IRC log of dnt on 2011-11-01

Timestamps are in UTC.

15:53:20 [RRSAgent]
RRSAgent has joined #dnt
15:53:20 [RRSAgent]
logging to
15:53:22 [trackbot]
RRSAgent, make logs world
15:53:22 [Zakim]
Zakim has joined #dnt
15:53:24 [trackbot]
Zakim, this will be
15:53:24 [Zakim]
I don't understand 'this will be', trackbot
15:53:24 [hwest]
hwest has joined #dnt
15:53:25 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
15:53:25 [trackbot]
Date: 01 November 2011
15:53:29 [npdoty]
Zakim, this is dnt
15:53:29 [Zakim]
npdoty, Team_(dnt)16:00Z is already associated with an irc channel; use 'move dnt to here' if you mean to reassociate the channel
15:53:36 [npdoty]
Zakim, move dnt to here
15:53:37 [Zakim]
ok, npdoty; that matches Team_(dnt)16:00Z
15:54:06 [npdoty]
Chair: Matthias Schunter and Aleecia McDonald
15:54:33 [Zakim]
+ +1.631.223.aaaa
15:54:44 [npdoty]
15:54:57 [npdoty]
if you're on IRC and call in, please let us know who you are
15:55:06 [hwest1]
hwest1 has joined #dnt
15:56:08 [eberkower]
eberkower has joined #dnt
15:57:43 [rigo]
rigo has joined #dnt
15:58:20 [lgombos]
lgombos has joined #dnt
15:59:13 [hwest]
hwest has joined #dnt
15:59:54 [Vincent]
Vincent has joined #dnt
16:00:02 [npdoty]
Zakim, mute aaaa
16:00:02 [Zakim]
+1.631.223.aaaa should now be muted
16:00:12 [npdoty]
Zakim, unmute aaaa
16:00:12 [Zakim]
+1.631.223.aaaa should no longer be muted
16:00:30 [npdoty]
Zakim, mute aaaa
16:00:30 [Zakim]
+1.631.223.aaaa should now be muted
16:00:55 [Zakim]
16:01:13 [npdoty]
scribenick: npdoty
16:01:14 [Joanne]
Joanne has joined #DNT
16:01:16 [npdoty]
Topic: Introductions
16:01:25 [npdoty]
schunter: very productive discussion yesterday, made some progress
16:01:38 [suegl]
suegl has joined #dnt
16:01:42 [npdoty]
… we'll walk you through the changes we made to the specs since yesterday
16:01:42 [Zakim]
16:01:57 [npdoty]
… then Tracking Selection Lists
16:02:06 [npdoty]
… then discussion of issues for the Tracking Preference Expression
16:02:14 [npdoty]
… lunch
16:02:18 [alex]
alex has joined #dnt
16:02:34 [efelten]
efelten has joined #dnt
16:02:37 [ifette]
ifette has joined #dnt
16:02:38 [npdoty]
… discussion of issues for the Tracking Selection List
16:02:46 [ifette]
ScribeNick: ifette
16:02:49 [npdoty]
… and some planning
16:02:57 [ifette]
ScribeNick: npdoty
16:03:21 [vincent]
vincent has joined #dnt
16:04:08 [Ninja]
Ninja has joined #dnt
16:04:11 [WileyS]
WileyS has joined #DNT
16:04:17 [aleecia]
aleecia has joined #dnt
16:04:21 [npdoty]
choosing scribes by counting off :)
16:04:25 [ifette]
ScribeNick: ifette
16:04:35 [ifette]
TOPIC: Chair's Welcome
16:04:45 [fielding]
fielding has joined #dnt
16:05:03 [ifette]
Matthias: yesterday was focus on compliance spec, today will be going through details of TSLs and TPE
16:05:04 [alex__]
alex__ has joined #dnt
16:05:12 [Frank]
Frank has joined #DNT
16:05:19 [ifette]
... first session, Aleecia will walk us through changes to compliance doc
16:05:26 [Kai]
Kai has joined #dnt
16:05:48 [dwainberg]
dwainberg has joined #dnt
16:05:48 [Adam]
Adam has joined #dnt
16:06:58 [ifette]
... big question is to find what blocks us from moving to FPWD. Want to move to FPWD with this document, make sure there's nothing the editors slipped in that is objectionable
16:07:04 [KevinT]
KevinT has joined #dnt
16:07:09 [ifette]
... Aleecia reads diffs from the doc.
16:07:34 [npdoty]
16:09:25 [Frankie]
Frankie has joined #dnt
16:11:43 [johnsimpson]
johnsimpson has joined #dnt
16:11:54 [efelten]
efelten has joined #dnt
16:12:15 [ifette]
John Simpson: Some ISSUES aren't labeled with numbers, will the spec be updated?
16:12:17 [ifette]
Aleecia: yes
16:12:20 [ifette]
... continues reading diff
16:12:24 [vincent]
vincent has joined #dnt
16:13:55 [enewland]
enewland has joined #dnt
16:14:19 [howard]
howard has joined #dnt
16:14:51 [chuck]
chuck has joined #dnt
16:14:52 [paddyu]
paddyu has joined #dnt
16:15:49 [paddyu]
paddyu has joined #dnt
16:16:05 [ifette]
RESOLUTION: move spec to FPWD
16:16:35 [npdoty]
< many hands raised for comfortable, no objections, a couple abstentions >
16:17:19 [tlr]
tlr has joined #dnt
16:17:40 [henryg]
henryg has joined #dnt
16:18:05 [ifette]
Matthias: Will go over changes for TPE document
16:18:14 [johnsimpson_]
johnsimpson_ has joined #dnt
16:18:30 [paddyu]
It's really hard to hear over the phone, can each speaker use the microphone?
16:18:47 [eberkower]
eberkower has joined #dnt
16:19:17 [Joanne]
Joanne has joined #DNT
16:19:18 [npdoty]
the diff that Roy pointed to is here
16:20:13 [schunter1]
schunter1 has joined #dnt
16:20:50 [tl]
tl has joined #dnt
16:21:35 [ifette]
ifette: are we using "exemptions" or "exceptions" in a consistent manner?
16:21:46 [ifette]
Roy: you set up exceptions on the client side, and then later we can talk about server-side exemptions
16:21:52 [ifette]
Heather: in that case it's not consistent between documents
16:22:12 [ifette]
Roy: yes, there's some semantic confusion
16:22:17 [ifette]
... in the spec it will be "exceptions"
16:22:42 [ifette]
Matthias: continues reading, points out more exemptions/exceptions
16:23:27 [fielding]
New diff:
16:24:14 [Zakim]
16:24:18 [jmayer]
jmayer has joined #dnt
16:24:28 [ifette]
Nick: still confused on exceptions/exemptions
16:24:35 [ifette]
Roy: When a party has an exemption, they don't have to do X
16:24:40 [ifette]
16:24:53 [ifette]
Roy: if a user has given an exception to its requirements, the user has granted that exception
16:25:31 [ifette]
Aleecia: One is a category, e.g. security
16:25:32 [Mike]
Mike has joined #dnt
16:25:38 [ifette]
... the other is the user opting back in to something
16:26:08 [ifette]
dsinger: not sure the terminology is appropriate, the thought that they become exempt from compliance seems odd
16:26:27 [ifette]
Tom Lowenthal: Agree with david but there's a twist. They are exempt from the general requirement that you must do X when Y
16:26:34 [ifette]
16:26:47 [ifette]
dsinger: Exception to the general rule, but must comply with the rest
16:26:53 [ifette]
Roy: Currently it's all "exception"
16:27:21 [ifette]
Roy: Continues reading from Section 3
16:27:26 [WileyS]
WileyS has joined #DNT
16:28:12 [npdoty]
we do use "exemption" a couple of times in the compliance spec, in describing categories with lessened requirements
16:29:06 [hwest]
I don't think that we use 'exemption' and 'exception' in any sort of organized manner in the compliance spec - I propose that we task us editors with proposing a rationale for using one over the other, and come back to the group with it
16:30:29 [rigo]
how do you want to use exemption and exception in any sort of consistent way if you don't know their meaning in the context of the spec?
16:30:49 [alex]
16:30:59 [alex]
16:31:04 [alex]
16:32:19 [suegl]
16:32:40 [suegl]
I suggest not referencing any specific laws in 5.1.
16:32:46 [ifette]
Rigo: Would prefer 5.1 to reference Section 5.3 of the EU privacy directive
16:32:59 [ifette]
Aleecia: Agree, and rather than "adherence to" say "consideration of"
16:33:02 [suegl]
It's a matter of legal interpretation whether that particular law is relevant
16:33:09 [npdoty]
suegl, can you explain why?
16:33:21 [suegl]
It's not typical to reference specific laws in standards, AFAIK
16:33:21 [aleecia]
Article 5, paragraph 3 of ePriv Directive
16:33:42 [JC]
JC has joined #DNT
16:33:43 [aleecia]
But we are an international standards body
16:33:55 [suegl]
Yes, but we're not an international legal body.
16:34:18 [aleecia]
So we should *consider* what they have done, we're not saying we will do what they have
16:34:35 [aleecia]
(…which we really very much may not want to. But we should at least think about it, IMHO)
16:34:39 [npdoty]
from the charter: "The group will actively engage governmental, industry, academic and advocacy organizations to seek global consensus definitions"
16:34:58 [ifette]
Matthias: Rigo makes a point that it's good to consider these things, would like to leave it in
16:35:01 [ifette]
Roy: Can we poll the group?
16:35:04 [suegl]
I would recommend against providing legal advice in a standard
16:35:14 [ifette]
Karl: Can we put an ISSUE number here?
16:35:44 [enewland_]
enewland_ has joined #dnt
16:35:52 [ifette]
dsinger: don't want anything that would suggest we've done a legal analysis and that by doing X you are covered
16:36:42 [rigo]
sue, I wanted to just express that helping with 5.3 is one of the intentions
16:36:56 [aleecia]
Issue: should we consider applicable laws and regulations, such as the Article 5, paragraph 3 ePriv Dir
16:36:57 [trackbot]
Created ISSUE-98 - Should we consider applicable laws and regulations, such as the Article 5, paragraph 3 ePriv Dir ; please complete additional details at .
16:37:01 [rigo]
consideration, not adherence to
16:37:24 [ifette]
Roy: continues reading section 5.2
16:37:29 [aleecia]
Sue, does this work for you?
16:37:37 [amyc]
amyc has joined #dnt
16:37:44 [aleecia]
We are not trying to claim to be lawyers… but would be foolish to build something that's DOA
16:38:10 [suegl]
Yes, that works. It was "adherence to" that was the problem. Thanks.
16:38:28 [aleecia]
Agreed - thank you
16:38:57 [npdoty]
"no weirder than the rest of the paragraph"
16:39:41 [Joanne]
agree with "consideration" instead of "adherence to"
16:40:08 [ifette]
Roy: Is there anything from yesterday that we've missed?
16:40:10 [ifette]
16:40:29 [ifette]
Matthias: Need to make "Consideration of" instead of "Adherence to", after that, want to get a poll of whether we can move to FPWD
16:40:37 [Zakim]
16:40:53 [ifette]
RESOLUTION: will move to FPWD
16:41:46 [npdoty]
Topic: Tracking Selection Lists
16:41:46 [ifette]
16:42:16 [schunter1]
aleecia: we have not been talking about the third deliverable in the last weeks
16:42:31 [ifette]
ScribeNick: schunter1
16:42:31 [schunter1]
... let us have an update on this
16:42:36 [paddyu]
does anyone have a link to the doc?
16:43:24 [aleecia]
(which doc, Paddy?)
16:43:30 [npdoty]
paddyu, no W3C official doc here yet (that's the topic of discussion), but the Microsoft Member Submission would be relevant
16:43:35 [aleecia]
scribe is schunter1
16:43:47 [schunter1]
Andy and Karl: Introducing racking Selection List¨
16:44:12 [npdoty]
16:44:50 [schunter1]
Andy: Tracking Selection lists allow the users to have control over tracking that is happening
16:46:08 [schunter1]
... consists of allow and block rules. User can have more than one list
16:47:20 [schunter1]
... multiple browsers support content filtering lists, e.g. Truste is a vendor of these lists
16:47:41 [jmayer]
jmayer has joined #dnt
16:48:36 [schunter1]
... goal is to allow users to surf with their tracking selection lists on, we want to create an interoperable format
16:48:48 [rigo]
FrankGerstenmeyer: does it block only tracking or any content?
16:49:09 [schunter1]
Frank: does this block only tracking
16:49:21 [npdoty]
16:49:35 [schunter1]
Andy: It´s basically a file format
16:50:13 [schunter1]
... lists can be specified to specific scenarios
16:50:48 [rigo]
list only blocks third party stuff
16:50:48 [schunter1]
Matthias: What is the effect on an actual site?
16:51:14 [schunter1]
Andy: Site will look the same just without third party content
16:51:27 [rigo]
Shane: it will just block the request
16:51:35 [npdoty]
"third party" in the sense of the same-origin policy, not the "third party" concept we discussed yesterday
16:51:51 [schunter1]
Shane: Why does this use a block or allow mechanism, why not just one
16:52:07 [rigo]
.. .why did you have blacklist and whitelist? Not only black _or_ white
16:52:29 [rigo]
AZ: that's exactly what we want to talk about
16:53:06 [schunter1]
Andy: we wanted to support as many lists as possible, black and white lists
16:53:33 [rigo]
... overwrite blocking with withelist. dissallow site but allow parts of it
16:54:14 [npdoty]
"the DVR of the industry"
16:54:22 [npdoty]
"a really bad ad-blocker"
16:54:52 [schunter1]
Karl shows an actual example
16:55:05 [tlr]
tlr has joined #dnt
16:55:29 [schunter1]
... the first party got blocked in Opera
16:56:14 [npdoty]
"the definition of easy"
16:56:14 [schunter1]
... unblocking needs to enter a list and delete it manually
16:56:41 [schunter1]
... list is searcheable
16:58:14 [schunter1]
Andy: shows easy privacy tracking protection list of i.e.
16:58:33 [schunter1]
... an ad blocking technology
16:58:53 [schunter1]
... content is still there just hidden
16:59:44 [npdoty]
just a comment for the minutes, I think Andy is saying that the EasyPrivacy list example is *not* an ad blocking technology
17:00:27 [schunter1]
Tom: easy list is not the same as ad blocking, easy list is about blocking tracking content of specific kinds
17:00:58 [jmayer]
We did a study of what these lists do:
17:01:02 [schunter1]
thanks Nick, I missed that
17:01:22 [npdoty]
tl: "a general purpose technology"
17:02:02 [schunter1]
Tom: List allows to block certain malicious content very fine grained
17:02:30 [vincent] (rob) based on adblock technology without hiding rules
17:02:36 [fielding]
17:02:49 [vincent] (Rob)
17:03:13 [tl]
tl has joined #dnt
17:03:25 [rigo]
17:03:39 [rigo]
sue, do you still want to talk?
17:03:41 [schunter1]
Aleecia: I wanted to give people the same starting point for these tracking selection. Question on how technoligy works?
17:03:50 [npdoty]
suegl, do you want to type or try to speak up on the speakerphone?
17:04:34 [lgombos_]
lgombos_ has joined #dnt
17:04:54 [schunter1]
Andy: In the New York Times example beakons and invisible content was blocked
17:05:01 [karl]
selective http requests lists
17:05:34 [schunter1]
Matthias: Is this used to show user preferences?
17:05:44 [Frank]
Agree it should be called something other than "tracking selection" as it is more general purpose
17:05:56 [schunter1]
Andy: Anybody can make these lists
17:06:32 [suegl]
17:07:53 [schunter1]
Andy: There are ways to detect for a service provider if specific content is blocked by the user. First Party can see the user enabled and what didnot load
17:08:37 [npdoty]
(that was in response to: Alex: is there any way for the first party to know that an image or other content isn't loaded?)
17:08:42 [schunter1]
Karl: There are users that do not see images. So why does the first pe
17:08:44 [schunter1]
17:09:11 [schunter1]
y... party need to know?
17:09:52 [schunter1]
Dave: You are preventing loading. Preventing tracking is just a side effect
17:10:02 [jmayer]
Graph of TPL effectiveness:
17:10:49 [ifette]
17:10:57 [schunter1]
Shane: Aleecia: We need to discuss if we want to do this?
17:12:02 [schunter1]
Aleecia: Should the working group pick up this topic? We need to find a consensus
17:12:06 [karl]
17:12:32 [efelten]
efelten has joined #dnt
17:12:47 [npdoty]
Shane: the current DOM solution for determining whether content was loaded or not is burdensome
17:13:22 [rigo]
ack fielding
17:13:31 [schunter1]
Matthias: Lists allow browsers to cooperate. For the sake of interoperability but it does not mean that every browser needs to implement it.
17:14:05 [schunter1]
Roy: I disagree with having this in the charter. It is basically Ad Blocking not Tracking Protection
17:14:10 [rigo]
ack ifette
17:14:19 [rigo]
q+ jccannon
17:14:28 [dsinger]
17:14:54 [rigo]
17:14:56 [schunter1]
Ian: The lack of standardisation does not really pose a problem
17:15:11 [rigo]
q+ karl
17:15:26 [alex]
17:15:31 [rigo]
q+ TomL
17:15:58 [ifette]
q+ singer
17:16:07 [ifette]
ack TomL
17:16:09 [rigo]
ack TomL
17:16:13 [rigo]
17:16:19 [rigo]
q =
17:16:21 [rigo]
17:16:42 [rigo]
q- jccannon, dsinger, karl, singer
17:16:46 [schunter1]
Tom: It is one quarter of the charter. The group is required to deliver
17:17:17 [schunter1]
... this is classic standardisation work
17:17:32 [tl]
17:18:21 [WileyS]
17:18:31 [schunter1]
JC: Consumers should be able to whitelist as an exception to dnt
17:18:36 [WileyS]
17:18:37 [rigo]
17:18:48 [eberkower]
eberkower has joined #dnt
17:18:51 [vincent]
vincent has joined #dnt
17:18:53 [efelten]
efelten has joined #dnt
17:19:03 [schunter1]
Dave: this is a hostile move of users to sites
17:19:10 [paddyu]
I vote against including the web tracking protection in the spec
17:19:13 [Joanne]
Joanne has joined #DNT
17:19:30 [schunter1]
... W3C should not say that is generally okay to block content
17:19:53 [Mike]
I vote against including the TPL standard as part of this group's work
17:20:16 [schunter1]
... dnt should be about not needing content blocking any more
17:20:32 [JC]
I feel we are conflating how lists are implemented versus providing lists for granular control
17:21:06 [JC]
Users should have a way to indicate exemptions to the DNT signal
17:21:10 [Mike]
Agree with Dave that W3C should not be supporting standards for blocking broad categories of content, including advertising.
17:21:11 [schunter1]
Karl: developers need standardisation to enable their work.
17:21:35 [WileyS]
17:21:44 [tl]
17:22:11 [vincent]
17:22:25 [schunter1]
Kevin: Filtered URL list might be a more general approach
17:22:43 [schunter1]
John: if it is in the charter we should consider it
17:23:00 [rigo]
ack vincent
17:23:10 [schunter1]
... we need to develop at least a strawman to see how this adds to dnt
17:23:36 [rigo]
ack WileyS
17:24:04 [npdoty]
JohnSimpson: I think a strawman document makes great sense and if we can't develop consensus on that, that would be the time to stop
17:24:29 [schunter1]
Amy: It is not necessarily hostile but offers users a choice (not sure if I got it right)
17:25:44 [schunter1]
Tom: users come first in priority. They are the boss of their browser.
17:26:31 [rigo]
17:27:14 [amyc]
amyc has joined #dnt
17:27:27 [schunter1]
Peter: We know there will be actors who do not respect dnt. Do we want to address these with blocking?
17:27:42 [dsinger]
17:28:36 [schunter1]
Ian: I think the lack of standardisation is not a big issue. Not much work to adapt to all three standards
17:28:37 [pde]
ifette, one thing to note is that in addition to different syntaxes, the semantics of the lists are different
17:29:04 [pde]
ifette, the MSFT spec allows one list to whitelist in a way that overrides any other lists the user has subscribed to
17:29:04 [npdoty]
pde: could be a way to level the playing field for the good actors that respect DNT by enabling users to block bad actors
17:29:26 [pde]
I believe the ABP lists do not work that way
17:29:39 [pde]
(though I'm not 100% sure of that)
17:30:16 [andyzei]
andyzei has joined #dnt
17:30:21 [rigo]
17:30:31 [rigo]
ack dsinger
17:32:07 [schunter1]
Shane: dnt signal turned on allows user a communication with a publisher. If wesupport selection lists (I do not support this) publishers need visibility of user preferences
17:34:01 [schunter1]
Tom: Publishers and users need to have a dialogue. oneside blocking is not the way it should work. But not all parties will play by the rules
17:34:38 [hwest]
Ok, so lots of talk about whether or not this is a good blocker - it is, or it isn't.
17:34:49 [schunter1]
... so there is still a need for the user to block content from prties who do not take part in this fair dialogue
17:34:51 [hwest]
It either blocks ads and other things well, or it doesn't block ads and other things well
17:35:12 [jmayer]
It's an exceptional ad blocker - that's why it's a good tracking blocker.
17:35:22 [rigo]
17:35:36 [hwest]
Right - I think trying to argue that it's a bad ad blocker and a good other things blocker is somewhat misleading
17:36:09 [amyc]
to Tom's point, addressing this issue in this forum would allow input from publishers and ad industry participating in wg
17:36:13 [schunter1]
Frank: User will expect to have the freedom to be tracked or not. Content blocking should not be part of this dnt standard
17:36:18 [jmayer]
The online advertising industry made design choices such that ad content == tracking content.
17:36:25 [Frankie]
Frankie has joined #dnt
17:36:28 [pde]
can I be on the speaker queue without being tracked on Matthias's piece of paper?
17:36:39 [jmayer]
Users don't have any other choice if they want to protect themselves today.
17:37:11 [howard]
howard has left #dnt
17:37:25 [tl]
citation for the priority of constituencies:
17:37:35 [schunter1]
Dave Singer: I did not want to say that users MUST load all content of a site. But I do not want W3C to tell people blocking is okay
17:37:57 [fielding]
FWIW, changing the expression of an online webpage is arguably the same as creating a derivative work. Users can do that for themselves, legally, but I think an organization that publishes such a mechanism for doing it automatically is infringing copyright and should be subject to the legal claims by all copyright owners.
17:38:33 [dsinger]
I am not happy with the W3C saying that it thinks that normal operation of the WWW involves users finding and using "load blocking" lists
17:39:06 [schunter1]
Rigo: What does it mean in term of financial loss. We need to openly talk about the elephant in the room
17:39:11 [vincent]
would a TPL of 1st parties that embed elements from 3rd parties that do not respect DNT make sense and satisfy publishers?
17:39:24 [johnsimpson]
Rigo is exactly right.
17:41:05 [schunter1]
... Ian: Ian: These lists block all major ad networks. so we probably talk about a major sum of money
17:43:04 [schunter1]
Microsoft: we try to do it granularly. Block not all ad content. Standrard would allow for a much higher level of fine grained blocking
17:43:16 [npdoty]
17:43:54 [Frankie]
Why are people blocking ads ? My opinion: because they want not to be tracked, NOT because they will not look at ads....
17:44:18 [lgombos]
lgombos has joined #dnt
17:45:02 [schunter1]
Speed of site loading might be another reason
17:45:27 [KJ]
KJ has joined #dnt
17:46:49 [schunter1]
Ian: If there are too few people it is not worth the effort
17:47:19 [schunter1]
... we are talking about 50.000 probably
17:47:50 [npdoty]
Alex: many of the lists are proprietary content (about malware, etc.) and so companies might not invest in lists if they were publicly published
17:47:56 [tlr]
tlr has joined #dnt
17:48:34 [npdoty]
Aleecia: summary for Ian, either there are too few people for it to be worthwhile or too many that it's a revenue problem, so resolving this question isn't relevant for Ian's support -- Ian agrees.
17:48:43 [dsinger]
on the number of users using it…my concern is that if these blocking lists get popular, legitimate businesses that find themselves adversely affected will take counter-measures. I am not sure where it will end.
17:49:25 [pde]
procedurally, I am curious about whether anyone has been persuaded by this conversation to move from "we should not standardise TPLs" to "we should standardise TPLs"?
17:49:53 [schunter1]
Aleecia: are therer ways we can build this only on the advantages and illiminating the disadvantages we collected?
17:49:55 [karl]
the browser checking TPL if the server replies "no" to DNT?
17:50:31 [karl]
the browser adding to TPL if the server replies "no" to DNT?
17:51:30 [schunter1]
... building just another ad blocker is not good use of our time. Can we just specifically block data transmission?
17:52:09 [schunter1]
... not blocking ads but invisible tracking, still showing the ads
17:53:15 [schunter1]
quick poll: how many people will be satisfied with this approach: about half the room
17:54:07 [schunter1]
Shane: it illiminates the economic value of ads
17:54:21 [Zakim]
- +1.631.223.aaaa
17:55:07 [npdoty]
17:55:21 [schunter1]
Aleecia: we have a disagrrement in the room. split in half. we will continue to discuss this
17:55:54 [Zakim]
17:55:57 [schunter1]
Nick Doty, thank you. I am fighting the English keyboard
17:56:25 [henryg]
henryg has joined #dnt
17:56:46 [pde]
it isn't clear to me that we should come back to TPLs unless we see movement from those opposed towards wanting to standardise
17:57:40 [schunter1]
Roy: Dave: we should stick to work on privacy. The list is a much broader issue
17:57:43 [karl]
action item to bring it to TAG?
17:57:43 [trackbot]
Sorry, couldn't find user - item
17:57:55 [karl]
do we want an action item to bring it to TAG?
17:59:15 [pde]
tl, clearly the group members reason for opposing standardisation is not about standardisation, but about wanting to deny assistance to the underlying practice of content blocking
17:59:25 [fielding]
fielding has joined #dnt
17:59:39 [Zakim]
17:59:42 [Zakim]
18:00:11 [howard]
howard has joined #dnt
18:01:01 [Zakim]
18:01:47 [sidstamm]
sidstamm has joined #dnt
18:07:39 [Kai]
Kai has joined #dnt
18:08:22 [Josh_Soref]
Josh_Soref has joined #dnt
18:18:02 [Zakim]
18:18:32 [enewland]
enewland has joined #dnt
18:20:18 [enewland]
enewland has joined #dnt
18:22:22 [sidstamm]
sidstamm has joined #dnt
18:22:33 [sidstamm_]
sidstamm_ has joined #dnt
18:23:03 [vincent]
vincent has joined #dnt
18:24:57 [Zakim]
+ +1.631.223.aabb
18:27:16 [Zakim]
18:27:56 [Lia]
Lia has joined #dnt
18:27:56 [Frankie]
Frankie has joined #dnt
18:28:02 [suegl]
suegl has joined #dnt
18:28:51 [fielding]
fielding has joined #dnt
18:29:05 [Zakim]
18:29:26 [fielding]
18:29:55 [fielding]
Peter Eckersley on fingerprinting browsers
18:30:34 [alex__]
alex__ has joined #dnt
18:32:16 [Josh_Soref]
RRSAgent, draft minutes
18:32:16 [RRSAgent]
I have made the request to generate Josh_Soref
18:34:31 [aleecia]
panopticlick.eff to see if your browser is unique
18:34:44 [aleecia]
DNT's minutes are public, Josh
18:34:54 [aleecia]
At the very least after they're cleaned up...
18:37:08 [aleecia]
IPv6 has MAC address for most OSes
18:37:37 [aleecia]
Peter's full paper is available, we can ask him for slides too
18:38:04 [Zakim]
+ +1.202.656.aacc
18:38:27 [npdoty]
npdoty has joined #dnt
18:42:07 [ifette_]
ifette_ has joined #dnt
18:42:21 [fielding]
18:42:42 [fielding]
is the final version to be sent to W3T for publication as FPWD
18:43:21 [henryg]
henryg has joined #dnt
18:43:49 [aleecia]
18:44:26 [aleecia]
Nick has been really good about taking care of that for us, so I admit ignorance on mechanics.
18:45:34 [npdoty]
rrsagent, pointer?
18:45:34 [RRSAgent]
18:45:58 [npdoty]
scribenick: Frank
18:46:12 [Frank]
Will look at blank spots in Tracking Preference Expression document
18:46:14 [npdoty]
Topic: Tracking Preference Expression discussion of new areas
18:46:57 [dwainber_]
dwainber_ has joined #dnt
18:47:37 [amyc]
amyc has joined #dnt
18:48:19 [Frank]
Will discuss what feedback the server provides when DNT 0 or 1 is ent
18:50:07 [Frank]
Will spend 10 minutes discussing goals
18:51:29 [Frank]
Reviewing goals in the document
18:51:40 [PeterM]
PeterM has joined #dnt
18:52:10 [paddyu]
which document frank?
18:52:12 [Adam]
Adam has joined #dnt
18:52:41 [Frank]
Guidance for site specific exceptions - I see you have DNT enabled but I need you to opt-in if you want to access my site
18:53:00 [Zakim]
- +1.202.656.aacc
18:53:59 [ifette_]
ifette_ has joined #dnt
18:54:19 [JC]
JC has joined #DNT
18:54:20 [paddyu]
frank, which document are we looking at?
18:54:58 [npdoty]
18:56:33 [npdoty]
dsinger: the reasons I had in mind were knowing which servers responded to DNT at all, which clause I might fall under from the server's point of view, whether my DNT signal made it to the server at all
18:58:26 [Frank]
swiley: trying to think through how to get through cachable and non-cacheable environments, would have to be URL specific
18:59:05 [Frank]
tom: this needs to be on a per request basis, don't have enough state to tell what's going on
18:59:36 [Frank]
tom: we can have a variant on the header to deal with cached objects
19:00:46 [Frank]
Matthias: feedback should be on a per request basis. User should be able to know if tracking took place
19:00:57 [Zakim]
19:01:17 [Frank]
Matthias: agreement on goals: feedback, auditing, transparency
19:02:01 [npdoty]
in discussing goals, should we also talk about ?
19:02:19 [Frank]
JoshS: concern if you have too much information, will drown the user. If 50 elements on a page, too much info for a user
19:03:14 [schunter]
schunter has joined #dnt
19:03:24 [Josh_Soref]
Present+ JoshS
19:04:00 [Frank]
Thomas: In the charter, UI elements are out of scope. There is a lot of extraction between what browser sends and what it exposes to customer
19:04:21 [npdoty]
19:04:36 [howard]
howard has left #dnt
19:05:09 [Frank]
Matthias: Should we add as a goal consideration of legal and regulatory
19:05:27 [rigo]
rigo has joined #dnt
19:06:07 [Frank]
speaker: UI is out of scope. If I want to make a crappy browser that shows user everything, I am compliant with DNT
19:07:02 [Frank]
DavidW: Must be a balance between usefulness of the information and the cost or providing
19:07:29 [Frank]
Nick: Can someone provide more detail around the goal with respect to legal
19:07:35 [npdoty]
19:08:24 [Frank]
DavidS: If you respond that you honored DNT, I have something from year that says you didn't track, and that is useful.
19:09:30 [Frank]
ifette: On EU regulatory, 5.3 requires some kind of consent from users when cookies are installed.
19:09:43 [npdoty]
19:10:09 [Frank]
speaker: one of goals should be simplicity of implementation on server side.
19:10:43 [npdoty]
19:11:48 [vincent]
users consent means any freely given specific and informed indication of her wishes (Rob)
19:12:21 [Frank]
AlanC: Talking about complying with ePrivacy, doesn't seem like anyone in Europe knows what complying with ePrivacy means - each EU member state still trying to figure it out, so will be hard for this group to work towards
19:13:50 [Frank]
NickD: We should think about enabling usability for the end user. Even if we don't define the UI< we will make decisions that will impact usability
19:15:20 [Frank]
Thomas: disagrees with criteria of usability. We don't need to write a system that understands each transaction. Design a system that enables the agent (browser) to provide useful information to users.
19:15:36 [Josh_Soref] -- The goal of P3P version 1.0 is twofold. First, it allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. Second, it enables Web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may "opt-out" of or "opt-in" to.
19:15:57 [Frank]
Aleecia: Goal is to give browsers enough information so they can do something useful with it.
19:16:18 [Frank]
NickD: we should do things that enable usability
19:17:06 [Frank]
DavidW: there must be some measure of the information that has to be provided to enable good usability.
19:17:24 [Frank]
DavidW: Express fine-grained track/no track is a goal, not a criteria
19:17:53 [Frank]
Matthias: communication efficiency is important
19:19:18 [Frank]
DavidS: Simplicity should be appropriate to the level of tracking that is going. Will be easy for simple sites, more difficult for more complex.
19:19:32 [npdoty]
regarding usability, the CMU report: "Why Johnny Can't Opt Out" published yesterday, may be relevant:
19:20:10 [Frank]
KevinT: Data should flow. Two use cases: 1. could flow to a user through browser, 2. to a compliance tool
19:21:14 [Frank]
Thomas: we need a lot of features in the protocol. Doesn't mean they're all implemented in the browser. Users will want a simple indication, but have ability to drill down, or use third party tools. Take usability out of criteria, and have a sufficiently rich feature set to support desired use cases.
19:22:00 [Frank]
Thomas: The legal regulatory/legal compliance should be a criteria, not a goal.
19:23:08 [Frank]
Matthias: Go through response options
19:23:26 [Frank]
Matthias: 1st option, no response
19:23:48 [JC]
Great session by Aleecia and Matthias
19:23:49 [Frank]
Matthias: well-known location for machine readable policy
19:24:20 [Frank]
Matthias: could be different flavors of policy. Parts of site might, might not honor
19:24:50 [Frank]
Matthias: whether static or dynamic
19:25:21 [Frank]
Matthias: A static header field for machine-readable policy
19:25:40 [Frank]
Roy: similar to previous response
19:26:11 [Frank]
Thomas: can we do a quick straw pole on 1st two options
19:26:31 [Frank]
Matthias: 3rd, static header field stating DNT is on.
19:27:12 [Frank]
Matthias: 4th, dynamic header field indicating that tracking is enabled or disabled for this user (and why).
19:27:32 [Frankie]
Frankie has joined #dnt
19:27:49 [Frank]
DavidS; do the first 3 indicate if I'm tracking you or not?
19:28:18 [npdoty]
19:28:29 [Frank]
Aleecia: the location is static but the status is dynamic
19:29:45 [Josh_Soref]
19:29:48 [Frank]
ChuckC: Is there any human readable element that goes with these expressions?
19:30:23 [Frank]
Matthias: focus is on different options to get information across
19:31:19 [Frank]
Speaker: the list is not clear to me. would love to see what I see
19:32:32 [vincent]
19:32:45 [Frank]
Rigo: well known location has many advantages. Know that site is DNT enabled.
19:33:27 [ifette_]
ifette_ has joined #dnt
19:33:39 [Frank]
Rigo: when you try and distinguish between different policies for different parts of sites, well known location still works, but the file that describes gets complicated.
19:34:40 [Frank]
Matthias: we have four options on the table. After break can discuss other options, will go into more detail on each of four.
19:35:37 [Frank]
Thomas: on dynamic header, sounds useful, but don't know what a user is. We need to narrow down each one a little more before talking about these in more detail.
19:36:07 [Zakim]
19:36:36 [Zakim]
19:37:51 [hwest1]
hwest1 has joined #dnt
19:39:59 [hwest]
hwest has joined #dnt
19:51:28 [aleecia]
aleecia has joined #dnt
19:59:15 [dsinger]
dsinger has joined #dnt
20:00:21 [efelten]
efelten has joined #dnt
20:10:26 [aleecia]
aleecia has joined #dnt
20:14:43 [hwest]
hwest has joined #dnt
20:19:08 [enewland]
enewland has joined #dnt
20:21:28 [alex__]
alex__ has joined #dnt
20:21:33 [efelten]
efelten has joined #dnt
20:23:10 [vincent]
vincent has joined #dnt
20:24:32 [johnsimpson]
johnsimpson has joined #dnt
20:24:34 [Joanne]
Joanne has joined #DNT
20:24:49 [Zakim]
- +1.631.223.aabb
20:26:28 [henryg]
henryg has joined #dnt
20:28:53 [dwainberg]
dwainberg has joined #dnt
20:29:27 [dwainber_]
dwainber_ has joined #dnt
20:30:15 [vincent]
aleecia: Presenting "Track Gap: Policy implications of User Expectations for the 'Do Not track' Internet Privacy Feature
20:30:58 [npdoty]
npdoty has joined #dnt
20:31:09 [sidstamm]
sidstamm has joined #dnt
20:31:18 [fielding]
fielding has joined #dnt
20:31:34 [sidstamm_]
sidstamm_ has joined #dnt
20:31:43 [karl]
karl has joined #dnt
20:32:08 [amyc]
amyc has joined #dnt
20:32:42 [karl]
karl has joined #dnt
20:33:03 [Zakim]
20:33:22 [suegl]
suegl has joined #dnt
20:33:25 [ifette]
ifette has joined #dnt
20:33:45 [Zakim]
20:34:10 [karl]
q+ to ask how people know what all these technologies mean?
20:34:26 [alex]
alex has joined #dnt
20:35:12 [karl]
-50% expects that the ads clicked tracking will stop
20:35:47 [paddyu]
paddyu has joined #dnt
20:39:01 [karl]
wondering if there are variations of understanding depending on the countries, cultures
20:39:33 [paddyu]
is there a link to this study/research?
20:39:41 [paddyu]
w/r/t widgets
20:40:10 [vincent]
dicussion about Lorry's new paper "Why Johnny Can't Op out"
20:40:34 [tl]
tl has joined #dnt
20:40:46 [vincent]
I know what aleecia presented was published at the princeton workshop
20:41:49 [vincent]
20:41:53 [npdoty]
pilot results presented at Princeton, but this paper has the complete results
20:41:54 [jmayer]
jmayer has joined #dnt
20:42:32 [npdoty]
20:42:49 [npdoty]
ack karl
20:42:49 [Zakim]
karl, you wanted to ask how people know what all these technologies mean?
20:43:05 [vincent]
karl: surprised by the people knowing IP and global level of knowledge
20:43:37 [henryg]
henryg has joined #dnt
20:43:46 [vincent]
aleecia: IP address was explained
20:43:56 [karl]
ahaha tracking following a link from twitter to an article
20:44:11 [karl]
there was this at the end of the uri #.TrAUp3TBAI8.twitter
20:44:44 [npdoty]
the CMU/Lorrie Cranor report I mentioned earlier:
20:45:00 [vincent]
WileyS: in the 1st party context, did you try to use other term ( brand, compay)?
20:45:37 [vincent]
aleecia: 1st vs third party was known from other context (previous study)
20:46:14 [aleecia]
aleecia has joined #dnt
20:46:25 [hwest]
hwest has joined #dnt
20:46:27 [vincent]
Matthias: back to TPE, quesitons about the different options
20:46:43 [Frankie]
Frankie has joined #dnt
20:46:45 [vincent]
... : discuss the different options and then the details
20:47:17 [paddyu]
Can we get a link to the study about first v. third party and user expectations?
20:47:21 [vincent]
...: first, visit , you sent a request with the DNT signal and you get a response
20:47:28 [npdoty]
scribenick: vincent
20:47:48 [Frank]
Frank has joined #DNT
20:48:02 [vincent]
...: the sever does something with DNT as part of his response
20:48:06 [npdoty]
Topic: Tracking Preference Expression continued
20:48:22 [npdoty]
20:49:11 [vincent]
... second option the server send a response with a pointer to DNT
20:49:34 [vincent]
... what kind of information do you want to see at the UA end
20:49:47 [vincent]
karl: are the options exclusive?
20:50:27 [vincent]
Matthias: not exclusive, one might be for the user, the other one might be in machine readable language
20:51:07 [vincent]
tl: in the response I'd like to see
20:51:15 [vincent]
... what the user said
20:51:33 [tlr]
tlr has joined #dnt
20:51:37 [vincent]
... does the server comply
20:51:51 [vincent]
... is the server beliving as a first or third party
20:52:23 [vincent]
.. is the server beliving it's acting as a first or third party
20:53:06 [dsinger]
dsinger has joined #dnt
20:53:16 [fielding]
20:53:32 [rigo]
rigo has joined #dnt
20:53:36 [vincent]
alex: first party vs third party, does it matter?
20:54:12 [howard]
howard has joined #dnt
20:54:16 [vincent]
nina: cant he server know if it's a first or third party ?
20:54:29 [npdoty]
20:54:36 [vincent]
20:55:42 [vincent]
tl: it matters for the user interaction with the server (first party vs third party)
20:57:06 [vincent]
tl: the response from the server could block any futur requests
20:57:29 [vincent]
sid: it
20:59:18 [karl]
karl: the only way the tl case could be working, if the client was making a HEAD and then a GET depending on the HEAD, but that would be costly.
20:59:28 [npdoty]
s/sid: it/sid: the exact function of a paranoid mode is a UI question out of scope, but it's enough to show that it's a possibility/
20:59:29 [vincent]
hwest: ping the URL and then decide if the browser is going to proceed
20:59:58 [npdoty]
s/URL/URL of a well-known location/
21:00:59 [vincent]
tl: one of the element in the response should be the echo of the request
21:01:30 [vincent]
john: user should only care if they have the request
21:01:42 [vincent]
aleecia: you may want to know what it is that you sent
21:02:03 [tl]
to be clear: i can can get the html, see a dnt:101, then refuse to get any of the references, or 1x1 gifs &c
21:05:51 [dsinger]
dsinger has joined #dnt
21:06:16 [vincent]
aleecia: DNT helps restoring user trust, if we want user to click on ads and know that nothing happens to them the ack worthes the cost
21:06:44 [Kai]
Kai has joined #dnt
21:06:53 [KevinT]
KevinT has joined #dnt
21:07:48 [vincent]
WileyS: the reply should be "I saw it and I comply" or "I saw it and I do not comply"
21:09:13 [vincent]
tl: people saying I have an exeption are not saying I'm not complying, it means " I beleive I have an exeption"
21:09:31 [vincent]
fail to capture that exactly
21:11:30 [vincent]
npdoty: the answer would help user to know to which website they opted back in
21:11:56 [npdoty]
amyc: what does the static site policy fail to capture? sites are either compliant or not
21:12:42 [vincent]
dwainber_: what is the cost of all the answer from a website
21:14:39 [vincent]
tl: I request a page and have a elements to download and in the response I see "what the party beleive they are (1st vs third)" and wether or not they comply
21:15:53 [vincent]
dwainber_: the cost is about the cost of the implementation
21:15:59 [karl]
* issues with hotlinking and referer
21:16:11 [karl]
* issues with ssl (no referer)
21:16:20 [vincent]
dwainber_: someone has to store if the user opts back in
21:17:19 [henryg]
henryg has joined #dnt
21:17:21 [vincent]
tl: the cookie stored in the client could be used to store the "Opt-back in"
21:17:32 [Frankie]
Frankie has left #dnt
21:17:41 [Frankie]
Frankie has joined #dnt
21:18:19 [vincent]
... and then the server respond "I see DNT and a opt-back cookie", browser pop up message for confirmation from user
21:19:57 [vincent]
Matthias: where to store the DNT compliance file
21:20:19 [vincent]
... static url: pros and cons?
21:22:34 [vincent]
xxx: expecting a single well known url is to coarse grained for large website
21:22:44 [hober]
21:22:49 [vincent]
21:25:15 [vincent]
dwainber_: one time, one party having different policy for different parts of the website
21:26:01 [vincent]
matthias: for they're would be part respecting DNT before other parts (transition)
21:26:22 [vincent]
... some piece of a website may require DNT for business processes
21:27:05 [vincent]
WileyS: For Yahoo! it'll be different at least when they act as a first or a 3rd party
21:28:06 [vincent]
fielding: when large site do tracking they generally use different domains
21:28:58 [vincent]
aleecia: Exempl: mozilla labs collect data about you, other parts of the website do not
21:29:28 [vincent]
Matthias: now looking at the everything is dynamic solution
21:29:43 [vincent]
... pros and cons
21:29:57 [karl]
I wonder how the DNT works with wikis history.
21:31:04 [vincent]
jmayer: the more dynamic we go, the more we give the browser the ability to enforce the user expection
21:31:55 [vincent]
hwest: cons: the reponse may change according to who request the policy (ex if it comes from the FTC)
21:32:50 [vincent]
... : it'll allow descrimination
21:33:47 [npdoty]
hwest, I'd definitely appreciate more detail on its not being feasible
21:34:08 [ifette]
if you bloat each request by 100 bytes
21:34:13 [ifette]
that will have a huge latency impacy
21:34:27 [ifette]
having a URL in response to each request would be a huge hit
21:34:29 [vincent]
tl: the header is request specific, the well known URI gives lot of specific information but it is not related to the specific request
21:34:39 [karl]
ifette, define "huge" :)
21:34:51 [ifette]
karl, big enough for us not to send it
21:34:51 [npdoty]
ifette, current proposal from tl is a single character -- is that too many bytes?
21:34:58 [ifette]
no, single character is fine
21:35:02 [ifette]
even 2-3 probably ok
21:35:10 [ifette]
but a full URL would be not ok
21:35:34 [hwest]
npdoty, I'll get more information on that for you. It's outside my realm but I have heard very strong opinions on it
21:35:48 [npdoty]
ifette, but there's a number of characters at which point you will refuse on behalf of Google's servers?
21:36:02 [ifette]
npdoty likely on the order of 4+, yes
21:36:25 [vincent]
jmayer: desembiguition between dynamic (there might be some option in what you get back) vs dynamic reponse : the server does have to send a different reponse every time
21:36:43 [npdoty]
21:37:11 [ifette]
what if we had a response that was a string that got appended to a known URL?
21:37:28 [ifette]
e.g. dnt:0;<string> where <string> gets added to /dnt?reason=<string>
21:37:31 [ifette]
or something like that
21:37:50 [ifette]
gives us some flexibility of dynamic url/response
21:37:50 [hober]
ifette: /.well-known/dnt?reason=<string>
21:37:52 [hober]
21:37:57 [ifette]
21:37:57 [npdoty]
so your main complaint is with fielding because he wants to use "Tracking:" instead of "Dnt:"?
21:37:58 [vincent]
tl: three bits in the header and then pointer to the well known URI
21:38:06 [fielding]
field-name + ": " + CRLF + length of field-value
21:38:10 [andyzei]
andyzei has joined #dnt
21:38:27 [henryg]
henryg has joined #dnt
21:38:34 [Frankie]
Frankie has joined #dnt
21:39:52 [ifette]
we prefer shorter header names :)
21:40:24 [vincent]
fielding: on the issue of verification : if the answer change every time it will be hard to verify (for example you can not go to court) it's not recorded
21:41:31 [lgombos]
lgombos has joined #dnt
21:42:32 [vincent]
matthias: the next would be to discuss when the dynamic and static cases could be used
21:42:50 [vincent]
... well nown YRL is limitied and dynamic is costly
21:43:02 [vincent]
21:44:06 [vincent]
aleecia: tl and hwest should write a proposal together
21:44:30 [tl]
ACTION: tom, heather, and ian to propose a header/uri hybrid solution by tuesday
21:44:30 [trackbot]
Sorry, couldn't find user - tom,
21:45:03 [vincent]
matthias: element such as caching should be discuss in more details
21:45:38 [vincent]
... other big piece is "opt-back in"
21:46:05 [npdoty]
ACTION: tl to propose a header/uri hybrid for server responses (with west and ifette)
21:46:05 [trackbot]
Created ACTION-30 - Propose a header/uri hybrid for server responses (with west and ifette) [on Thomas Lowenthal - due 2011-11-08].
21:46:18 [vincent]
... 2 use cases: 1) I have DNT on and visit a website that do no honor DNT
21:46:23 [vincent]
... what the site should do?
21:46:38 [rigo]
I suggest to look into the P3P policy reference file format and well known location:
21:46:40 [rigo]
21:46:53 [vincent]
redirect the user to a website "disbale DNT to come back"
21:47:12 [rigo]
it mainly does the same: distinguish different policies of parts of the sites and third parties
21:47:49 [vincent]
....2) persistence of the opt-back in (in the server or in the client)?
21:48:26 [rigo]
especially OUR-HOST Extension
21:48:42 [vincent]
jmayer: we could use standard stuff like cookies and leave the implementation to the website
21:49:36 [vincent]
dwainber_: if the persitence of cookie can be used to store the opt-back in, why not using them to store the "opt-out"
21:50:41 [vincent]
WileyS: User should be able to see a list of their exception in one place,
21:51:22 [vincent]
... therefore prefer client side solution to cookies
21:51:53 [ifette]
also, the users who care about this are probably also the users who delete cookies
21:51:59 [ifette]
so you don't want to confound the two
21:52:00 [vincent]
tl: cookies are an appropriate method to store opt-in cause if user delete them, they're prompted again
21:52:04 [hwest]
I'm fully in support of the Felten thesis "if you're going to track me, use cookies" - essentially, use somehting that has transparency and tools around it
21:52:14 [hwest]
So that the user understands what's going on.
21:52:45 [hwest]
It seems weird to use tech that would otherwise would not really be supported by privacy folks to track privacy preferences...
21:52:48 [vincent]
fielding: have a standard cookie name for the opt-back in
21:53:29 [ifette]
(fwiw i was referring to using cookies as an opt-out to be somewhat unnatural and strange, cookies for opt-in seems quite natural)
21:53:40 [vincent]
... well defined cookie name, the browser would be able to know which cookies are opt-in cookies
21:54:08 [vincent]
pde: why not using user name and password?
21:54:20 [hwest]
Not all websites have login systems
21:54:25 [ifette]
i don't like the idea of forcing a specific cookie name / syntax
21:54:30 [hwest]
And I wouldn't support shoddy login systems for the sake of an opt
21:54:30 [vincent]
FrankW: interesting to combine DNT with a cookie mechanism
21:54:31 [ifette]
or expecting the browser to treat these cookies separately
21:54:33 [hober]
ifette: me too
21:54:40 [ifette]
it becomes a mess for the browser
21:54:55 [ifette]
do we then show these with the other cookies? Delete them when the user says delete cookies? have separate ui?
21:55:03 [vincent]
... can you imagin to define different cookies, one for personal profile, one for analysis
21:55:04 [pde]
hwest, it's true, but not all sites have opt back ins either
21:55:08 [hober]
ifette: yup.
21:55:13 [ifette]
you're essentially cramming a parallel system into another, and that just asks for problems
21:55:25 [ifette]
they're either cookies, end of story, or they're something else
21:55:28 [ifette]
but please no Frankencookies
21:56:03 [hwest]
We have a lot of tools to do things like persist opt out cookies - I think persisting an opt in cookie should be rather similar, and I think the idea of using existing tech and waiting to see whether we need to enshrine that in standards or whether we can count on sites that need it to figure out how to keep opt ins
21:58:04 [vincent]
npdoty: does the opt-back apply to the visited website or to the third parties which may then track me everywhere
21:58:12 [pde]
hwest, the tools I'm familiar with to persist opt-out cookies are extensions; are there any others?
21:58:33 [ifette]
it's a bit of a hack tbh
21:58:49 [npdoty]
because if I grant tracking while I'm on a particular first party, we probably don't want the first-party special opt-in cookie to be sent to all the third party trackers on that site
21:59:03 [ifette]
i don't really like the idea of cookies with strange rules
21:59:08 [ifette]
either use cookies or use something else
21:59:21 [hwest]
pde, you're right, or standalone programs. Not saying that piece of it is wrong, but fingerprinting the user to persist an opt seems like a bad idea
21:59:25 [rigo]
why don't you send dnt=0 in this case?
21:59:38 [pde]
hwest, I agree :)
21:59:47 [pde]
and to defend the "persist by login" approach...
22:00:03 [eberkower]
Wouldn't the first-party's cookie come from its own domain and not from the various third parties' so that the first-party opt-in cookie wouldn't apply to the 3rd parties' practices
22:00:03 [pde]
it isn't really clear to me when or why users would ever be opting back in without login
22:00:11 [amyc]
do we need to specify technology needed to obtain or recall override?
22:00:37 [vincent]
WileyS: I like the cookie but we need a solution to skip back from the cookie to fingerprinting for some device
22:00:41 [npdoty]
dwainberg: if third-party cookies are blocked, what would that do to this type of cookie?
22:01:05 [npdoty]
amyc, I think we do need to know whether the browser will manage it or the site will manage it
22:01:16 [vincent]
hwest: we should give some example, guidance but not saying "that the way you do it"
22:01:39 [vincent]
pde: why would I opt-back in to a website I do not logged into
22:02:24 [DKA]
DKA has joined #dnt
22:02:35 [hwest]
Paywalls will evolve as will login systems as will all the other pieces of this puzzle - lets assume that it is good to futureproof this by giving guidance but not requiring a given technique
22:02:47 [ifette]
indeed, why do we have to specify how the list is maintained
22:03:03 [vincent]
WileyS: payroll is not the sole option, there is also the solution "you either give us an exemption or you just do not visit our website"
22:03:04 [pde]
I think WileyS just illustrated my point well
22:03:21 [pde]
there are lots of sites today that say "you must log in before you can read this content"
22:03:52 [pde]
and I find the idea that a user can opt-back-in and remain totally anonymous, tenuous
22:04:49 [vincent]
aleecia: login would be too complicated and we need something that goes beyond cookies (user delete them)
22:05:14 [pde]
it seems to me that the best level of non-identification they can hope for is a pseudonym on the site
22:05:19 [ifette]
I think we should just say that user agents maintain a list of things you've opted back in to
22:05:25 [ifette]
and how that is done is left to the implementer
22:05:28 [ifette]
22:05:48 [pde]
ifette, how does the user agent know what to add to that list?
22:05:55 [vincent]
matthias: I send DNT:1 plus some other stuff (login, cookies) which allows the website to ignore DNT:1
22:06:19 [ifette]
pde, could be any number of things, a specific response in the DNT header that triggers UI, a JS call, ...
22:06:23 [vincent]
... other solution the browser send DNT:0
22:06:39 [ifette]
presumably you want some browser confirmation before it starts sending DNT:0, right?
22:06:43 [vincent]
... why don't we consider option B?
22:06:48 [pde]
ifette, that would work yes
22:06:55 [ifette]
so, whatever causes the browser to send DNT:0 could trigger the browser to update its list
22:06:59 [ifette]
however that list is stored
22:07:06 [ifette]
if you still send DNT:1 with a magic cookie, that's a bit wierd
22:07:17 [ifette]
presumably you want to not send DNT:1 if there's an exception the browser is aware of
22:07:25 [vincent]
dwainber_: how does the client gonna know the scope? the server does know the scope
22:07:27 [ifette]
so whatever makes the browser aware of this, can be used to update a list
22:07:50 [ifette]
re scope, good question, but applies either way if you want the user to know what the scope is when they consent
22:07:52 [vincent]
aleecia: DNT:0 is an explicit consent and that's better
22:08:11 [npdoty]
aleecia: getting users to change their DNT to 0 for opt-back-in sounds like consent, which would be useful for various contexts
22:08:12 [pde]
ifette, for one version of the server-side-response semantics of "Tracking: 0", that could be the prompt for the user agent
22:08:13 [ifette]
a magic cookie that the user has no idea what it represents doesn't do a great job at explciit consent
22:08:47 [ifette]
indeed, ideally in my mind something would happen that causes the browser to send 0 on subsequent requests
22:08:52 [ifette]
that way, both parties are clear
22:09:05 [ifette]
as to how you scope that or what triggers it, that's a good question
22:09:22 [ifette]
but just saying "it's a cookie the server interprets" doesn't answer the scope or explicit consent issues either
22:09:33 [ifette]
at any rate, i do apologize but i have to drop off
22:09:33 [pde]
browser chrome is a blessing and a curse
22:09:39 [ifette]
pde indeed
22:10:06 [npdoty]
jmayer: interjecting the user agent can be advantageous, browsers can do a good job making sure users know what decision they're making
22:11:33 [vincent]
john: lot of adavantage for opt-in cookie, it'll maintain the user preference for DNT
22:12:00 [vincent]
... it'll let the site differentiate user preference
22:12:16 [vincent]
... if you delete the cookie you would just send DNT:1
22:13:34 [npdoty]
fielding: I actually prefer B (user-agent-managed) except what about existing user agents that send DNT:1 and wouldn't have this additional functionality?
22:14:15 [vincent]
matthias: is anyone interested in fletching these options
22:14:51 [howard]
howard has joined #dnt
22:14:58 [vincent]
John annd hober take the action point on option B
22:15:12 [vincent]
Andy takes the action point on option A
22:15:24 [npdoty]
ACTION: andyzei to write up a proposal for a user-agent-managed site-specific exception
22:15:24 [trackbot]
Sorry, couldn't find user - andyzei
22:15:25 [Zakim]
22:15:57 [npdoty]
ACTION: zeigler to write up a proposal for a user-agent-managed site-specific exception
22:15:57 [trackbot]
Created ACTION-31 - Write up a proposal for a user-agent-managed site-specific exception [on Andy Zeigler - due 2011-11-08].
22:16:11 [Zakim]
22:16:44 [npdoty]
ACTION: simpson to write up a proposal for a site-managed (via cookie or other mechanism) site-specific exception (with hober)
22:16:44 [trackbot]
Created ACTION-32 - Write up a proposal for a site-managed (via cookie or other mechanism) site-specific exception (with hober) [on John Simpson - due 2011-11-08].
22:17:29 [Frank]
Frank has joined #dnt
22:17:33 [Josh_Soref]
Josh_Soref has left #dnt
22:17:38 [Frank_]
Frank_ has joined #DNT
22:18:38 [Frank_]
Frank_ has joined #DNT
22:23:04 [aleecia]
aleecia has joined #dnt
22:32:43 [Frank]
Frank has joined #DNT
22:49:21 [enewland]
enewland has joined #dnt
22:49:56 [fielding]
fielding has joined #dnt
22:57:18 [npdoty]
npdoty has joined #dnt
22:57:29 [aleecia]
aleecia has joined #dnt
22:59:40 [Zakim]
+ +1.617.320.aadd
23:00:30 [Zakim]
23:00:44 [Julian]
Julian has joined #dnt
23:01:08 [npdoty]
npdoty has joined #dnt
23:01:08 [aleecia]
aleecia has joined #dnt
23:01:15 [Zakim]
23:02:36 [WileyS]
Shane is now scribe
23:03:16 [npdoty]
scribenick: WileyS
23:03:23 [npdoty]
Zakim, who's talking?
23:03:25 [WileyS]
Aleecia: Looking at dates available for the group to meet - week of Jan 16th and Jan 23rd
23:03:33 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: tpac (36%), [Microsoft] (4%)
23:03:54 [WileyS]
Location TBD
23:04:29 [WileyS]
Someplace in Europe (default to Brussels at this time)
23:04:59 [hwest]
hwest has joined #dnt
23:05:45 [WileyS]
Roy has issues with Jan 17 - 19th - need our Editors there
23:05:55 [WileyS]
Looking at the week of Jan 23rd
23:06:10 [npdoty]
will send out a Doodle poll soon
23:06:38 [WileyS]
Aleecia: What happens next? Nothing will be published this week due to TPAC but will occur soon after
23:06:59 [WileyS]
Aleecia: We may receive feedback from Community Groups from these initial drafts
23:07:57 [WileyS]
Aleecia: From the deadlines in the charter we have slipped a month - will update the calendar to reflect this
23:08:09 [Kai]
Kai has joined #dnt
23:08:51 [WileyS]
Tom: 1st public working draft - we'll continue to work in the meantime. The "Last Call Working Draft" will be what we work on in Jan
23:09:11 [WileyS]
Aleecia: Publish LCWD in late Jan/early Feb
23:09:30 [WileyS]
Aleecia: Can see the process and schedule at the web site
23:10:03 [WileyS]
Aleecia: Any questions? (None in the room)
23:10:29 [WileyS]
Aleecia: Weekly calls are still on (not tomorrow) - the mailing list as well
23:10:54 [WileyS]
Aleecia: Okay with mailing list freeform for now but this will become more directed to be more productive as we move forward
23:11:23 [WileyS]
Tom: We have a bunch of issues that are open - how do we close those?
23:11:51 [WileyS]
Aleecia: These will be addressed over time (some may be related, 20 is too many to address via mailing list)
23:12:43 [WileyS]
Aleecia: We can expect to open more issues as time goes by and begin to resolve issues via phone calls and mailing list
23:13:10 [WileyS]
Aleecia: This is a lot of work to do by Jan
23:13:57 [tlr]
tlr has joined #dnt
23:14:11 [WileyS]
Matthias: Thank you for coming all the way to Santa Clara, the constructive atmosphere, and I believe we made a lot of progress (more than I expected) - I'm very happy. I hope we can continue the pace and close all of the open issues.
23:14:46 [WileyS]
Matthias: Thank you to the Editors! (much clapping)
23:15:01 [johnsimpson]
johnsimpson has left #dnt
23:15:04 [WileyS]
Aleccia: Much thanks to Nick! (much clapping)
23:15:15 [WileyS]
This meeting is adjorned!
23:15:18 [Zakim]
23:15:40 [npdoty]
23:15:43 [Zakim]
23:15:48 [npdoty]
trackbot, end meeting
23:15:49 [trackbot]
Zakim, list attendees
23:15:49 [Zakim]
As of this point the attendees have been tpac, +1.631.223.aaaa, [Microsoft], Patty, MikeZaneis, +1.631.223.aabb, Lia_FPF, +1.202.656.aacc, +1.617.320.aadd
23:15:49 [trackbot]
RRSAgent, please draft minutes
23:15:49 [RRSAgent]
I have made the request to generate trackbot
23:15:51 [trackbot]
RRSAgent, bye
23:15:51 [RRSAgent]
I see 5 open action items saved in :
23:15:51 [RRSAgent]
ACTION: tom, heather, and ian to propose a header/uri hybrid solution by tuesday [1]
23:15:51 [RRSAgent]
recorded in
23:15:51 [RRSAgent]
ACTION: tl to propose a header/uri hybrid for server responses (with west and ifette) [2]
23:15:51 [RRSAgent]
recorded in
23:15:51 [RRSAgent]
ACTION: andyzei to write up a proposal for a user-agent-managed site-specific exception [3]
23:15:51 [RRSAgent]
recorded in
23:15:51 [RRSAgent]
ACTION: zeigler to write up a proposal for a user-agent-managed site-specific exception [4]
23:15:51 [RRSAgent]
recorded in
23:15:51 [RRSAgent]
ACTION: simpson to write up a proposal for a site-managed (via cookie or other mechanism) site-specific exception (with hober) [5]
23:15:51 [RRSAgent]
recorded in