:08:14 [adrianba]
zakim, [Microsoft] is me
17:08:14 [Zakim]
+adrianba; got it
17:09:05 [efelten]
efelten has joined #dnt
17:10:12 [npdoty]
npdoty has joined #dnt
17:10:52 [Zakim]
+[Microsoft]
17:12:16 [cris]
cris has joined #dnt
17:21:02 [mischat]
mischat has joined #dnt
17:29:00 [KevinT]
kick off
17:29:21 [npdoty]
scribenick: KevinT
17:29:50 [KevinT]
referring to intro schematic around browser/server - focusing on message exchange details
17:30:10 [KevinT]
matthias leading
17:30:47 [amyc]
amyc has joined #dnt
17:30:59 [KevinT]
goal - find areas of fundamental agreement and build with those smaller pieces into the larger picture
17:31:09 [tl]
tl has joined #dnt
17:31:09 [KevinT]
this should be more technical than last discussion
17:31:34 [KevinT]
tracking lists not in this discussion (next one)
17:32:12 [KevinT]
Thomas starting with FF proposal around challenge response
17:32:19 [npdoty]
IETF draft (from jmayer et al.) here -- http://datatracker.ietf.org/doc/draft-mayer-do-not-track/
17:33:46 [KevinT]
browser send DNT 0 or 1, server responds {0|1} <— what it thinks the browser said {0,1} <— confirmation of consumer actions (possible opt-in)
17:33:50 [KevinT]
...
17:33:52 [npdoty]
<tl sketching DNT header and response header>
17:33:55 [jkaran]
jkaran has joined #dnt
17:34:05 [KevinT]
<applause>
17:34:49 [npdoty]
tl: essentially Harlan Yu's position paper at the Princeton workshop
17:35:14 [KevinT]
Tom Comscore - offering his proposal
17:35:52 [tl]
yu's paper: http://www.w3.org/2011/track-privacy/papers/yu.pdf
17:36:04 [tl]
tlr; do you have a copy of harlan yu's slide deck?
17:36:05 [KevinT]
…server response (0,1) only (user desire, server reply)
17:36:08 [npdoty]
adrianba, is there anyone on the phone from microsoft to describe the DOM proposal?
17:36:44 [KevinT]
next proposal from Roy Adobe
17:37:01 [npdoty]
s/Roy Adobe/fielding/
17:37:12 [adrianba]
npdoty, the proposal is simply to make the value that would be sent available in script - there was lots of discussion at Princeton about whether that is a good idea or not
17:37:28 [KevinT]
…use Link: <policy>
17:37:43 [adrianba]
npdoty, i think at this point it suffices to say that there is a proposal that this MAY be made available to script somehow
17:38:10 [KevinT]
next proposal from Charles
17:38:30 [Erika]
Erika has joined #dnt
17:39:04 [adrianba]
npdoty, i can speak to that briefly if necessary but i don't have much more to say :)
17:39:19 [KevinT]
…include strings and ability to respond with a subset
17:39:26 [KevinT]
next proposal from Ian
17:39:57 [KevinT]
…in server response include a 3rd field for "I don't know" field
17:40:58 [KevinT]
next proposal from Jonathan — IETF submission - server just replies with just user request confirmation
17:41:19 [efelten]
s/...include strings/... include strings/
17:41:40 [efelten]
s/...in server/... in server/
17:42:29 [KevinT]
ditto
17:43:05 [KevinT]
shane: include a response of providing an already expressed consent signal
17:43:32 [jmayer]
jmayer has joined #dnt
17:43:55 [KevinT]
dave: how do we communicate states among parties?
17:44:22 [KevinT]
charles: this is in my proposal
17:44:51 [npdoty]
david: … as in communicating to a first party whether one of the third parties is blocked
17:44:58 [clp]
A set of requested String the encode: Desired things to NOT be tracked, shared, relationships of trust etc.
17:45:03 [clp]
^^Charles
17:45:13 [clp]
... reply is subset that the server can do
17:45:39 [karl]
P1 - C "DNT: {0|1}" - S "DNT: {0|1},{0,1}"
17:45:39 [karl]
P2 - C "DNT: {on,<strings>|off}" - S "DNT: {off|on,<subset of X>}"
17:45:44 [npdoty]
ISSUE: should a server echo the DNT header to confirm receipt?
17:45:44 [karl]
P3 - C "DNT: {0|1}" - S "DNT: {0,1}"
17:45:44 [trackbot]
Created ISSUE-76 - Should a server echo the DNT header to confirm receipt? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/76/edit .
17:45:48 [karl]
P4 - C "DNT: {0|1}" - S "DNT: <policyURI>;rel=tracking;state=on"
17:45:50 [karl]
P5 - C "DNT: {0|1}" - S "DNT: {0|1},{0,1,?}"
17:45:59 [tl]
the concern is that http proxies suck, and have a poor habit of removing headers that they don't recognise
17:46:24 [jmayer]
actually, custom headers almost always traverse the net
17:46:28 [npdoty]
tl, how is this handled for other HTTP headers?
17:46:37 [jmayer]
there's a study on this by collin jackson
17:47:06 [karl]
jmayer: by custom headers do you mean X-foo
17:47:10 [tl]
jmayer, link?
17:47:24 [karl]
s/jmayer:/jmayer,/
17:47:26 [KevinT]
ISSUE: how does a website determine if a first or third party and should this be included in the protocol?
17:47:26 [trackbot]
Created ISSUE-77 - How does a website determine if a first or third party and should this be included in the protocol? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/77/edit .
17:47:50 [npdoty]
ISSUE-77: connected to ISSUE-60
17:47:50 [trackbot]
ISSUE-77 How does a website determine if a first or third party and should this be included in the protocol? notes added
17:48:53 [jmayer]
last paper in http://donottrack.us/bib/#sec_technology
17:49:18 [pde]
q+
17:49:21 [KevinT]
wileys: add link back to where your DNT policy exists
17:49:30 [KevinT]
susan: +1
17:49:39 [npdoty]
s/susan/jkaran/
17:50:34 [KevinT]
roy: do we need have to send DNT=0 or just skip?
17:50:52 [npdoty]
ISSUE: what is the difference between absence of DNT header and DNT = 0?
17:50:53 [trackbot]
Created ISSUE-78 - What is the difference between absence of DNT header and DNT = 0? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/78/edit .
17:52:13 [KevinT]
Kevin Adobe raised issue of whether to send a shortcut instead of string (well known location, e.g.)
17:52:41 [npdoty]
ISSUE: should a server respond if a user sent DNT:0?
17:52:41 [trackbot]
Created ISSUE-79 - Should a server respond if a user sent DNT:0? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/79/edit .
17:52:59 [npdoty]
s/Kevin Adobe/KevinSmith:/
17:53:54 [npdoty]
pde: put the browser back in the loop, knowledge of the opt back ins
17:54:02 [KevinT]
... include a domain field
17:54:51 [npdoty]
ISSUE: instead of responding with a Link: header URI, does it make sense to use a well-known location for this policy?
17:54:52 [trackbot]
Created ISSUE-80 - Instead of responding with a Link: header URI, does it make sense to use a well-known location for this policy? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/80/edit .
17:55:10 [karl]
P6 - C "DNT: {0|1}" - S "DNT: {1|0},domain, …"
17:55:25 [KevinT]
ISSUE: Do we need a response at all from server?
17:55:25 [trackbot]
Created ISSUE-81 - Do we need a response at all from server? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/81/edit .
17:56:34 [npdoty]
ISSUE-81: ifette suggests that the user either trusts the site or doesn't, so why would the browser bother to expose this response to the user?
17:56:35 [trackbot]
ISSUE-81 Do we need a response at all from server? notes added
17:57:02 [KevinT]
matthias: reframe client—> server and server —> client core payload
17:58:21 [jmayer]
jmayer has joined #dnt
17:59:15 [KevinT]
… client-> server: DNT preference to be set by client as 0 or 1 (agree)
18:00:08 [KevinT]
fredrich: extensibility — user can specify any limitations
18:00:19 [npdoty]
does anyone know the number of that issue on extensibility?
18:00:30 [npdoty]
s/fredrich/fjh/
18:02:13 [karl]
npdoty, not sure there is an issue open yet. I'm checking
18:03:56 [npdoty]
issue-59?
18:03:56 [trackbot]
ISSUE-59 -- Should the first party be informed about whether the user has sent a DNT header to third parties on their site? -- raised
18:03:56 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/59
18:04:21 [karl]
npdoty, no issue open for extensibility of DNT header
18:04:47 [npdoty]
Shane: just raising the problem, not a solution, that the first party will want to know which 3rd-parties are being blocked
18:04:52 [karl]
ISSUE: Should the DNT header be extensible with additional parameters?
18:04:52 [trackbot]
Created ISSUE-82 - Should the DNT header be extensible with additional parameters? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/82/edit .
18:05:08 [KevinT]
matthias: from board generally: extensions include: 1) 1st or 3rd party, 2) fine grained controls, 3) identities, 4) blocking info
18:05:57 [npdoty]
ChrisOlsen: what if the user wants to opt back out after they've opted back in?
18:06:18 [KevinT]
issue: how do you opt out if already opted in?
18:06:19 [trackbot]
Created ISSUE-83 - How do you opt out if already opted in? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/83/edit .
18:07:23 [KevinT]
ifette: not thrilled around creating a bunch of UI in browser to manage these features
18:08:30 [KevinT]
amyc: web based applications? is there a way to access the header?
18:09:13 [npdoty]
ISSUE: do we need a JavaScript API / DOM property for client-side js access to Do Not Track status?
18:09:14 [trackbot]
Created ISSUE-84 - Do we need a JavaScript API / DOM property for client-side js access to Do Not Track status? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/84/edit .
18:09:29 [KevinT]
jmayer: DOM sets boolean flag but longer conversation
18:09:47 [KevinT]
ISSUE: DOM property and its access generally and specifically to web apps
18:09:47 [trackbot]
Created ISSUE-85 - DOM property and its access generally and specifically to web apps ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/85/edit .
18:09:59 [npdoty]
close issue-85
18:09:59 [trackbot]
ISSUE-85 DOM property and its access generally and specifically to web apps closed
18:10:11 [npdoty]
issue-85: duplicate of issue-84
18:10:11 [trackbot]
ISSUE-85 DOM property and its access generally and specifically to web apps notes added
18:11:06 [pde]
npdoty, it wasn't a formal vote
18:12:13 [jkaran]
jkaran has joined #dnt
18:12:16 [npdoty]
ISSUE-78?
18:12:16 [trackbot]
ISSUE-78 -- What is the difference between absence of DNT header and DNT = 0? -- raised
18:12:16 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/78
18:12:41 [tl]
tl has joined #dnt
18:13:04 [npdoty]
tl: there are two states, DNT:1 and the other state
18:13:22 [npdoty]
David: there seems like an important distinction here if the header doesn't get sent at all
18:14:02 [KevinT]
aleccia: reality is that most browser do not have this feature
18:14:10 [npdoty]
s/aleccia/aleecia/
18:14:23 [npdoty]
efelten: are there any browsers with DNT set to 0?
18:14:36 [efelten]
s/any browsers/any current implementations/
18:14:42 [npdoty]
tom_comscore: AdBlock Plus does (?)
18:16:18 [KevinT]
tlr: if header is present - then 0 or 1, open question is whether absence of header a different meaning for user?
18:16:23 [npdoty]
ISSUE-58?
18:16:23 [trackbot]
ISSUE-58 -- What if DNT is explicitly set to 0 and an opt-out cookie is present? -- raised
18:16:23 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/58
18:19:48 [tlr]
RESOLUTION: if a DNT header is present, its value is either 1 or 0
18:20:16 [npdoty]
or at least, it's no options other than 0 or 1
18:20:28 [pde]
DNT: the children
18:21:24 [KevinT]
issue: do we have general extensibility capability for header response?
18:21:24 [trackbot]
Created ISSUE-86 - Do we have general extensibility capability for header response? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/86/edit .
18:21:28 [npdoty]
issue-82?
18:21:28 [trackbot]
ISSUE-82 -- Should the DNT header be extensible with additional parameters? -- raised
18:21:28 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/82
18:21:38 [npdoty]
close issue-86
18:21:39 [trackbot]
ISSUE-86 Do we have general extensibility capability for header response? closed
18:21:45 [npdoty]
issue-86: duplicate of issue-82
18:21:45 [trackbot]
ISSUE-86 Do we have general extensibility capability for header response? notes added
18:21:57 [tlr]
did we capture the scope of David's reservation?
18:22:08 [KevinT]
matthias: moving to Server response side
18:22:19 [npdoty]
I'm not sure I understand David's reservation regarding the resolution
18:22:27 [fjh]
should ISSUE-82 be simply, "Should the DNT header be extensible"
18:22:38 [npdoty]
davidwainberg, can you give more detail on your reservation?
18:23:26 [npdoty]
"a server could use this to say the server does not know or will not tell you"
18:23:43 [npdoty]
fielding: as a server developer I would never do this
18:24:07 [David]
David has joined #dnt
18:25:09 [npdoty]
ifette: for very small sites, I might say that I understand but I don't know if I'm cooperating or not
18:25:19 [KevinT]
matthias: list of options 1) bouncing user preference, 2) sending server choice, 3) extensions...
18:26:02 [KevinT]
efelten: isn't is assumed the server receives this?
18:26:25 [npdoty]
… what's the practical difference between not responding at all or responding with a ?
18:26:46 [npdoty]
ifette: well, I don't think any of the responses will matter to the end user….
18:28:10 [KevinT]
roy: would not send "I don't know" other downstream servers or external processes that could be overridden erroneously
18:28:17 [npdoty]
s/roy/fielding/
18:29:20 [KevinT]
karl: is response useful to browser or user (filter)
18:29:35 [npdoty]
… if a response won't be useful to a user, then why send it?
18:30:05 [KevinT]
pde: for user opting back in, need server response
18:30:22 [fielding]
other components of the server (application filters or subrequests) may know what they are doing or external components (TCP routers that do logging external to the web server) may know what they are doing, and I wouldn't want my clueless response to override the others
18:31:17 [KevinT]
kevin adobe: don't define response if can't define use
18:31:32 [fielding]
OTOH, I agree with ifette that it would be better not to respond at all and just rely on the published policy for indicating compliance
18:31:46 [KevinT]
cris: policy reputation might be a good response for consumers to trust
18:32:14 [KevinT]
clay: server response —> claim 1st or 3rd party
18:33:20 [KevinT]
ifette: p3p ui not understood —> why create DNT UI ?
18:34:06 [KevinT]
brett: server response bring enforceability (base contract)
18:34:29 [KevinT]
ifette: argue in privacy policy already
18:35:57 [efelten]
Zakim, ISSUE-82?
18:35:57 [Zakim]
I don't understand your question, efelten.
18:36:05 [npdoty]
ISSUE-82?
18:36:05 [trackbot]
ISSUE-82 -- Should the DNT header be extensible with additional parameters? -- raised
18:36:05 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/82
18:36:09 [ifette]
ISSUE: Should there be an option for the server to respond with "I don't know what my policy is"
18:36:12 [trackbot]
Created ISSUE-87 - Should there be an option for the server to respond with "I don't know what my policy is" ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/87/edit .
18:36:53 [pde]
ifette, so you're okay with 0|1|?|no response ?
18:38:20 [pde]
ifette, what about 0|1|no header ?
18:38:23 [ifette]
pde, i would prefer there be no server response. If as a group we decide there should be a server response, I would prefer the list of acceptable responses to include a '?' value
18:38:35 [ifette]
no header is not the same as "?"
18:38:47 [ifette]
no header could be just "I don't understand what DNT is"
18:38:53 [tl]
ifette, i can think of a whole load of ui things that i like, and a whole load of non-ui things that browser might do....
18:38:56 [KevinT]
clp: other extensions — fine grained preferences
18:39:22 [ifette]
tl, happy to hear suggestions
18:39:28 [pde]
ifette, so I think you do think the response should have 4 values rather than 3 (if there is going to be a response at all)
18:39:47 [ifette]
pde, if there is a response header, i was saying 3 values (0/1/?)
18:39:53 [pde]
I would have been okay as leaving "not sure" and "I don't know about DNT" as the same case (the server sends no header)
18:40:08 [tl]
ifette, for instance: i might enable or disable features that facilitate tracking. perhaps i treat third-party cookies, differently, or change my signature
18:40:12 [KevinT]
efelten: other extension: URL of policy/link header
18:41:00 [pde]
ifette, changing topics slightly -- I think your points about bad privacy UI design are well taken
18:41:05 [dan]
dan has joined #dnt
18:41:17 [tl]
ifette, incidentally, it's an eye, not a whirlpool in IE
18:41:21 [pde]
and it's certainly dangerous/tricky/hard to put anything in browser chrome about this
18:41:38 [pde]
but for us it's a good avenue to leave open if any browsers want to try it
18:41:43 [ifette]
tl i realize it's an eye, but it looks like a whirlpool to me and if I say an eye it might bias responses :)
18:41:51 [pde]
while certainly avoiding any SHOULDs or MUSTs on the subject
18:42:17 [tl]
"browsers MAY tell or ask users about this, or choose do anything else"
18:42:19 [npdoty]
I thought efelten's suggestion was a response header that included a string about why the server is responding DNT:0
18:42:36 [KevinT]
clp: other extension: Identity response
18:43:07 [tl]
ifette, one big thing is that the browser might make really different choices in private browsing mode
18:43:40 [sudbury]
sudbury has joined #dnt
18:44:47 [tl]
ifette, the browser might ignore "DNT:1,0" in regular mode, but warn the user with a doorhanger notice in private browsing mode...
18:45:21 [KevinT]
jkaran: include info around sub-domains
18:46:25 [Zakim]
- +1.202.263.aabb
18:46:27 [ifette]
tl we explicitly say in our private mode that "Going incognito doesn't affect the behavior of other people, servers, or software"
18:46:54 [ifette]
for us, private browsing is about reducing the traces left on the user's computer
18:46:56 [tl]
ifette, true enough, but that doesn't mean that you shouldn't do as much as possible
18:47:08 [ifette]
we don't want to give a false sense of security
18:47:29 [tl]
ifette, we're considering how to adapt our private mode to local, remote, and network threats
18:47:46 [ifette]
short of using tor, it's not clear we're not giving users a false sense of security
18:47:49 [ifette]
(we've talked about tor...)
18:49:54 [tl]
there's a lot you'd have to do to use tor safely...
18:50:01 [tl]
</offtopic>
18:51:33 [KevinT]
winding down discussion, deciding on action items
18:53:14 [KevinT]
use cases around "?" will hold after documentation of protocol to see if necessary
18:53:22 [Zakim]
-[Microsoft]
19:01:06 [npdoty]
adrianba, does anyone on the phone from MSFT want to talk during the next session on Lists?
19:01:47 [scott]
scott has joined #dnt
19:02:51 [jmayer]
jmayer has joined #dnt
19:07:36 [adrianba]
npdoty, we don't have anything specific to present - our proposal is the list section of our submission
19:08:07 [adrianba]
npdoty, our preference would be to start there and iterate based on feedback but want to hear what the group thinks
19:08:55 [adrianba]
npdoty, for example karl has sent feedback to the list, which we're preparing a reply to
19:12:17 [npdoty]
thanks, adrianba, you don't have any other specific comments for the live meeting?
19:14:50 [adrianba]
npdoty, not at the moment
19:15:44 [npdoty]
gotcha
19:16:48 [jmayer]
Want to make sure the Adblock Plus format gets significant consideration.
19:17:50 [jmayer]
It is hands down the most popular content blacklist format.
19:17:55 [npdoty]
the input documents I see are:
19:17:59 [npdoty]
* http://www.w3.org/Submission/web-tracking-protection/
19:18:16 [npdoty]
* http://adblockplus.org/en/filters
19:18:20 [tlr]
tlr has joined #dnt
19:18:35 [npdoty]
* http://www.opera.com/support/mastering/kiosk/#url-filter
19:18:49 [npdoty]
scribenick: tl
19:19:25 [npdoty]
Zakim, agenda?
19:19:25 [Zakim]
I see 3 items remaining on the agenda:
19:19:27 [Zakim]
1. detailed discussion of issues [from npdoty]
19:19:28 [Zakim]
2. Tracking Preference Expression [from npdoty]
19:19:29 [Zakim]
3. Tracking Selection Lists [from npdoty]
19:19:33 [npdoty]
zakim, close agendum 1
19:19:33 [Zakim]
I see a speaker queue remaining and respectfully decline to close this agendum, npdoty
19:19:38 [npdoty]
q?
19:19:41 [tl]
matthias: last technical session: tracking selection list
19:19:43 [npdoty]
q- pde
19:19:50 [npdoty]
zakim, close agendum 1
19:19:50 [Zakim]
agendum 1, detailed discussion of issues, closed
19:19:51 [Zakim]
I see 2 items remaining on the agenda; the next one is
19:19:53 [Zakim]
2. Tracking Preference Expression [from npdoty]
19:19:58 [npdoty]
zakim, close agendum 2
19:19:58 [Zakim]
agendum 2, Tracking Preference Expression, closed
19:20:00 [Zakim]
I see 1 item remaining on the agenda:
19:20:02 [Zakim]
3. Tracking Selection Lists [from npdoty]
19:20:07 [npdoty]
zakim, take up agendum 3
19:20:07 [Zakim]
agendum 3. "Tracking Selection Lists" taken up [from npdoty]
19:20:23 [tl]
karl: microsoft tsl proposal
19:21:03 [tl]
... simple text file where each line lists a domain, and whether it should be allowed or blocked
19:21:22 [tl]
... ex: "-d rogue.example.com" blocks
19:21:57 [tl]
... and: "+d splendid.example.com" allows
19:22:59 [tl]
... already in IE
19:23:30 [tl]
... opera "url filters" proposer
19:23:44 [tl]
s/proposer/proposal
19:23:54 [tlr]
tlr has joined #dnt
19:23:55 [jmayer]
jmayer has joined #dnt
19:24:05 [tl]
... uses an .ini file, has dom api
19:24:20 [tl]
... in ms proposal, can have many lists
19:24:23 [jmayer]
RRSAgent, bookmark
19:24:23 [RRSAgent]
See http://www.w3.org/2011/09/22-dnt-irc#T19-24-23
19:24:24 [Zakim]
+[Microsoft]
19:24:59 [tl]
... in firefox, there is another api
19:25:17 [tl]
[i think karl is referring to adblock plus, not firefox]
19:25:56 [tl]
david: clarification: after parsing list, if a domain is to be blocked, all third-party requests to that domain are ignored
19:26:25 [tl]
... if a domain is allowed on one list but blocked on another, it is allowed
19:26:51 [adrianba]
the other reason for having an allow is so that you can have a simple general block rule and then allow exceptions
19:27:09 [KevinT]
http://tplviewer.com/
19:27:16 [tl]
aleecia: you can use your own custom list, and your list overrides all others
19:27:28 [tl]
karl: no, your own list does not override
19:27:46 [adrianba]
http://www.w3.org/Submission/web-tracking-protection/#processing-multiple
19:28:04 [adrianba]
merging lists, all allow rules merge at the top
19:28:16 [tl]
tl: clarification, the "mozilla" mechanism is actuall abp
19:28:22 [tl]
s/actuall/actually
19:29:10 [tl]
ifette: this seems a lot more than tracking protection, it seems like an ad-blocker in the browser, and we don't want to ship one of those
19:30:13 [tl]
davidwainberg: this standard is about dropping http requests. what else should i know about this?
19:30:48 [tl]
ifette: ex: cross-origin http requests would have been dropped under some circumstances
19:31:22 [tl]
thomas c: or multiple redirects
19:31:48 [tl]
npdoty, not from ms but: not for blocking advertising, more like one-pixel trackers
19:31:50 [jmayer]
jmayer has joined #dnt
19:32:12 [karl]
Mozilla nsIContentPolicy, Interface for content policy mechanism. https://developer.mozilla.org/En/NsIContentPolicy
19:32:20 [tl]
kevin: as a web developer, i don't like being unable to control my site
19:32:51 [jmayer]
(Firefox has a bunch of APIs you can use to block content.)
19:33:26 [tl]
jkaran, often things are requested on a pathway through several servers, if we block an intermediary, it might affect revenue counts
19:33:40 [npdoty]
s/jkaran,/jkaran:/
19:34:06 [tl]
... this list could be huge, and it's not clear to a user how these lists may interact
19:35:03 [tl]
Brett: this is a terrible idea. you can end up blocking css and other site-critical elements. most of these lists actually are ad-blockers, and this is content theft.
19:35:30 [tl]
... i love that this gives consumers choice, i hate that it takes choice from content providers
19:35:56 [tl]
roy: i don't see any interoperability needs for these lists
19:36:42 [jmayer]
tl, to block tracking, you have to block advertising http://cyberlaw.stanford.edu/node/6730
19:38:42 [tl]
tl: web developers: i know that you like to control experience, but if you do something that users object to, they're entitled to be in on that conversation
19:39:14 [jmayer]
re: ad blocking as "theft," it's trivial to tier access to visitors who block ads
19:39:26 [tl]
tl: it may be the case that billing is broken, but if billing depends on objectionable tracking, that's something that users should be involved in
19:39:27 [cris]
cris has joined #dnt
19:39:29 [fielding]
I don't see any interoperability issue here that can be standardized -- the browsers do not share these lists with other browsers, even those owned by the same user.
19:39:38 [karl]
s/re: ad/re ad/
19:39:51 [tl]
tl: re standards: the formats, one piece of content, that's entirely the point of a standard
19:40:06 [tl]
ifette, browsers are user agents, they should follow user needs
19:40:39 [tl]
... agree with tl's point re negotiation. we need to facilitate negotiations between users and sites
19:40:42 [tl]
... someone couldn
19:40:46 [tl]
strike that
19:41:02 [tl]
... someone couldn't just walk into a store and take without paying
19:41:14 [tl]
...likewise, shouldn't do the same with content
19:41:15 [ifette]
ifette: but the content belongs to the site. So, both party's interests need to be respected
19:41:32 [tl]
thomas c: lists seem unscalable, blunt instruments
19:42:07 [tl]
...content publishers have some mechanisms to identify third part calls
19:42:29 [tl]
kevin: is crazy-talk, nobody would ever do that.
19:42:45 [tl]
thomas c: yeah, but you could do it sometimes.
19:43:26 [tl]
thomas z: all about negotiation. publishers need to know about blocking when it happens.
19:43:48 [jmayer_]
jmayer_ has joined #dnt
19:43:57 [tl]
KevinT: lists provide a way to make policy. there can be a system separate from policy
19:44:06 [tl]
... exemptions can also be filtered
19:44:12 [ifette]
s/kimon/thomas z/
19:44:58 [efelten]
s/thomas z/kimon/
19:45:05 [tl]
... this concept of reputation is important. users shouldn't have to decide who's trustworthy, they should be able to outsource that to list-authors (like with antivirus)
19:45:13 [ifette]
oops, thanks ed :) mixed up the order
19:45:33 [clay_]
clay_ has joined #dnt
19:45:36 [tl]
cris: need to have conversation between first party and advertisers, users
19:46:11 [tlr]
tlr has joined #dnt
19:46:28 [tlr]
tlr has joined #dnt
19:46:30 [cris]
just to quote vp at bluecava, Eric Johannsen
19:46:41 [cris]
“If tracking protection is implemented so that consumers cannot be tracked, there will be no free internet.”
19:46:51 [tl]
charles: if anyone wants to use these lists, we should agree on the format. if we have a better way to implement these lists, we should do that. negotiation is awesome, need a good way to express that
19:47:20 [tlr]
q?
19:47:24 [cris]
we need the ability for consumers to express a preference, not blocking, not protecting, to whether or not to allow website to track in exchange for service and content
19:48:16 [tl]
karl: @ifette: sometimes opera and google disagree. you don't want to ship these lists; at the same time, chrome has an adblock extension. users may want the choice to install these addons, and these lists are the tools they need to do that effectively.
19:49:01 [tl]
... i naysay to those who think that users who block ads will kill the web. arguing against this is arguing against reality: people already do this!
19:49:32 [tl]
matthias: adblockers exist, and it's not our place to disallow those. we need to talk about the actual interoperability needs of these lists.
19:49:42 [jmayer_]
Unclear that Do Not Track will get buy-in. We should standardize tools for consumers to help themselves if that doesn't happen.
19:50:00 [tl]
... c.v. antivirus, where there's lock-in on lists, and less competition.
19:50:45 [tl]
... browser vendors are free to use these lists or not. from a standards perspective we need to decide whether we want to mandate these lists.
19:52:05 [tl]
tl: we don't want to mandate the use of these lists, we just want to agree on the format
19:52:06 [tl]
karl: concur
19:52:06 [tl]
kevin: should we talk about this at all?
19:52:06 [tl]
ifette: suggest: no needs for standards
19:52:16 [tl]
... exist many adblockers, they don't seem to be suffering from a lack of standards
19:52:27 [tl]
... why should we deal with helping them
19:52:34 [tl]
... our time could be better spent
19:53:16 [efelten]
s/needs for standards/no need for standards for blocking lists/
19:53:47 [tl]
thomas z: when you get on a bus, you see ads. there's bad advertising, but it's here to stay. agreeing on an industry standard to block ads is wrong, and it's an abuse by browser manufacturers
19:53:56 [npdoty]
s/thomas z/kimon/
19:54:02 [ifette]
s/no needs for standards/no need to standardize list format for ad blockers/
19:55:43 [tl]
npdoty: this isn't "stealing". this is a good place to agree on a common format. we should not try to control what users do. standards exist to allow users to do what they want. some have disabilities or other problems. user agents should not be *forced* to make requests
19:56:08 [jmayer_]
Would like to note that Chrome was once on track to support blocklists. http://code.google.com/p/chromium/issues/detail?id=16932
19:56:33 [tl]
... re: notice and negotiation: good idea! the user-agent should fire-off a download error when blocking, so sites can react and monetize.
19:57:12 [fjh]
+1 to npdoty
19:57:32 [tl]
tlr: clarification requested by matthias: it is up to chair to make decisions about use of time & resources
19:57:48 [tl]
matthias: we agree that we shouldn't mandate lists
19:57:54 [tl]
karl: we couldn't
19:57:54 [scott]
scott has joined #dnt
19:58:37 [tl]
matthias: anyone want to do this?
19:58:47 [tl]
tl: if there's so little interest, it should take no time
19:59:03 [tl]
ifette, if there's little interest, perhaps someone else can do it
19:59:15 [npdoty]
s/someone else/some other group/
19:59:34 [tl]
kevin: all conversation about lists moves to adblocking. perhaps we should listen to that
19:59:39 [fjh]
not everyone is here that might be interested in this discussion, some had to leave early
20:00:03 [tl]
karl: the list format is not content-specific. it could block malware, or anything else.
20:00:20 [tl]
charles: we all agree that we do not want to mandate these lists
20:01:21 [tl]
tl: clarification: we do not want to (and may not be able to) mandate the use of these lists. we shall speak of it no more!
20:01:48 [tl]
matthias: if ads are blocked through an ad blocker, do we need some way to communicate this to a site
20:02:20 [tl]
ifette: i thought we didn't care?
20:02:35 [tl]
aleecia: we can later discuss whether we care
20:02:39 [tl]
ifette: deal
20:02:43 [tl]
charles: negotiation?
20:02:50 [tl]
matthias: maybe
20:02:57 [jmayer_]
It's really quite straightforward to detect ad blocking with current tools.
20:03:16 [tl]
matthias: repeats "if ads are blocked through an ad blocker, do we need some way to communicate this to a site"
20:03:30 [tl]
matthias: straw poll:
20:03:52 [tl]
ifette: who cannot live with continuing to work on it
20:04:05 [tl]
aleecia: significant split
20:04:14 [tl]
edfelten: also, ms is not here
20:04:26 [tl]
matthias: session ended
20:04:48 [jmayer_]
This is bogus. Advertising companies force users to choose between publisher monetization and privacy, then cry foul when users choose privacy.
20:05:16 [clp]
Break until 4:30 pm for wrapup
20:07:14 [adrianba]
adrianba has left #dnt
20:07:19 [Zakim]
-adrianba
20:07:29 [clp]
Charles: take a look at this:
20:07:30 [clp]
http://www.slate.com/id/2304404/pagenum/all/#p2
20:07:39 [clp]
.... a la blocking issues
20:12:30 [clp]
... (it's nothing revolutionary, just thought the automated list abuse underlined earlier arguments made)
20:18:54 [clp]
Wrapup
20:19:09 [npdoty]
scribenick: npdoty
20:19:19 [npdoty]
aleecia: we have aggressive deadlines at the moment and we don't have text yet
20:19:23 [clp]
Aleecia: agreesive deadlines no text yet
20:19:31 [npdoty]
… we're planning to have editors before next Wednesday
20:19:40 [npdoty]
… expecting to have straw man drafts at the same time
20:19:57 [npdoty]
… need to turn minutes and the issues list into something useful (merging, grouping, removing duplicates)
20:20:08 [npdoty]
… call on Wednesday start creating action items out of the issues list
20:20:16 [npdoty]
… really enjoyed the energy level, people engaged
20:20:30 [npdoty]
… comments have been constructive; heated, but not personal, working towards resolution
20:20:38 [npdoty]
… we've been productive in raising issues
20:20:49 [npdoty]
… and understanding the W3C process
20:21:05 [npdoty]
… thx to the scribes! and nick and thomas
20:21:15 [npdoty]
… thanks for coming on short notice and participating
20:21:34 [npdoty]
… not everyone will make this Wednesday's call we know, but that will be the standing call
20:21:56 [npdoty]
clp: recorded audio -- let me know if you're interested
20:22:20 [npdoty]
tlr: better to announce recording of audio ahead of time
20:23:04 [npdoty]
email pictures and links of pictures to npdoty@w3.org who will compile for the sake of the minutes
20:23:24 [npdoty]
matthias: thanks as well, next wednesday call we'll take the issues and start assigning
20:23:31 [clp]
bye all
20:23:34 [npdoty]
… liked this meeting a lot and had everyone engaged
20:23:39 [npdoty]
… see you again in Santa Clara
20:23:41 [npdoty]
<applause>
20:23:54 [npdoty]
Zakim, close agendum
20:23:54 [Zakim]
I don't understand 'close agendum', npdoty
20:23:58 [npdoty]
Zakim, agenda?
20:23:58 [Zakim]
I see 1 item remaining on the agenda:
20:23:59 [Zakim]
3. Tracking Selection Lists [from npdoty]
20:24:08 [npdoty]
Zakim, next agendum
20:24:08 [Zakim]
I do not see any more non-closed or non-skipped agenda items, npdoty
20:24:20 [npdoty]
Zakim, close agendum 3
20:24:20 [Zakim]
agendum 3, Tracking Selection Lists, closed
20:24:21 [Zakim]
I see nothing remaining on the agenda
20:24:46 [Zakim]
-[Microsoft]
20:24:48 [npdoty]
rrsagent, bookmark?
20:24:48 [RRSAgent]
See http://www.w3.org/2011/09/22-dnt-irc#T20-24-48
20:24:53 [npdoty]
rrsagent, draft minutes
20:24:53 [RRSAgent]
I have made the request to generate http://www.w3.org/2011/09/22-dnt-minutes.html npdoty
20:25:02 [npdoty]
rrsagent, make minutes public
20:25:02 [RRSAgent]
I'm logging. I don't understand 'make minutes public', npdoty. Try /msg RRSAgent help
20:25:09 [laurengelman]
laurengelman has joined #dnt
20:27:13 [jmayer]
jmayer has joined #dnt
20:32:36 [aleecia]
aleecia has joined #dnt
20:34:49 [jmayer]
jmayer has joined #dnt
20:38:36 [jmayer_]
jmayer_ has joined #dnt
20:45:14 [tlr]
tlr has joined #dnt
20:58:01 [ifette]
ifette has joined #dnt
21:05:00 [Zakim]
disconnecting the lone participant, WG-Live, in Team_(dnt)13:00Z
21:05:01 [Zakim]
Team_(dnt)13:00Z has ended
21:05:04 [Zakim]
Attendees were +1.617.715.aaaa, +1.202.263.aabb, +1.202.263.aacc, BrianTschumper, +1.425.681.aadd, WG-Live, adrianba, [Microsoft]
21:23:56 [[Thomas]]
[Thomas] has joined #dnt
22:22:52 [fielding]
fielding has joined #dnt
22:36:01 [dan]
dan has joined #dnt
22:43:30 [KevinT]
KevinT has joined #dnt
23:16:05 [KevinT]
KevinT has left #dnt
23:16:59 [tl]
tl has joined #dnt