See also: IRC log
<aleecia> chair is schunter
<npdoty> trackbot, start meeting
<trackbot> Date: 26 October 2011
<tl> the robots don't know how to talk to each other?
<npdoty> occasionally the robots get confused, you know how it is
<tl> what is this i don't even...
<clp> Here now.
<aleecia> zakim who is on the call
<aleecia> zamik, who is here
<aleecia> (this is why I should never scribe :-)
<alex> mute me
<npdoty> Carmen, I can help with the syntax, thanks for your help
<npdoty> scribenick: CarmenBalber
<WileyS> Dial # again?
next week no call
<aleecia> thank you david!
mattias: agenda, comments on minutes?
mattias: action items
<jmayer> hey carmen, when you have a subsequent line by the same speaker, convention is to start it with "... " - easiest if you just copy + paste
DNT compliance proposals - Aleecia?
Aleecia: working on it
<trackbot> ACTION-16 -- Thomas Lowenthal to update mandatory response header proposal to acknowledge caching concerns -- due 2011-10-17 -- OPEN
Tom: not done
<aleecia> (before f2f meeting?)
Tom seems to be lost
<npdoty> tl, we can't hear you
<tl> yes, friday, this week, before the f2f
<JohnSimpson> Looks like he's gone
<trackbot> ACTION-17 -- Shane Wiley to write a concrete proposal re 3rd party response. -- due 2011-10-26 -- OPEN
Mattias: Tom please send new due date
Tom: before end of week
<npdoty> ACTION-16 due 10/30
<trackbot> ACTION-16 Update mandatory response header proposal to acknowledge caching concerns due date now 10/30
<trackbot> ACTION-18 -- Jonathan Mayer to write a summary of options for how 1st parties hear 3rd party status by tuesday -- due 2011-10-26 -- OPEN
<aleecia> (Tom, please update the date (click the pencil icon to edit))
Jonathan: sent to list
<npdoty> close ACTION-18
<trackbot> ACTION-18 Write a summary of options for how 1st parties hear 3rd party status by tuesday closed
<trackbot> ACTION-20 -- Peter Eckersley to write an option for how first parties set third party DNT status in an observable way -- due 2011-10-26 -- OPEN
<npdoty> pde, are you on the phone?
Peter not yet on call, Mattias sending reminder
<trackbot> ACTION-21 -- Jonathan Mayer to writes up a third party interaction bit for the doc -- due 2011-10-26 -- OPEN
Jonathan: Action 21- sent to list
<npdoty> close ACTION-21
<trackbot> ACTION-21 Writes up a third party interaction bit for the doc closed
Mattias: Santa Clara agenda
<JohnSimpson> Agenda looks good to me
Aleecia: expect slight time
changes, email to list re self-hosted dinner
... dinner is Monday night
Mattias: discuss strawman docs
<aleecia> (If you have meta questions put 'em in IRC rather than speaking if you would, please. With 40+ if we all speak it once it gets hard)
issue management, general feedback, if issues off track etc
scribe: consider issues under review, postpone or other action
Roy: sections on general intro,
determining user preference, what browser needs to do
... request context, how server should respond, selective opt-in auditing, determining 1st party role
<tl> zakim mute me
Roy: Intro - look for things we
should or shouldn't be standardizing
... skip notations, determining user preference issues we haven't discussed
<npdoty> Introduction not normative, but a motivating section, so feel free to send feedback to fielding
<tl> zakim unmute me
Mattias: discussion on issues in 1st section - Issue 13, propose postponing
Roy: answered this - don't need to resolve
Mattias: move to under review
<JohnSimpson> Sounds good
<aleecia> (but Nick's right: that was Shane Wiley)
Roy: requirements only kick in if allow you to browse web
WileyS: does lang dist single vs cross-site? yes
<dsinger_> I think it is more that that app does not need DNT rather than comply,
Mattias: under review, freeze for
time, decide to close later
... Issue 4?
tl: 4, 40, 68 out of scope for working group, 64 appropriate for compliance doc
<trackbot> ISSUE-64 -- How does preference management work with DNT -- raised
<NinjaMarnau> I don't agree with issue 4 being out of scope
<trackbot> ISSUE-4 -- What is the default for DNT in client configuration (opt-in or opt-out)? -- open
<justin> Agree, out of scope
Mattias: Tom says 4 out of scope be/c user agent related
<schunter> FOCUS on ISSUE-4 first.
Aleecia: in boston talked about if DNT shoudl be default, recollection that agreement was one of the few things out of scope
<WileyS> +1 - agree with Aleecia (although I'd love for us all to agree to a default of "off")
dsinger: don't see how default can be anything other than status quo before we issue spec - out of our scope
fielding: disagree that's out of scope
<schunter> ? is Roy Fielding
<aleecia> So for how it *could* be something other than right now: all browsers send 1 or 0 unless the users set it. That would decide if it's opt in or opt out.
Roy: obviously in scope for protocol to say whether you send header or not
<dsriedel> Could just be empty, no? Leave the DNT:<empty>.
<aleecia> Yes: don't need to send anything
Mattias: see your point, let's
leave open, your point is you have to know what to send
... if install browser, does it always send DNT1 or DNT0
<jmayer> see our ietf draft for a formalization of the idea
<jmayer> the DNT: 0 state != the no DNT state
<dsinger_> Yes. We DO need to document what no DNT request means, even if we say it means little.
<aleecia> jmayer, agree fully
Tom: defining user interface component,that's not part ofthe protocol - defined by Sec. 1.2 out of scope of the charter
Mattias: Roy's point - need to explain how user preference linked w/field
<fielding> "While guidelines that define the user experience or user interface may be useful (and within scope), the Working Group will not specify the exact presentation to the user."
tl: define the definition, then user agent express user preferences, no need for us to additionally describe what user should do
<dsriedel> so issue-4 postponed?
<jmayer> to clarify my position, i agree with aleecia that we shouldn't define the default because of surrounding political decisions - but i don't think defining a default would be out of scope
<schunter> Aleecia: Turning on sends 1
Aleecia: if user turns on DNT send 1, turns off DNT send 0, if no decision then don't send anything
<schunter> Turning off sends 0
<schunter> Doing nothing sends nothing
Aleecia: jurisdictional, see no header don't know user choice - in US don't honor DNT, in a country that decides default is DNT, then honor DNT
<jmayer> a minor point on ui - if we have a dnt: 0 state, that should probably be a separate checkbox
<fielding> yes, what Aleecia said is what I think should be in the spec.
<npdoty> +1 to Aleecia
<ksmith> +1 to Aleecia
<jmayer> check/uncheck dnt = DNT: 0 would be a really bad ui
<aleecia> zakim mute me
<npdoty> we could define that DNT should mean a particular choice from a user, but not define the jurisdictional issue of what the default response should be
<aleecia> ACTION: aleecia to write up proposal for issue-4 based on what we discussed in boston due tomorrow [recorded in http://www.w3.org/2011/10/26-dnt-minutes.html#action01]
<trackbot> Created ACTION-22 - Write up proposal for issue-4 based on what we discussed in boston due tomorrow [on Aleecia McDonald - due 2011-11-02].
Mattias: Issue 40 - enable for session or permanent, I suggest out of scope bec difference user agents can handle differently
<trackbot> ISSUE-40 -- Enable Do Not Track just for a session, rather than being stored -- raised
<WileyS> Agreed - out of scope - a web browser UI decision
Mattias: move as out of scope
David: not sure I disagree, but
proposal elsewhere re deleting prior history, if user sets 1
session DNT is there a conflict?
... does user intend to delete history or just prevent tracking during that session
Mattias: my understanding just this session
<tl> ACTION: tl to write explanation of why ISSUE-4 is an out-of-scope user interface matter by friday. [recorded in http://www.w3.org/2011/10/26-dnt-minutes.html#action02]
<trackbot> Created ACTION-23 - Write explanation of why ISSUE-4 is an out-of-scope user interface matter by friday. [on Thomas Lowenthal - due 2011-11-02].
david: if per-session DNT signal may not effect prior browsing history
Mattias: different issue, issue 40 out of scope
<trackbot> ISSUE-64 -- How does preference management work with DNT -- raised
Roy?: re setting preferences on websites, for example choosing a language on a site
<aleecia> please add yourself to the queue rather than just speaking
<trackbot> ISSUE-64 -- How does preference management work with DNT -- raised
Charles: section d at end out of scope or proposed issues should remain in document with descriptions of why
<fielding> in appendix D
Mattias: good idea, appendix of closed etc issues with rationale
Roy: could Tom edit description of issue
Tom: does describe what it's
about, title is how pref mgmt work w/dnt - as eample w/dnt on
then choose preference, what's the implication, does site have
to get opt-in to set cookie
... clear, doesn't need modification
<schunter> I suggested an update
<fielding> we can copy note from ifette into the Description field of issue
Wiley: how does site management interact w/dnt, preference management is confusing
<trackbot> ISSUE-68 -- Should there be functionality for syncing preferences about tracking across different browsers? -- raised
Mattias: issue 68 - impression to say user agent and out of scope
<dsinger> can't think why this is in scope
Mattias: out of scope
... timeout for this doc
... could send proposals to mailing list to see if there's consensus, thoughts?
... want to leave time for second doc, suggest continue in this mode but will send proposals to mailing list
dsinger: not concerned w/issued
ID'd so far, more concerned we failed to identify issues
... focus for moment on making sure all the issues are on the table
Mattias: agree as long as new issues in scope
Mattias: preference expression
interest header is ?, but ongoing open discussion on response
... still looking for arguments why a ? doesn't do the job (sorry, didn't catch phrase - Carmen)
<aleecia> (Tom, you still want to be in queue?)
<schunter> well known URI that contains a file that says to what extent a site follows DNT.
Roy: html DOM interfaces copied from Microsoft, not sure what other browsers implemented, browser cos please review
<jmayer> there's a non-standard dom property in firefox now, i think the same approach
<jmayer> but it may go away
mattias: final words on tracking preference spec?
Clay: how many issues to list?
Mattias: hope not many be/c most open
aleecia: start w/her email
summary from 1am
... first: globally discussion re consumers vs citizens vs users - terminology
<fielding> matthias, please do one issue per mail so that tracker keeps them organized.
aleecia: best bet users and people, avoid consumers and citizens
<justin> I'm fine with users/people, but I don't think we should spend a lot of time on this.
tom: agree, non-normative language
<WileyS> Agree with Justin
Aleecia: anyone disagree?
<NinjaMarnau> im fine with it
<scribe> ... closed
UNKNOWN_SPEAKER: phrase 'behavioral tracking' v 'tracking' - redundant?
UNKNOWN_SPEAKER: suggest use "behavioral tracking", thoughts?
jonathan: concern that behavioral has a connotatio that profiling is happening
<WileyS> How about "Historical"?
jonathan: many of the proposals don't include a profiling requirement, may be confusing
<WileyS> Historical Tracking?
Al: good point
charles: might want to use a word
that isn't already associated with a connotation, historical is
... need a glossary
<karl> tracking should be fine if well defined.
<amyc> passive tracking
tom: behavioral tracking might be inconsistent w/definitions, defer until definitions are more precise
<WileyS> If we're going to come back to this, then suggest staying with "behavioral tracking" for now
john: behavioral tracking is a
subset of tracking
... might mean something broader
?: pros and cons, behavioral more closely hues to initial issue we wanted to solve, stay with behavioral now then consider modifying later
aleecia: may use different term later, note controversy and move on
<aleecia> ach karl
karl: behavioral tracking - don't have shared understanding of meaning
david: adjective before tracking opens can of worms - 'my kind of tracking should be exempt
aleecia: ongoing issue
<dsinger> …or rather 'my kind of tracking is not XXX tracking, and it's XXX tracking that is controlled by this specification'
aleecia: Sec 2.1 - does internet
require exchange of data across servers?
... at very least IP address is going out, but not sure this is a big issue
... suggest leave as is
... Sec 2.1 doesn't address what people are concerned about, can flesh out section more but not problem moving forward
<justin> Yes, Intro and Scope are bare bones at the moment --- we wanted to focus on the substantive provisions/.
aleecia: Sec 3.2 if 3rd party
anybody but 1st party, then users are 3rd parties.
... open question if 1st and 3rd parties should be what we're defining
tom: mostly definitional, user is
... raise issue and discuss on list, potentially contentious
aleecia: current def of 1st, users 2nd, 3rd parties are anything but 1st or 2nd
<karl> we have to define what is a "party". In the sense that it is not a domain name, but the technology is based on domain names
david: can define 1st party but not useful - site user thinks they're interacting with, but server or user agent can't work out what that is
aleecia: may have 1st party def that's not technically enforced, for example idea that things have common branding
<karl> domain names and businesses are orthogonal.
aleecia: example IBM owns lotus,
and everyone understands this
... can have spec that's still one party based on user understanding
<amyc> parties are collecting info, users are providing info
mattias: not big deal that you
can't determine 1st party technically
... constraints on 3rd parties are stronger, question is how does ibm tell lotus it can drop the constraints be/c in certain cases it's a 1st party
... if interacting w/site it's a 1st party and if not 3rd party
aleecia: mattias take as action item for friday?
<aleecia> ach karl
<Zakim> karl, you wanted to ask about the disconnect between the policy and the technology
<aleecia> ACTION: mattias to write 1st v. 3rd party on basis of interaction by friday [recorded in http://www.w3.org/2011/10/26-dnt-minutes.html#action03]
<trackbot> Sorry, couldn't find user - mattias
karl: if can't tie meaning to
technical specs then we can't implement
... things can achieve w/DNT header won't make sense for users, users lose trust in browser, system
aleecia: won't resolve now, tom did you want to propose resolving by defining user as 2nd party?
tom: can write up but doesn't resolve
aleecia: make suggestions about 1st/3rd party distinctions to mailing list, editors please incorporate into document
justin: most controversial - common branding or corporate entity rule, would like more argument on which we should choose
jonathan: 3 options, common branding, business entities/affiliates, we at stanford use a reasonable expectations definition
<karl> typically and at the Web architecture level. Because domain names are different from business entities. Then how do we define on the Web that two URIs belong to the same business.
aleecia: common branding and reasonable expectations aren't the same, flesh out the distinction
tom: another approach same origin policy
<justin> Yeah, common branding is designed to get to reasonable expectations, but if you could flesh out your idea more in listserv, that would be helpful.
<jmayer> i'll take it
<karl> tl, do you mean CORS?
aleecia: jonathan taking action, try to do by friday
<fielding> we can't expand the meaning of same-origin -- it is used to secure sites (meaning they can't include same-branded user forums, etc.)
<tl> karl, i mean "anything not on the domain in the user's address bar is a 3p"
aleecia: next, attempts to define consent, ask editors to add the discussion to the document
<karl> tl, hmm what about businesses sharing the same domain name?
,,, moving on, Sec 4.2, intermediary compliance, also discussing with issue 4 - idea that user agent shouldn't state DNT for you if you don't have one, probably also ISP and other parties
<justin> I took this from Jonathan's IETF draft --- Jonathan, do you want to defend?
scribe: only send what user expresses, must send what user expresses
<justin> Or maybe it was from somewhere else . . .
<jmayer> ACTION: jmayer to sketch four approaches to 1p vs. 3p distinction due friday [recorded in http://www.w3.org/2011/10/26-dnt-minutes.html#action04]
<trackbot> Created ACTION-25 - Sketch four approaches to 1p vs. 3p distinction due friday [on Jonathan Mayer - due 2011-11-02].
tom: don't like that wording, user agent's responsibility to send DNT signal but should instead be ?
aleecia: will take a stab at text, please comment on that
david: can argue for browser that sets DNT aggressively - user bought browser be/c DNT is aggressive, not sure should outlaw those models
<jmayer> justin, the branding and expectations definitions are close, but not the same
aleecia: installed is now a proxy for choosing DNT, as long as users understand that's what they're choosing
<jmayer> i think ACTION-25 will help distill the four options and expose their corner cases
aleecia: but discussion is more around, for example, an ISPs inserting itself when user hasn't made an affirmative choice
dwainberg: agree w/concern about problem, think out of scope to dictate requirements on what intermediaries might do, propose moving to technical if necessary
jmayer: should have issue re what intermediaries have to do, unambiguously within scope
aleecia: will send proposal to
... Sec 6.1 - proposal to drop issue 93, in scope, propose come back to discussion, having issue there doesn't imply a decision, note a lot of discussion
shane: be able to set a better structure for the conversation?
<justin> 3 positions?
aleecia: can capture some of what those issues are, editors can take first pass then refine from there
<WileyS> Out of Scope, Publishers should be able to modify service if user turns on DNT, Publishers should NOT be able to modify their service if user turns on DNT
<WileyS> Other positions at a high-level?
<justin> Right, thanks.
<jmayer> just to clarify wileys, the second two options include the view that this is in scope
aleecia: moving on, Sec 6.2 is interaction w/ other mechanisms in scope, I think so
<WileyS> Yes - options 2 & 3 argue this is in scope and then take a position
Tom: clarification - who does ? represent
<Frank> if a publisher honors DNT, they ARE modifying the service they are providing to users. For example, not serving ads targeted to the users interest IS modifying the service.
<WileyS> I believe you (jmayer) and I agree on Option 2 and I'm curious why anyone would disagree with that
<jmayer> Frank, I think the issue's about intentional degradation, not any change to service
<jmayer> WileyS, I understand the arguments for the other two options
<WileyS> To Frank - I believe what we mean by "Service" here is the content level service - meaning a publisher could modify the depth or breath of user access if they turn on DNT and do not allow an exception.
aleecia: again will ask editors to note discussion and options
<jmayer> WileyS, I think it would (or should) cover non-content stuff, e.g. flashing more ads
justin: question re process - if want something in document, please get to us within 24 hours
<jmayer> (which, again, I think we agree publishers should be able to do)
<WileyS> Agreed - that's fair - to make up the CPM loss from OBA ads a publisher could simply show more ads (argh)
aleecia: yes, need text by thursday or won't get into doc
<tl> i can't do in 24h
aleecia: if you have action and cant do let us know
<justin> I can handle explaining how the user is a second party
Tom: my action comments on
insufficiency of well-known uri, review desc. of dom interface,
explain how user is 2nd party, one missing (and another Carmen
... could finish by tomorrow afternoon but not am
aleecia: user 2nd party and comments on issue 4 we can take from you, can you take other two by noon?
mattias: all assume editors will continue editing documents
aleecia: will be a point where document is frozen so all talking about same doc monday morning
charles: will mtg have call-in
aleecia: yes, also scribed in irc
mattias: would like to allow editors to continue working on doc after frozen
... text quickly to editors, frozen on thursday night
<schunter> One approach for freezing is to post copies like spec-2011-11-26.html that contain a frozen version.
<tl> aleecia, do you have any time right now?
<JohnSimpson> Bye Bye
<aleecia> Sorry, no - heading to my next call
<tl> have fun!
<aleecia> back-to-back fun
<tl> no, this conference goes on and on, and i need some basics: time to eat, sleep, do my wg actions...
<aleecia> if you need no more than 5 minutes, can call me Right Now
<aleecia> (other call starting late)
<tl> no, want longer debrief
<aleecia> ok, sorry
<tl> any time tomorrow?
<aleecia> can do later in the week
<aleecia> yes - sort of
<tl> how about friday?
<aleecia> let's figure out by email, tomorrow gets complicated
<aleecia> Friday: wide open.
<tl> i'll send you an invite
This is scribe.perl Revision: 1.136 of Date: 2011/05/12 12:01:43 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/?:/WileyS:/ Succeeded: s/?:/tl:/ Succeeded: s/?:/fielding:/ Succeeded: s/jmayer:/jmayer,/ Succeeded: s/define/tl: define/ Succeeded: s/?/WileyS/ Found ScribeNick: CarmenBalber Inferring Scribes: CarmenBalber Default Present: aleecia, tl, dsriedel, Frank_BlueCava, kevint, ninja, dwainberg, [IBM_Watson], fielding, +1.650.862.aaaa, +1.916.641.aabb, +1.310.392.aacc, Heffernen, ChuckCurran, alex, npdoty, Justin, efelten, Chris, dsinger, +385221aadd, Carmen, Patty, PederMagee, +1.508.655.aaee, JKaran, JohnSimpson, Sean, Joanne, clay_opa_cbs, HenryGoldstein, jmayer, +1.202.263.aaff, karl, AmyC, adrianba, WileyS, BrianTs, [Microsoft] Present: aleecia tl dsriedel Frank_BlueCava kevint ninja dwainberg [IBM_Watson] fielding +1.650.862.aaaa +1.916.641.aabb +1.310.392.aacc Heffernen ChuckCurran alex npdoty Justin efelten Chris dsinger +385221aadd Carmen Patty PederMagee +1.508.655.aaee JKaran JohnSimpson Sean Joanne clay_opa_cbs HenryGoldstein jmayer +1.202.263.aaff karl AmyC adrianba WileyS BrianTs [Microsoft] Agenda: http://lists.w3.org/Archives/Public/public-tracking/2011Oct/0195.html Found Date: 26 Oct 2011 Guessing minutes URL: http://www.w3.org/2011/10/26-dnt-minutes.html People with action items: aleecia jmayer mattias tl[End of scribe.perl diagnostic output]