15:53:20 RRSAgent has joined #dnt 15:53:20 logging to http://www.w3.org/2011/11/01-dnt-irc 15:53:22 RRSAgent, make logs world 15:53:22 Zakim has joined #dnt 15:53:24 Zakim, this will be 15:53:24 I don't understand 'this will be', trackbot 15:53:24 hwest has joined #dnt 15:53:25 Meeting: Tracking Protection Working Group Teleconference 15:53:25 Date: 01 November 2011 15:53:29 Zakim, this is dnt 15:53:29 npdoty, Team_(dnt)16:00Z is already associated with an irc channel; use 'move dnt to here' if you mean to reassociate the channel 15:53:36 Zakim, move dnt to here 15:53:37 ok, npdoty; that matches Team_(dnt)16:00Z 15:54:06 Chair: Matthias Schunter and Aleecia McDonald 15:54:33 + +1.631.223.aaaa 15:54:44 Agenda: http://www.w3.org/2011/tracking-protection/agenda-20111031 15:54:57 if you're on IRC and call in, please let us know who you are 15:55:06 hwest1 has joined #dnt 15:56:08 eberkower has joined #dnt 15:57:43 rigo has joined #dnt 15:58:20 lgombos has joined #dnt 15:59:13 hwest has joined #dnt 15:59:54 Vincent has joined #dnt 16:00:02 Zakim, mute aaaa 16:00:02 +1.631.223.aaaa should now be muted 16:00:12 Zakim, unmute aaaa 16:00:12 +1.631.223.aaaa should no longer be muted 16:00:30 Zakim, mute aaaa 16:00:30 +1.631.223.aaaa should now be muted 16:00:55 +[Microsoft] 16:01:13 scribenick: npdoty 16:01:14 Joanne has joined #DNT 16:01:16 Topic: Introductions 16:01:25 schunter: very productive discussion yesterday, made some progress 16:01:38 suegl has joined #dnt 16:01:42 … we'll walk you through the changes we made to the specs since yesterday 16:01:42 +Patty 16:01:57 … then Tracking Selection Lists 16:02:06 … then discussion of issues for the Tracking Preference Expression 16:02:14 … lunch 16:02:18 alex has joined #dnt 16:02:34 efelten has joined #dnt 16:02:37 ifette has joined #dnt 16:02:38 … discussion of issues for the Tracking Selection List 16:02:46 ScribeNick: ifette 16:02:49 … and some planning 16:02:57 ScribeNick: npdoty 16:03:21 vincent has joined #dnt 16:04:08 Ninja has joined #dnt 16:04:11 WileyS has joined #DNT 16:04:17 aleecia has joined #dnt 16:04:21 choosing scribes by counting off :) 16:04:25 ScribeNick: ifette 16:04:35 TOPIC: Chair's Welcome 16:04:45 fielding has joined #dnt 16:05:03 Matthias: yesterday was focus on compliance spec, today will be going through details of TSLs and TPE 16:05:04 alex__ has joined #dnt 16:05:12 Frank has joined #DNT 16:05:19 ... first session, Aleecia will walk us through changes to compliance doc 16:05:26 Kai has joined #dnt 16:05:48 dwainberg has joined #dnt 16:05:48 Adam has joined #dnt 16:06:58 ... big question is to find what blocks us from moving to FPWD. Want to move to FPWD with this document, make sure there's nothing the editors slipped in that is objectionable 16:07:04 KevinT has joined #dnt 16:07:09 ... Aleecia reads diffs from the doc. 16:07:34 http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-diff-20111101.html 16:09:25 Frankie has joined #dnt 16:11:43 johnsimpson has joined #dnt 16:11:54 efelten has joined #dnt 16:12:15 John Simpson: Some ISSUES aren't labeled with numbers, will the spec be updated? 16:12:17 Aleecia: yes 16:12:20 ... continues reading diff 16:12:24 vincent has joined #dnt 16:13:55 enewland has joined #dnt 16:14:19 howard has joined #dnt 16:14:51 chuck has joined #dnt 16:14:52 paddyu has joined #dnt 16:15:49 paddyu has joined #dnt 16:16:05 RESOLUTION: move spec to FPWD 16:16:35 < many hands raised for comfortable, no objections, a couple abstentions > 16:17:19 tlr has joined #dnt 16:17:40 henryg has joined #dnt 16:18:05 Matthias: Will go over changes for TPE document 16:18:14 johnsimpson_ has joined #dnt 16:18:30 It's really hard to hear over the phone, can each speaker use the microphone? 16:18:47 eberkower has joined #dnt 16:19:17 Joanne has joined #DNT 16:19:18 the diff that Roy pointed to is here http://www.w3.org/2007/10/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2F2011%2Ftracking-protection%2Fdrafts%2Ftracking-dnt-20111028.html&doc2=http%3A%2F%2Fwww.w3.org%2F2011%2Ftracking-protection%2Fdrafts%2Ftracking-dnt-20111031.html 16:20:13 schunter1 has joined #dnt 16:20:50 tl has joined #dnt 16:21:35 ifette: are we using "exemptions" or "exceptions" in a consistent manner? 16:21:46 Roy: you set up exceptions on the client side, and then later we can talk about server-side exemptions 16:21:52 Heather: in that case it's not consistent between documents 16:22:12 Roy: yes, there's some semantic confusion 16:22:17 ... in the spec it will be "exceptions" 16:22:42 Matthias: continues reading, points out more exemptions/exceptions 16:23:27 New diff: http://www.w3.org/2007/10/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2F2011%2Ftracking-protection%2Fdrafts%2Ftracking-dnt-20111028.html&doc2=http%3A%2F%2Fwww.w3.org%2F2011%2Ftracking-protection%2Fdrafts%2Ftracking-dnt-20111101.html 16:24:14 +MikeZaneis 16:24:18 jmayer has joined #dnt 16:24:28 Nick: still confused on exceptions/exemptions 16:24:35 Roy: When a party has an exemption, they don't have to do X 16:24:40 s/Nick/npdoty/ 16:24:53 Roy: if a user has given an exception to its requirements, the user has granted that exception 16:25:31 Aleecia: One is a category, e.g. security 16:25:32 Mike has joined #dnt 16:25:38 ... the other is the user opting back in to something 16:26:08 dsinger: not sure the terminology is appropriate, the thought that they become exempt from compliance seems odd 16:26:27 Tom Lowenthal: Agree with david but there's a twist. They are exempt from the general requirement that you must do X when Y 16:26:34 ... MUST NOT... EXCEPT IF 16:26:47 dsinger: Exception to the general rule, but must comply with the rest 16:26:53 Roy: Currently it's all "exception" 16:27:21 Roy: Continues reading from Section 3 16:27:26 WileyS has joined #DNT 16:28:12 we do use "exemption" a couple of times in the compliance spec, in describing categories with lessened requirements 16:29:06 I don't think that we use 'exemption' and 'exception' in any sort of organized manner in the compliance spec - I propose that we task us editors with proposing a rationale for using one over the other, and come back to the group with it 16:30:29 how do you want to use exemption and exception in any sort of consistent way if you don't know their meaning in the context of the spec? 16:30:49 q+ 16:30:59 Q- 16:31:04 Q? 16:32:19 q+ 16:32:40 I suggest not referencing any specific laws in 5.1. 16:32:46 Rigo: Would prefer 5.1 to reference Section 5.3 of the EU privacy directive 16:32:59 Aleecia: Agree, and rather than "adherence to" say "consideration of" 16:33:02 It's a matter of legal interpretation whether that particular law is relevant 16:33:09 suegl, can you explain why? 16:33:21 It's not typical to reference specific laws in standards, AFAIK 16:33:21 Article 5, paragraph 3 of ePriv Directive 16:33:42 JC has joined #DNT 16:33:43 But we are an international standards body 16:33:55 Yes, but we're not an international legal body. 16:34:18 So we should *consider* what they have done, we're not saying we will do what they have 16:34:35 (…which we really very much may not want to. But we should at least think about it, IMHO) 16:34:39 from the charter: "The group will actively engage governmental, industry, academic and advocacy organizations to seek global consensus definitions" 16:34:58 Matthias: Rigo makes a point that it's good to consider these things, would like to leave it in 16:35:01 Roy: Can we poll the group? 16:35:04 I would recommend against providing legal advice in a standard 16:35:14 Karl: Can we put an ISSUE number here? 16:35:44 enewland_ has joined #dnt 16:35:52 dsinger: don't want anything that would suggest we've done a legal analysis and that by doing X you are covered 16:36:42 sue, I wanted to just express that helping with 5.3 is one of the intentions 16:36:56 Issue: should we consider applicable laws and regulations, such as the Article 5, paragraph 3 ePriv Dir 16:36:57 Created ISSUE-98 - Should we consider applicable laws and regulations, such as the Article 5, paragraph 3 ePriv Dir ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/98/edit . 16:37:01 consideration, not adherence to 16:37:24 Roy: continues reading section 5.2 16:37:29 Sue, does this work for you? 16:37:37 amyc has joined #dnt 16:37:44 We are not trying to claim to be lawyers… but would be foolish to build something that's DOA 16:38:10 Yes, that works. It was "adherence to" that was the problem. Thanks. 16:38:28 Agreed - thank you 16:38:57 "no weirder than the rest of the paragraph" 16:39:41 agree with "consideration" instead of "adherence to" 16:40:08 Roy: Is there anything from yesterday that we've missed? 16:40:10 (silence) 16:40:29 Matthias: Need to make "Consideration of" instead of "Adherence to", after that, want to get a poll of whether we can move to FPWD 16:40:37 +??P21 16:40:53 RESOLUTION: will move to FPWD 16:41:46 Topic: Tracking Selection Lists 16:41:46 TOPIC: TSLs 16:42:16 aleecia: we have not been talking about the third deliverable in the last weeks 16:42:31 ScribeNick: schunter1 16:42:31 ... let us have an update on this 16:42:36 does anyone have a link to the doc? 16:43:24 (which doc, Paddy?) 16:43:30 paddyu, no W3C official doc here yet (that's the topic of discussion), but the Microsoft Member Submission would be relevant http://www.w3.org/Submission/web-tracking-protection/ 16:43:35 scribe is schunter1 16:43:47 Andy and Karl: Introducing racking Selection List¨ 16:44:12 s/racking/Tracking/ 16:44:50 Andy: Tracking Selection lists allow the users to have control over tracking that is happening 16:46:08 ... consists of allow and block rules. User can have more than one list 16:47:20 ... multiple browsers support content filtering lists, e.g. Truste is a vendor of these lists 16:47:41 jmayer has joined #dnt 16:48:36 ... goal is to allow users to surf with their tracking selection lists on, we want to create an interoperable format 16:48:48 FrankGerstenmeyer: does it block only tracking or any content? 16:49:09 Frank: does this block only tracking 16:49:21 s/FrankGerstenmeyer/FrankGerstenberger/ 16:49:35 Andy: It´s basically a file format 16:50:13 ... lists can be specified to specific scenarios 16:50:48 list only blocks third party stuff 16:50:48 Matthias: What is the effect on an actual site? 16:51:14 Andy: Site will look the same just without third party content 16:51:27 Shane: it will just block the request 16:51:35 "third party" in the sense of the same-origin policy, not the "third party" concept we discussed yesterday 16:51:51 Shane: Why does this use a block or allow mechanism, why not just one 16:52:07 .. .why did you have blacklist and whitelist? Not only black _or_ white 16:52:29 AZ: that's exactly what we want to talk about 16:53:06 Andy: we wanted to support as many lists as possible, black and white lists 16:53:33 ... overwrite blocking with withelist. dissallow site but allow parts of it 16:54:14 "the DVR of the industry" 16:54:22 "a really bad ad-blocker" 16:54:52 Karl shows an actual example 16:55:05 tlr has joined #dnt 16:55:29 ... the first party got blocked w3.org in Opera 16:56:14 "the definition of easy" 16:56:14 ... unblocking needs to enter a list and delete it manually 16:56:41 ... list is searcheable 16:58:14 Andy: shows easy privacy tracking protection list of i.e. 16:58:33 ... an ad blocking technology 16:58:53 ... content is still there just hidden 16:59:44 just a comment for the minutes, I think Andy is saying that the EasyPrivacy list example is *not* an ad blocking technology 17:00:27 Tom: easy list is not the same as ad blocking, easy list is about blocking tracking content of specific kinds 17:00:58 We did a study of what these lists do: http://cyberlaw.stanford.edu/node/6730 17:01:02 thanks Nick, I missed that 17:01:22 tl: "a general purpose technology" 17:02:02 Tom: List allows to block certain malicious content very fine grained 17:02:30 http://www.blaeu.com/uploads/tds-rules-rdef.html (rob) based on adblock technology without hiding rules 17:02:36 q+ 17:02:49 http://www.blaeu.com/uploads/tds-rules-rdef.txt (Rob) 17:03:13 tl has joined #dnt 17:03:25 q? 17:03:39 sue, do you still want to talk? 17:03:41 Aleecia: I wanted to give people the same starting point for these tracking selection. Question on how technoligy works? 17:03:50 suegl, do you want to type or try to speak up on the speakerphone? 17:04:34 lgombos_ has joined #dnt 17:04:54 Andy: In the New York Times example beakons and invisible content was blocked 17:05:01 selective http requests lists 17:05:34 Matthias: Is this used to show user preferences? 17:05:44 Agree it should be called something other than "tracking selection" as it is more general purpose 17:05:56 Andy: Anybody can make these lists 17:06:32 q- 17:07:53 Andy: There are ways to detect for a service provider if specific content is blocked by the user. First Party can see the user enabled and what didnot load 17:08:37 (that was in response to: Alex: is there any way for the first party to know that an image or other content isn't loaded?) 17:08:42 Karl: There are users that do not see images. So why does the first pe 17:08:44 artz 17:09:11 y... party need to know? 17:09:52 Dave: You are preventing loading. Preventing tracking is just a side effect 17:10:02 Graph of TPL effectiveness: http://dl.dropbox.com/u/37533397/tracking_the_trackers/tpl_study/results_graph.png 17:10:49 q+ 17:10:57 Shane: Aleecia: We need to discuss if we want to do this? 17:12:02 Aleecia: Should the working group pick up this topic? We need to find a consensus 17:12:06 q? 17:12:32 efelten has joined #dnt 17:12:47 Shane: the current DOM solution for determining whether content was loaded or not is burdensome 17:13:22 ack fielding 17:13:31 Matthias: Lists allow browsers to cooperate. For the sake of interoperability but it does not mean that every browser needs to implement it. 17:14:05 Roy: I disagree with having this in the charter. It is basically Ad Blocking not Tracking Protection 17:14:10 ack ifette 17:14:19 q+ jccannon 17:14:28 q+ 17:14:54 q? 17:14:56 Ian: The lack of standardisation does not really pose a problem 17:15:11 q+ karl 17:15:26 Q? 17:15:31 q+ TomL 17:15:58 q+ singer 17:16:07 ack TomL 17:16:09 ack TomL 17:16:13 q= 17:16:19 q = 17:16:21 q? 17:16:42 q- jccannon, dsinger, karl, singer 17:16:46 Tom: It is one quarter of the charter. The group is required to deliver 17:17:17 ... this is classic standardisation work 17:17:32 s/quarter/third 17:18:21 +q 17:18:31 JC: Consumers should be able to whitelist as an exception to dnt 17:18:36 q- 17:18:37 q? 17:18:48 eberkower has joined #dnt 17:18:51 vincent has joined #dnt 17:18:53 efelten has joined #dnt 17:19:03 Dave: this is a hostile move of users to sites 17:19:10 I vote against including the web tracking protection in the spec 17:19:13 Joanne has joined #DNT 17:19:30 ... W3C should not say that is generally okay to block content 17:19:53 I vote against including the TPL standard as part of this group's work 17:20:16 ... dnt should be about not needing content blocking any more 17:20:32 I feel we are conflating how lists are implemented versus providing lists for granular control 17:21:06 Users should have a way to indicate exemptions to the DNT signal 17:21:10 Agree with Dave that W3C should not be supporting standards for blocking broad categories of content, including advertising. 17:21:11 Karl: developers need standardisation to enable their work. 17:21:35 q+ 17:21:44 s/quarter/third 17:22:11 q+ 17:22:25 Kevin: Filtered URL list might be a more general approach 17:22:43 John: if it is in the charter we should consider it 17:23:00 ack vincent 17:23:10 ... we need to develop at least a strawman to see how this adds to dnt 17:23:36 ack WileyS 17:24:04 JohnSimpson: I think a strawman document makes great sense and if we can't develop consensus on that, that would be the time to stop 17:24:29 Amy: It is not necessarily hostile but offers users a choice (not sure if I got it right) 17:25:44 Tom: users come first in priority. They are the boss of their browser. 17:26:31 q? 17:27:14 amyc has joined #dnt 17:27:27 Peter: We know there will be actors who do not respect dnt. Do we want to address these with blocking? 17:27:42 q+ 17:28:36 Ian: I think the lack of standardisation is not a big issue. Not much work to adapt to all three standards 17:28:37 ifette, one thing to note is that in addition to different syntaxes, the semantics of the lists are different 17:29:04 ifette, the MSFT spec allows one list to whitelist in a way that overrides any other lists the user has subscribed to 17:29:04 pde: could be a way to level the playing field for the good actors that respect DNT by enabling users to block bad actors 17:29:26 I believe the ABP lists do not work that way 17:29:39 (though I'm not 100% sure of that) 17:30:16 andyzei has joined #dnt 17:30:21 q? 17:30:31 ack dsinger 17:32:07 Shane: dnt signal turned on allows user a communication with a publisher. If wesupport selection lists (I do not support this) publishers need visibility of user preferences 17:34:01 Tom: Publishers and users need to have a dialogue. oneside blocking is not the way it should work. But not all parties will play by the rules 17:34:38 Ok, so lots of talk about whether or not this is a good blocker - it is, or it isn't. 17:34:49 ... so there is still a need for the user to block content from prties who do not take part in this fair dialogue 17:34:51 It either blocks ads and other things well, or it doesn't block ads and other things well 17:35:12 It's an exceptional ad blocker - that's why it's a good tracking blocker. 17:35:22 q? 17:35:36 Right - I think trying to argue that it's a bad ad blocker and a good other things blocker is somewhat misleading 17:36:09 to Tom's point, addressing this issue in this forum would allow input from publishers and ad industry participating in wg 17:36:13 Frank: User will expect to have the freedom to be tracked or not. Content blocking should not be part of this dnt standard 17:36:18 The online advertising industry made design choices such that ad content == tracking content. 17:36:25 Frankie has joined #dnt 17:36:28 can I be on the speaker queue without being tracked on Matthias's piece of paper? 17:36:39 Users don't have any other choice if they want to protect themselves today. 17:37:11 howard has left #dnt 17:37:25 citation for the priority of constituencies: http://www.w3.org/TR/html-design-principles/#priority-of-constituencies 17:37:35 Dave Singer: I did not want to say that users MUST load all content of a site. But I do not want W3C to tell people blocking is okay 17:37:57 FWIW, changing the expression of an online webpage is arguably the same as creating a derivative work. Users can do that for themselves, legally, but I think an organization that publishes such a mechanism for doing it automatically is infringing copyright and should be subject to the legal claims by all copyright owners. 17:38:33 I am not happy with the W3C saying that it thinks that normal operation of the WWW involves users finding and using "load blocking" lists 17:39:06 Rigo: What does it mean in term of financial loss. We need to openly talk about the elephant in the room 17:39:11 would a TPL of 1st parties that embed elements from 3rd parties that do not respect DNT make sense and satisfy publishers? 17:39:24 Rigo is exactly right. 17:41:05 ... Ian: Ian: These lists block all major ad networks. so we probably talk about a major sum of money 17:43:04 Microsoft: we try to do it granularly. Block not all ad content. Standrard would allow for a much higher level of fine grained blocking 17:43:16 s/Microsoft/Abine/ 17:43:54 Why are people blocking ads ? My opinion: because they want not to be tracked, NOT because they will not look at ads.... 17:44:18 lgombos has joined #dnt 17:45:02 Speed of site loading might be another reason 17:45:27 KJ has joined #dnt 17:46:49 Ian: If there are too few people it is not worth the effort 17:47:19 ... we are talking about 50.000 probably 17:47:50 Alex: many of the lists are proprietary content (about malware, etc.) and so companies might not invest in lists if they were publicly published 17:47:56 tlr has joined #dnt 17:48:34 Aleecia: summary for Ian, either there are too few people for it to be worthwhile or too many that it's a revenue problem, so resolving this question isn't relevant for Ian's support -- Ian agrees. 17:48:43 on the number of users using it…my concern is that if these blocking lists get popular, legitimate businesses that find themselves adversely affected will take counter-measures. I am not sure where it will end. 17:49:25 procedurally, I am curious about whether anyone has been persuaded by this conversation to move from "we should not standardise TPLs" to "we should standardise TPLs"? 17:49:53 Aleecia: are therer ways we can build this only on the advantages and illiminating the disadvantages we collected? 17:49:55 the browser checking TPL if the server replies "no" to DNT? 17:50:31 the browser adding to TPL if the server replies "no" to DNT? 17:51:30 ... building just another ad blocker is not good use of our time. Can we just specifically block data transmission? 17:52:09 ... not blocking ads but invisible tracking, still showing the ads 17:53:15 quick poll: how many people will be satisfied with this approach: about half the room 17:54:07 Shane: it illiminates the economic value of ads 17:54:21 - +1.631.223.aaaa 17:55:07 s/illiminates/eliminates/ 17:55:21 Aleecia: we have a disagrrement in the room. split in half. we will continue to discuss this 17:55:54 -??P21 17:55:57 Nick Doty, thank you. I am fighting the English keyboard 17:56:25 henryg has joined #dnt 17:56:46 it isn't clear to me that we should come back to TPLs unless we see movement from those opposed towards wanting to standardise 17:57:40 Roy: Dave: we should stick to work on privacy. The list is a much broader issue 17:57:43 action item to bring it to TAG? 17:57:43 Sorry, couldn't find user - item 17:57:55 do we want an action item to bring it to TAG? 17:59:15 tl, clearly the group members reason for opposing standardisation is not about standardisation, but about wanting to deny assistance to the underlying practice of content blocking 17:59:25 fielding has joined #dnt 17:59:39 -MikeZaneis 17:59:42 -[Microsoft] 18:00:11 howard has joined #dnt 18:01:01 -Patty 18:01:47 sidstamm has joined #dnt 18:07:39 Kai has joined #dnt 18:08:22 Josh_Soref has joined #dnt 18:18:02 +Patty 18:18:32 enewland has joined #dnt 18:20:18 enewland has joined #dnt 18:22:22 sidstamm has joined #dnt 18:22:33 sidstamm_ has joined #dnt 18:23:03 vincent has joined #dnt 18:24:57 + +1.631.223.aabb 18:27:16 +Lia_FPF 18:27:56 Lia has joined #dnt 18:27:56 Frankie has joined #dnt 18:28:02 suegl has joined #dnt 18:28:51 fielding has joined #dnt 18:29:05 +[Microsoft] 18:29:26 ping 18:29:55 Peter Eckersley on fingerprinting browsers 18:30:34 alex__ has joined #dnt 18:32:16 RRSAgent, draft minutes 18:32:16 I have made the request to generate http://www.w3.org/2011/11/01-dnt-minutes.html Josh_Soref 18:34:31 panopticlick.eff to see if your browser is unique 18:34:44 DNT's minutes are public, Josh 18:34:54 At the very least after they're cleaned up... 18:37:08 IPv6 has MAC address for most OSes 18:37:37 Peter's full paper is available, we can ask him for slides too 18:38:04 + +1.202.656.aacc 18:38:27 npdoty has joined #dnt 18:42:07 ifette_ has joined #dnt 18:42:21 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt-20111101.html 18:42:42 is the final version to be sent to W3T for publication as FPWD 18:43:21 henryg has joined #dnt 18:43:49 Thanks! 18:44:26 Nick has been really good about taking care of that for us, so I admit ignorance on mechanics. 18:45:34 rrsagent, pointer? 18:45:34 See http://www.w3.org/2011/11/01-dnt-irc#T18-45-34 18:45:58 scribenick: Frank 18:46:12 Will look at blank spots in Tracking Preference Expression document 18:46:14 Topic: Tracking Preference Expression discussion of new areas 18:46:57 dwainber_ has joined #dnt 18:47:37 amyc has joined #dnt 18:48:19 Will discuss what feedback the server provides when DNT 0 or 1 is ent 18:50:07 Will spend 10 minutes discussing goals 18:51:29 Reviewing goals in the document 18:51:40 PeterM has joined #dnt 18:52:10 which document frank? 18:52:12 Adam has joined #dnt 18:52:41 Guidance for site specific exceptions - I see you have DNT enabled but I need you to opt-in if you want to access my site 18:53:00 - +1.202.656.aacc 18:53:59 ifette_ has joined #dnt 18:54:19 JC has joined #DNT 18:54:20 frank, which document are we looking at? 18:54:58 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html 18:56:33 dsinger: the reasons I had in mind were knowing which servers responded to DNT at all, which clause I might fall under from the server's point of view, whether my DNT signal made it to the server at all 18:58:26 swiley: trying to think through how to get through cachable and non-cacheable environments, would have to be URL specific 18:59:05 tom: this needs to be on a per request basis, don't have enough state to tell what's going on 18:59:36 tom: we can have a variant on the header to deal with cached objects 19:00:46 Matthias: feedback should be on a per request basis. User should be able to know if tracking took place 19:00:57 -Lia_FPF 19:01:17 Matthias: agreement on goals: feedback, auditing, transparency 19:02:01 in discussing goals, should we also talk about http://www.w3.org/2011/tracking-protection/track/issues/98 ? 19:02:19 JoshS: concern if you have too much information, will drown the user. If 50 elements on a page, too much info for a user 19:03:14 schunter has joined #dnt 19:03:24 Present+ JoshS 19:04:00 Thomas: In the charter, UI elements are out of scope. There is a lot of extraction between what browser sends and what it exposes to customer 19:04:21 s/extraction/abstraction/ 19:04:36 howard has left #dnt 19:05:09 Matthias: Should we add as a goal consideration of legal and regulatory 19:05:27 rigo has joined #dnt 19:06:07 speaker: UI is out of scope. If I want to make a crappy browser that shows user everything, I am compliant with DNT 19:07:02 DavidW: Must be a balance between usefulness of the information and the cost or providing 19:07:29 Nick: Can someone provide more detail around the goal with respect to legal 19:07:35 s/speaker/tl/ 19:08:24 DavidS: If you respond that you honored DNT, I have something from year that says you didn't track, and that is useful. 19:09:30 ifette: On EU regulatory, 5.3 requires some kind of consent from users when cookies are installed. 19:09:43 s/ifette/ninja/ 19:10:09 speaker: one of goals should be simplicity of implementation on server side. 19:10:43 s/speaker/amyc/ 19:11:48 users consent means any freely given specific and informed indication of her wishes (Rob) 19:12:21 AlanC: Talking about complying with ePrivacy, doesn't seem like anyone in Europe knows what complying with ePrivacy means - each EU member state still trying to figure it out, so will be hard for this group to work towards 19:13:50 NickD: We should think about enabling usability for the end user. Even if we don't define the UI< we will make decisions that will impact usability 19:15:20 Thomas: disagrees with criteria of usability. We don't need to write a system that understands each transaction. Design a system that enables the agent (browser) to provide useful information to users. 19:15:36 http://www.w3.org/TR/P3P/#goals_and_capabs -- The goal of P3P version 1.0 is twofold. First, it allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. Second, it enables Web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may "opt-out" of or "opt-in" to. 19:15:57 Aleecia: Goal is to give browsers enough information so they can do something useful with it. 19:16:18 NickD: we should do things that enable usability 19:17:06 DavidW: there must be some measure of the information that has to be provided to enable good usability. 19:17:24 DavidW: Express fine-grained track/no track is a goal, not a criteria 19:17:53 Matthias: communication efficiency is important 19:19:18 DavidS: Simplicity should be appropriate to the level of tracking that is going. Will be easy for simple sites, more difficult for more complex. 19:19:32 regarding usability, the CMU report: "Why Johnny Can't Opt Out" published yesterday, may be relevant: http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11017.html 19:20:10 KevinT: Data should flow. Two use cases: 1. could flow to a user through browser, 2. to a compliance tool 19:21:14 Thomas: we need a lot of features in the protocol. Doesn't mean they're all implemented in the browser. Users will want a simple indication, but have ability to drill down, or use third party tools. Take usability out of criteria, and have a sufficiently rich feature set to support desired use cases. 19:22:00 Thomas: The legal regulatory/legal compliance should be a criteria, not a goal. 19:23:08 Matthias: Go through response options 19:23:26 Matthias: 1st option, no response 19:23:48 Great session by Aleecia and Matthias 19:23:49 Matthias: well-known location for machine readable policy 19:24:20 Matthias: could be different flavors of policy. Parts of site might, might not honor 19:24:50 Matthias: whether static or dynamic 19:25:21 Matthias: A static header field for machine-readable policy 19:25:40 Roy: similar to previous response 19:26:11 Thomas: can we do a quick straw pole on 1st two options 19:26:31 Matthias: 3rd, static header field stating DNT is on. 19:27:12 Matthias: 4th, dynamic header field indicating that tracking is enabled or disabled for this user (and why). 19:27:32 Frankie has joined #dnt 19:27:49 DavidS; do the first 3 indicate if I'm tracking you or not? 19:28:18 s/DavidS;/DavidS:/ 19:28:29 Aleecia: the location is static but the status is dynamic 19:29:45 s/status/content/ 19:29:48 ChuckC: Is there any human readable element that goes with these expressions? 19:30:23 Matthias: focus is on different options to get information across 19:31:19 Speaker: the list is not clear to me. would love to see what I see 19:32:32 s/Speaker/karl 19:32:45 Rigo: well known location has many advantages. Know that site is DNT enabled. 19:33:27 ifette_ has joined #dnt 19:33:39 Rigo: when you try and distinguish between different policies for different parts of sites, well known location still works, but the file that describes gets complicated. 19:34:40 Matthias: we have four options on the table. After break can discuss other options, will go into more detail on each of four. 19:35:37 Thomas: on dynamic header, sounds useful, but don't know what a user is. We need to narrow down each one a little more before talking about these in more detail. 19:36:07 -Patty 19:36:36 -[Microsoft] 19:37:51 hwest1 has joined #dnt 19:39:59 hwest has joined #dnt 19:51:28 aleecia has joined #dnt 19:59:15 dsinger has joined #dnt 20:00:21 efelten has joined #dnt 20:10:26 aleecia has joined #dnt 20:14:43 hwest has joined #dnt 20:19:08 enewland has joined #dnt 20:21:28 alex__ has joined #dnt 20:21:33 efelten has joined #dnt 20:23:10 vincent has joined #dnt 20:24:32 johnsimpson has joined #dnt 20:24:34 Joanne has joined #DNT 20:24:49 - +1.631.223.aabb 20:26:28 henryg has joined #dnt 20:28:53 dwainberg has joined #dnt 20:29:27 dwainber_ has joined #dnt 20:30:15 aleecia: Presenting "Track Gap: Policy implications of User Expectations for the 'Do Not track' Internet Privacy Feature 20:30:58 npdoty has joined #dnt 20:31:09 sidstamm has joined #dnt 20:31:18 fielding has joined #dnt 20:31:34 sidstamm_ has joined #dnt 20:31:43 karl has joined #dnt 20:32:08 amyc has joined #dnt 20:32:42 karl has joined #dnt 20:33:03 +[Microsoft] 20:33:22 suegl has joined #dnt 20:33:25 ifette has joined #dnt 20:33:45 +Patty 20:34:10 q+ to ask how people know what all these technologies mean? 20:34:26 alex has joined #dnt 20:35:12 -50% expects that the ads clicked tracking will stop 20:35:47 paddyu has joined #dnt 20:39:01 wondering if there are variations of understanding depending on the countries, cultures 20:39:33 is there a link to this study/research? 20:39:41 w/r/t widgets 20:40:10 dicussion about Lorry's new paper "Why Johnny Can't Op out" 20:40:34 tl has joined #dnt 20:40:46 I know what aleecia presented was published at the princeton workshop 20:41:49 http://www.w3.org/2011/track-privacy/papers/AleeciaMcDonald.pdf 20:41:53 pilot results presented at Princeton, but this paper has the complete results 20:41:54 jmayer has joined #dnt 20:42:32 q? 20:42:49 ack karl 20:42:49 karl, you wanted to ask how people know what all these technologies mean? 20:43:05 karl: surprised by the people knowing IP and global level of knowledge 20:43:37 henryg has joined #dnt 20:43:46 aleecia: IP address was explained 20:43:56 ahaha tracking following a link from twitter to an article http://marketplace.publicradio.org/display/web/2011/11/01/tech-report-if-you-tried-to-opt-out-online-tracking-probably-didnt-work 20:44:11 there was this at the end of the uri #.TrAUp3TBAI8.twitter 20:44:44 the CMU/Lorrie Cranor report I mentioned earlier: http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11017.html 20:45:00 WileyS: in the 1st party context, did you try to use other term ( brand, compay)? 20:45:37 aleecia: 1st vs third party was known from other context (previous study) 20:46:14 aleecia has joined #dnt 20:46:25 hwest has joined #dnt 20:46:27 Matthias: back to TPE, quesitons about the different options 20:46:43 Frankie has joined #dnt 20:46:45 ... : discuss the different options and then the details 20:47:17 Can we get a link to the study about first v. third party and user expectations? 20:47:21 ...: first, visit , you sent a request with the DNT signal and you get a response 20:47:28 scribenick: vincent 20:47:48 Frank has joined #DNT 20:48:02 ...: the sever does something with DNT as part of his response 20:48:06 Topic: Tracking Preference Expression continued 20:48:22 s/...:/.../g 20:49:11 ... second option the server send a response with a pointer to DNT 20:49:34 ... what kind of information do you want to see at the UA end 20:49:47 karl: are the options exclusive? 20:50:27 Matthias: not exclusive, one might be for the user, the other one might be in machine readable language 20:51:07 tl: in the response I'd like to see 20:51:15 ... what the user said 20:51:33 tlr has joined #dnt 20:51:37 ... does the server comply 20:51:51 ... is the server beliving as a first or third party 20:52:23 .. is the server beliving it's acting as a first or third party 20:53:06 dsinger has joined #dnt 20:53:16 s/beliving/believing/ 20:53:32 rigo has joined #dnt 20:53:36 alex: first party vs third party, does it matter? 20:54:12 howard has joined #dnt 20:54:16 nina: cant he server know if it's a first or third party ? 20:54:29 s/nina/ninja/ 20:54:36 thanks 20:55:42 tl: it matters for the user interaction with the server (first party vs third party) 20:57:06 tl: the response from the server could block any futur requests 20:57:29 sid: it 20:59:18 karl: the only way the tl case could be working, if the client was making a HEAD and then a GET depending on the HEAD, but that would be costly. 20:59:28 s/sid: it/sid: the exact function of a paranoid mode is a UI question out of scope, but it's enough to show that it's a possibility/ 20:59:29 hwest: ping the URL and then decide if the browser is going to proceed 20:59:58 s/URL/URL of a well-known location/ 21:00:59 tl: one of the element in the response should be the echo of the request 21:01:30 john: user should only care if they have the request 21:01:42 aleecia: you may want to know what it is that you sent 21:02:03 to be clear: i can can get the html, see a dnt:101, then refuse to get any of the references, or 1x1 gifs &c 21:05:51 dsinger has joined #dnt 21:06:16 aleecia: DNT helps restoring user trust, if we want user to click on ads and know that nothing happens to them the ack worthes the cost 21:06:44 Kai has joined #dnt 21:06:53 KevinT has joined #dnt 21:07:48 WileyS: the reply should be "I saw it and I comply" or "I saw it and I do not comply" 21:09:13 tl: people saying I have an exeption are not saying I'm not complying, it means " I beleive I have an exeption" 21:09:31 fail to capture that exactly 21:11:30 npdoty: the answer would help user to know to which website they opted back in 21:11:56 amyc: what does the static site policy fail to capture? sites are either compliant or not 21:12:42 dwainber_: what is the cost of all the answer from a website 21:14:39 tl: I request a page and have a elements to download and in the response I see "what the party beleive they are (1st vs third)" and wether or not they comply 21:15:53 dwainber_: the cost is about the cost of the implementation 21:15:59 * issues with hotlinking and referer 21:16:11 * issues with ssl (no referer) 21:16:20 dwainber_: someone has to store if the user opts back in 21:17:19 henryg has joined #dnt 21:17:21 tl: the cookie stored in the client could be used to store the "Opt-back in" 21:17:32 Frankie has left #dnt 21:17:41 Frankie has joined #dnt 21:18:19 ... and then the server respond "I see DNT and a opt-back cookie", browser pop up message for confirmation from user 21:19:57 Matthias: where to store the DNT compliance file 21:20:19 ... static url: pros and cons? 21:22:34 xxx: expecting a single well known url is to coarse grained for large website 21:22:44 s/xxx/hober/ 21:22:49 thanks 21:25:15 dwainber_: one time, one party having different policy for different parts of the website 21:26:01 matthias: for ibm.com they're would be part respecting DNT before other parts (transition) 21:26:22 ... some piece of a website may require DNT for business processes 21:27:05 WileyS: For Yahoo! it'll be different at least when they act as a first or a 3rd party 21:28:06 fielding: when large site do tracking they generally use different domains 21:28:58 aleecia: Exempl: mozilla labs collect data about you, other parts of the website do not 21:29:28 Matthias: now looking at the everything is dynamic solution 21:29:43 ... pros and cons 21:29:57 I wonder how the DNT works with wikis history. 21:31:04 jmayer: the more dynamic we go, the more we give the browser the ability to enforce the user expection 21:31:55 hwest: cons: the reponse may change according to who request the policy (ex if it comes from the FTC) 21:32:50 ... : it'll allow descrimination 21:33:47 hwest, I'd definitely appreciate more detail on its not being feasible 21:34:08 if you bloat each request by 100 bytes 21:34:13 that will have a huge latency impacy 21:34:27 having a URL in response to each request would be a huge hit 21:34:29 tl: the header is request specific, the well known URI gives lot of specific information but it is not related to the specific request 21:34:39 ifette, define "huge" :) 21:34:51 karl, big enough for us not to send it 21:34:51 ifette, current proposal from tl is a single character -- is that too many bytes? 21:34:58 no, single character is fine 21:35:02 even 2-3 probably ok 21:35:10 but a full URL would be not ok 21:35:34 npdoty, I'll get more information on that for you. It's outside my realm but I have heard very strong opinions on it 21:35:48 ifette, but there's a number of characters at which point you will refuse on behalf of Google's servers? 21:36:02 npdoty likely on the order of 4+, yes 21:36:25 jmayer: desembiguition between dynamic (there might be some option in what you get back) vs dynamic reponse : the server does have to send a different reponse every time 21:36:43 s/desembiguition/disambiguation/ 21:37:11 what if we had a response that was a string that got appended to a known URL? 21:37:28 e.g. dnt:0; where gets added to /dnt?reason= 21:37:31 or something like that 21:37:50 gives us some flexibility of dynamic url/response 21:37:50 ifette: /.well-known/dnt?reason= 21:37:52 :) 21:37:57 yes 21:37:57 so your main complaint is with fielding because he wants to use "Tracking:" instead of "Dnt:"? 21:37:58 tl: three bits in the header and then pointer to the well known URI 21:38:06 field-name + ": " + CRLF + length of field-value 21:38:10 andyzei has joined #dnt 21:38:27 henryg has joined #dnt 21:38:34 Frankie has joined #dnt 21:39:52 we prefer shorter header names :) 21:40:24 fielding: on the issue of verification : if the answer change every time it will be hard to verify (for example you can not go to court) it's not recorded 21:41:31 lgombos has joined #dnt 21:42:32 matthias: the next would be to discuss when the dynamic and static cases could be used 21:42:50 ... well nown YRL is limitied and dynamic is costly 21:43:02 s/YRL/URL 21:44:06 aleecia: tl and hwest should write a proposal together 21:44:30 ACTION: tom, heather, and ian to propose a header/uri hybrid solution by tuesday 21:44:30 Sorry, couldn't find user - tom, 21:45:03 matthias: element such as caching should be discuss in more details 21:45:38 ... other big piece is "opt-back in" 21:46:05 ACTION: tl to propose a header/uri hybrid for server responses (with west and ifette) 21:46:05 Created ACTION-30 - Propose a header/uri hybrid for server responses (with west and ifette) [on Thomas Lowenthal - due 2011-11-08]. 21:46:18 ... 2 use cases: 1) I have DNT on and visit a website that do no honor DNT 21:46:23 ... what the site should do? 21:46:38 I suggest to look into the P3P policy reference file format and well known location: 21:46:40 http://www.w3.org/TR/P3P11/#ref_file 21:46:53 redirect the user to a website "disbale DNT to come back" 21:47:12 it mainly does the same: distinguish different policies of parts of the sites and third parties 21:47:49 ....2) persistence of the opt-back in (in the server or in the client)? 21:48:26 especially 2.3.2.9.1 OUR-HOST Extension 21:48:42 jmayer: we could use standard stuff like cookies and leave the implementation to the website 21:49:36 dwainber_: if the persitence of cookie can be used to store the opt-back in, why not using them to store the "opt-out" 21:50:41 WileyS: User should be able to see a list of their exception in one place, 21:51:22 ... therefore prefer client side solution to cookies 21:51:53 also, the users who care about this are probably also the users who delete cookies 21:51:59 so you don't want to confound the two 21:52:00 tl: cookies are an appropriate method to store opt-in cause if user delete them, they're prompted again 21:52:04 I'm fully in support of the Felten thesis "if you're going to track me, use cookies" - essentially, use somehting that has transparency and tools around it 21:52:14 So that the user understands what's going on. 21:52:45 It seems weird to use tech that would otherwise would not really be supported by privacy folks to track privacy preferences... 21:52:48 fielding: have a standard cookie name for the opt-back in 21:53:29 (fwiw i was referring to using cookies as an opt-out to be somewhat unnatural and strange, cookies for opt-in seems quite natural) 21:53:40 ... well defined cookie name, the browser would be able to know which cookies are opt-in cookies 21:54:08 pde: why not using user name and password? 21:54:20 Not all websites have login systems 21:54:25 i don't like the idea of forcing a specific cookie name / syntax 21:54:30 And I wouldn't support shoddy login systems for the sake of an opt 21:54:30 FrankW: interesting to combine DNT with a cookie mechanism 21:54:31 or expecting the browser to treat these cookies separately 21:54:33 ifette: me too 21:54:40 it becomes a mess for the browser 21:54:55 do we then show these with the other cookies? Delete them when the user says delete cookies? have separate ui? 21:55:03 ... can you imagin to define different cookies, one for personal profile, one for analysis 21:55:04 hwest, it's true, but not all sites have opt back ins either 21:55:08 ifette: yup. 21:55:13 you're essentially cramming a parallel system into another, and that just asks for problems 21:55:25 they're either cookies, end of story, or they're something else 21:55:28 but please no Frankencookies 21:56:03 We have a lot of tools to do things like persist opt out cookies - I think persisting an opt in cookie should be rather similar, and I think the idea of using existing tech and waiting to see whether we need to enshrine that in standards or whether we can count on sites that need it to figure out how to keep opt ins 21:58:04 npdoty: does the opt-back apply to the visited website or to the third parties which may then track me everywhere 21:58:12 hwest, the tools I'm familiar with to persist opt-out cookies are extensions; are there any others? 21:58:33 it's a bit of a hack tbh 21:58:49 because if I grant tracking while I'm on a particular first party, we probably don't want the first-party special opt-in cookie to be sent to all the third party trackers on that site 21:59:03 i don't really like the idea of cookies with strange rules 21:59:08 either use cookies or use something else 21:59:21 pde, you're right, or standalone programs. Not saying that piece of it is wrong, but fingerprinting the user to persist an opt seems like a bad idea 21:59:25 why don't you send dnt=0 in this case? 21:59:38 hwest, I agree :) 21:59:47 and to defend the "persist by login" approach... 22:00:03 Wouldn't the first-party's cookie come from its own domain and not from the various third parties' so that the first-party opt-in cookie wouldn't apply to the 3rd parties' practices 22:00:03 it isn't really clear to me when or why users would ever be opting back in without login 22:00:11 do we need to specify technology needed to obtain or recall override? 22:00:37 WileyS: I like the cookie but we need a solution to skip back from the cookie to fingerprinting for some device 22:00:41 dwainberg: if third-party cookies are blocked, what would that do to this type of cookie? 22:01:05 amyc, I think we do need to know whether the browser will manage it or the site will manage it 22:01:16 hwest: we should give some example, guidance but not saying "that the way you do it" 22:01:39 pde: why would I opt-back in to a website I do not logged into 22:02:24 DKA has joined #dnt 22:02:35 Paywalls will evolve as will login systems as will all the other pieces of this puzzle - lets assume that it is good to futureproof this by giving guidance but not requiring a given technique 22:02:47 indeed, why do we have to specify how the list is maintained 22:03:03 WileyS: payroll is not the sole option, there is also the solution "you either give us an exemption or you just do not visit our website" 22:03:04 I think WileyS just illustrated my point well 22:03:21 there are lots of sites today that say "you must log in before you can read this content" 22:03:52 and I find the idea that a user can opt-back-in and remain totally anonymous, tenuous 22:04:49 aleecia: login would be too complicated and we need something that goes beyond cookies (user delete them) 22:05:14 it seems to me that the best level of non-identification they can hope for is a pseudonym on the site 22:05:19 I think we should just say that user agents maintain a list of things you've opted back in to 22:05:25 and how that is done is left to the implementer 22:05:28 fwiw 22:05:48 ifette, how does the user agent know what to add to that list? 22:05:55 matthias: I send DNT:1 plus some other stuff (login, cookies) which allows the website to ignore DNT:1 22:06:19 pde, could be any number of things, a specific response in the DNT header that triggers UI, a JS call, ... 22:06:23 ... other solution the browser send DNT:0 22:06:39 presumably you want some browser confirmation before it starts sending DNT:0, right? 22:06:43 ... why don't we consider option B? 22:06:48 ifette, that would work yes 22:06:55 so, whatever causes the browser to send DNT:0 could trigger the browser to update its list 22:06:59 however that list is stored 22:07:06 if you still send DNT:1 with a magic cookie, that's a bit wierd 22:07:17 presumably you want to not send DNT:1 if there's an exception the browser is aware of 22:07:25 dwainber_: how does the client gonna know the scope? the server does know the scope 22:07:27 so whatever makes the browser aware of this, can be used to update a list 22:07:50 re scope, good question, but applies either way if you want the user to know what the scope is when they consent 22:07:52 aleecia: DNT:0 is an explicit consent and that's better 22:08:11 aleecia: getting users to change their DNT to 0 for opt-back-in sounds like consent, which would be useful for various contexts 22:08:12 ifette, for one version of the server-side-response semantics of "Tracking: 0", that could be the prompt for the user agent 22:08:13 a magic cookie that the user has no idea what it represents doesn't do a great job at explciit consent 22:08:47 indeed, ideally in my mind something would happen that causes the browser to send 0 on subsequent requests 22:08:52 that way, both parties are clear 22:09:05 as to how you scope that or what triggers it, that's a good question 22:09:22 but just saying "it's a cookie the server interprets" doesn't answer the scope or explicit consent issues either 22:09:33 at any rate, i do apologize but i have to drop off 22:09:33 browser chrome is a blessing and a curse 22:09:39 pde indeed 22:10:06 jmayer: interjecting the user agent can be advantageous, browsers can do a good job making sure users know what decision they're making 22:11:33 john: lot of adavantage for opt-in cookie, it'll maintain the user preference for DNT 22:12:00 ... it'll let the site differentiate user preference 22:12:16 ... if you delete the cookie you would just send DNT:1 22:13:34 fielding: I actually prefer B (user-agent-managed) except what about existing user agents that send DNT:1 and wouldn't have this additional functionality? 22:14:15 matthias: is anyone interested in fletching these options 22:14:51 howard has joined #dnt 22:14:58 John annd hober take the action point on option B 22:15:12 Andy takes the action point on option A 22:15:24 ACTION: andyzei to write up a proposal for a user-agent-managed site-specific exception 22:15:24 Sorry, couldn't find user - andyzei 22:15:25 -Patty 22:15:57 ACTION: zeigler to write up a proposal for a user-agent-managed site-specific exception 22:15:57 Created ACTION-31 - Write up a proposal for a user-agent-managed site-specific exception [on Andy Zeigler - due 2011-11-08]. 22:16:11 -[Microsoft] 22:16:44 ACTION: simpson to write up a proposal for a site-managed (via cookie or other mechanism) site-specific exception (with hober) 22:16:44 Created ACTION-32 - Write up a proposal for a site-managed (via cookie or other mechanism) site-specific exception (with hober) [on John Simpson - due 2011-11-08]. 22:17:29 Frank has joined #dnt 22:17:33 Josh_Soref has left #dnt 22:17:38 Frank_ has joined #DNT 22:18:38 Frank_ has joined #DNT 22:23:04 aleecia has joined #dnt 22:32:43 Frank has joined #DNT 22:49:21 enewland has joined #dnt 22:49:56 fielding has joined #dnt 22:57:18 npdoty has joined #dnt 22:57:29 aleecia has joined #dnt 22:59:40 + +1.617.320.aadd 23:00:30 +[Microsoft] 23:00:44 Julian has joined #dnt 23:01:08 npdoty has joined #dnt 23:01:08 aleecia has joined #dnt 23:01:15 +Patty 23:02:36 Shane is now scribe 23:03:16 scribenick: WileyS 23:03:23 Zakim, who's talking? 23:03:25 Aleecia: Looking at dates available for the group to meet - week of Jan 16th and Jan 23rd 23:03:33 npdoty, listening for 10 seconds I heard sound from the following: tpac (36%), [Microsoft] (4%) 23:03:54 Location TBD 23:04:29 Someplace in Europe (default to Brussels at this time) 23:04:59 hwest has joined #dnt 23:05:45 Roy has issues with Jan 17 - 19th - need our Editors there 23:05:55 Looking at the week of Jan 23rd 23:06:10 will send out a Doodle poll soon 23:06:38 Aleecia: What happens next? Nothing will be published this week due to TPAC but will occur soon after 23:06:59 Aleecia: We may receive feedback from Community Groups from these initial drafts 23:07:57 Aleecia: From the deadlines in the charter we have slipped a month - will update the calendar to reflect this 23:08:09 Kai has joined #dnt 23:08:51 Tom: 1st public working draft - we'll continue to work in the meantime. The "Last Call Working Draft" will be what we work on in Jan 23:09:11 Aleecia: Publish LCWD in late Jan/early Feb 23:09:30 Aleecia: Can see the process and schedule at the web site 23:10:03 Aleecia: Any questions? (None in the room) 23:10:29 Aleecia: Weekly calls are still on (not tomorrow) - the mailing list as well 23:10:54 Aleecia: Okay with mailing list freeform for now but this will become more directed to be more productive as we move forward 23:11:23 Tom: We have a bunch of issues that are open - how do we close those? 23:11:51 Aleecia: These will be addressed over time (some may be related, 20 is too many to address via mailing list) 23:12:43 Aleecia: We can expect to open more issues as time goes by and begin to resolve issues via phone calls and mailing list 23:13:10 Aleecia: This is a lot of work to do by Jan 23:13:57 tlr has joined #dnt 23:14:11 Matthias: Thank you for coming all the way to Santa Clara, the constructive atmosphere, and I believe we made a lot of progress (more than I expected) - I'm very happy. I hope we can continue the pace and close all of the open issues. 23:14:46 Matthias: Thank you to the Editors! (much clapping) 23:15:01 johnsimpson has left #dnt 23:15:04 Aleccia: Much thanks to Nick! (much clapping) 23:15:15 This meeting is adjorned! 23:15:18 -[Microsoft] 23:15:40 s/Aleccia/Aleecia/ 23:15:43 -Patty 23:15:48 trackbot, end meeting 23:15:49 Zakim, list attendees 23:15:49 As of this point the attendees have been tpac, +1.631.223.aaaa, [Microsoft], Patty, MikeZaneis, +1.631.223.aabb, Lia_FPF, +1.202.656.aacc, +1.617.320.aadd 23:15:49 RRSAgent, please draft minutes 23:15:49 I have made the request to generate http://www.w3.org/2011/11/01-dnt-minutes.html trackbot 23:15:51 RRSAgent, bye 23:15:51 I see 5 open action items saved in http://www.w3.org/2011/11/01-dnt-actions.rdf : 23:15:51 ACTION: tom, heather, and ian to propose a header/uri hybrid solution by tuesday [1] 23:15:51 recorded in http://www.w3.org/2011/11/01-dnt-irc#T21-44-30 23:15:51 ACTION: tl to propose a header/uri hybrid for server responses (with west and ifette) [2] 23:15:51 recorded in http://www.w3.org/2011/11/01-dnt-irc#T21-46-05 23:15:51 ACTION: andyzei to write up a proposal for a user-agent-managed site-specific exception [3] 23:15:51 recorded in http://www.w3.org/2011/11/01-dnt-irc#T22-15-24 23:15:51 ACTION: zeigler to write up a proposal for a user-agent-managed site-specific exception [4] 23:15:51 recorded in http://www.w3.org/2011/11/01-dnt-irc#T22-15-57 23:15:51 ACTION: simpson to write up a proposal for a site-managed (via cookie or other mechanism) site-specific exception (with hober) [5] 23:15:51 recorded in http://www.w3.org/2011/11/01-dnt-irc#T22-16-44