Tracking Protection Working Group Teleconference

09 Nov 2011

See also: IRC log


+1.408.674.aaaa, aleecia, +49.721.913.74.aabb, sidstamm, +1.646.825.aacc, +1.609.981.aadd, +1.310.292.aaee, sid, [Microsoft], +1.949.483.aaff, dwainberg, +1.202.326.aagg, +1.813.366.aahh, efelten, tl, +1.408.349.aaii, JonSimpson, +1.202.629.aajj, +1.202.637.aakk, +1.212.631.aall, +1.813.366.aamm, +1.508.655.aann, alex, Jennifer, +1.619.846.aaoo, justin, fielding, +1.510.859.aapp, npdoty, karl, hober, +1.650.253.aaqq, [IPcaller], [Mozilla], adrianba, +1.650.862.aarr, +1.516.695.aass, +1.202.684.aatt, jmayer, BrianTs, pde, +1.760.705.aavv, +1.202.263.aaww, +1.646.654.aaxx, +49.175.181.aayy, Frankie
sidstamm, dwainberg


<aleecia> heh

<dsriedel> I can help with that

<aleecia> I'm a little surprised by how few of us there are, and to be the only person on the call

<dsriedel> no!

<dsriedel> is there a way to reset sidstamm?

<dsriedel> he has my phonenumber registered

<aleecia> (Nick, can you help Sid?)

<aleecia> http://www.w3.org/2011/10/26-dnt-minutes

<npdoty> scribenick: sidstamm

<aleecia> http://www.w3.org/2011/10/31-dnt-minutes.html

<aleecia> http://www.w3.org/2011/11/01-dnt-minutes.html

<aleecia> comments?

aleecia: how is availability for 23rd Nov for conference call (via hum by phone)?

various: ::humming::

<hwest> I may have trouble making the 23rd

<aleecia> cannot make 23rd:


<Chris> cannot

<hober> +1

<karl> 23rd ok

<dwainberg> +1

<kimon> +1

<aleecia> can make:

<enewland> +1

<efelten> +1

<carmenb> +1

<npdoty> +1

<jkaran> +1

<vincent> +1

<WileyS> +1

<Frank> +1

<andyzei> +1

<justin> +1

<alex> +1

<fielding> +1

<Johnsimpson> Can do

aleecia: will keep phone call on the 23rd

<Frankie> 23rd ok

WileyS: the following week (30th) will be lite due to IAPP event

<aleecia> http://www.w3.org/2011/tracking-protection/track/actions/

WileyS: action 17 was done in the meeting notes, captured in the most recent compliance draft
... will close out action 17

<karl> -> actions open http://www.w3.org/2011/tracking-protection/track/actions/open

<aleecia> ACTION: aleecia to ping peter re: action-20 [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action01]

<trackbot> Created ACTION-33 - Ping peter re: action-20 [on Aleecia McDonald - due 2011-11-16].

aleecia: jmayer will close action regarding 1st vs 3rd party

<pde> npdoty: no, though I can join

aleecia: asks various members to update actions, thanks for your work on them

<karl> congratulations for the work on editing the document!

Discussion of FPWD publication (including short names)

<pde> aleecia, I just joined the call if you want to ask about that open action again

<carmenb> timing for submitting comment for press release?

aleecia: members should send comments about press release to ian at w3c

<carmenb> got it

<Johnsimpson> They have opened up press release for view to IEs

<npdoty> invited experts also now have ACL permission to at least see that press release draft

karl: draft titles should be changed now if we want to change short names (it is easier due to links)

tl: not much value in changing the names now, wouldn't mind revisiting once the content is more sorted out

aleecia: we can change them later

<aleecia> ach karl

aleecia: we should tackle now if we don't need to wait for the contents of the documents to get sorted out

karl: yeah, can be done in the future, but there will be more confusion if we change it after FPWD because of wider distribution of original names

adrianba: agree with karl about the short name change (now is better than later)
... compliance is an overloaded term and not necessarily what we mean

<karl> http://lists.w3.org/Archives/Public/public-tracking/2011Nov/0060.html

<Johnsimpson> What are the proposed names?

<dsriedel> I had issues translating this into German too, explaining it well...

<npdoty> current shortnames are tracking-dnt and tracking-compliance

<karl> Happy with that resolution

aleecia: proposes to change short names but leave titles as they are and revisit later when we're F2F and have a better idea of document contents

<npdoty> proposed short names are tracking-syntax and tracking-definition

npdoty: happy to discuss short names on the list, but prefers existing to karl's suggestions

aleecia: consensus is to discuss short names on list and leave titles alone for now

<Johnsimpson> Curent short names are?.

<karl> Johnsimpson, see the http://lists.w3.org/Archives/Public/public-tracking/2011Nov/0060.html

<npdoty> current shortnames are tracking-dnt and tracking-compliance; proposed short names are tracking-syntax and tracking-definition

<Johnsimpson> Thanks, Karl

How and when to re-open a closed issue

aleecia: we don't want to reopen issues for members who join after the issues are closed. To reopen, state concern and proposal for change, chairs will decide whether or not to reopen issue.
... new information required to propose reopening issue, must provide information new to the group (not yet considered by the group)

Frankie: not always able to follow the whole discussion. potentially one member's "new information" might have already been considered by the group. wants to reinvent discussions with old arguments.

aleecia: if you missed discussion of an item, but the group tackled it, it's too late.
... contentious discussions will be long-lasting, and it is not likely you will miss them

<karl> Search archives for discussions

<karl> History of issues http://www.w3.org/2011/tracking-protection/track/issues

<aleecia> ach karl

<Frankie> thanks for clarification, aleecia. thanks karl - we will solve its in this way.

<karl> + search box http://lists.w3.org/Archives/Public/public-tracking/

karl: read up on old discussions via issues list, which has good chronological pointers to discussion

<dwainberg> scribenick dwainberg

Issue-10: What is a first party?

<npdoty> scribenick: dwainberg

aleecia: we have something close

tl: edge cases in proposals we haven't covered. don't want to let those hold things up.

aleecia: we have overall consensus of what a first party is

<fielding> I'd appreciate more time to review the proposals before we ask for consensus on these.

dwainberg: not part of the consensus; issue is consent and scope of consent

aleecia: we agreed in f2f we would start down this path and see where it goes

jmayer: one consensus emerging is that 1st and 3rd party means whatever we says it means, so not incompatible

aleecia: we may look at this at some point and realize we've moved away from it
... do we have the right decision points?
... I think we did have a pretty strong agreement that this was the path to go down.

<carmenb> +1 to jonathan - 1st and 3rd party is just terminology to describe user consent

<justin> Then let's talk about the substantive decision points. Let's please not keep talking about what we name things . . .

amyc: caution about rushing into consensus. How is the list of questions a definition? Is the spec going to contain scenarios?

<karl> it is possible to have non normative User stories for illustrating

aleecia: to reiterate, we have text that came up before santa clara. we have close to good language on the spec side, and good lang on intent and examples, so taking these pieces together
... we start to get something that looks like a good piece to go into the draft

<karl> example of user stories in a document http://www.w3.org/TR/2004/NOTEq-a-handbook-20041122/#introduction

<jmayer> ingredients of the seemingly developing consensus: an objective test, about user expectations and intent

aleecia: if we get through these, would ask jmayer and tl to work together to merge this into a draft

<karl> another example of user story http://www.w3.org/TR/webarch/#intro

amyc: that sounds good; just want to make sure we're not agreeing on this call to a consensus.

tl: wants amyc to point out the further examples she wants addressed.
... having a list of examples is illustrative and helps prevent getting into a rat-holey description, but valuable for those considering implementation.

<amyc> agree that list of examples is helpful to include to help flesh out eventual definition

<karl> sections can be marked up to be non-normative, normative

tl: will work with jmayer to clean it up

aleecia: one other thing on the thread was a suggestion to approach as a 3 part discussion: non-binding discussion, implementable in precise standards language, and then illustrations

<jmayer> ACTION: jmayer to Draft Near-Consensus First Party vs. Third Party Section with tl [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action02]

<trackbot> Created ACTION-34 - Draft Near-Consensus First Party vs. Third Party Section with tl [on Jonathan Mayer - due 2011-11-16].

aleecia: any other comments on issue 10?
... none - moving on
... moving on to issue 88

different rules for impression and interaction

jmayer: similar to 1st 3rd party distinction

WileyS: agrees with jmayer; in language we capture this as meaningful or material interaction
... more difficult in an objective way to define the line
... we should expect it's never going to be completely bright

<justin> There's draft language in the FPWD on what constitutes a "meaningful interaction" with third-party content to convert to 1P right now.

WileyS: hopefully companies will make the right choice

<jmayer> we can say things about ambiguity

<jmayer> for example, if it's unclear whether you're a 1P or 3P, assume you're a 3P

<karl> we can't test things with ambiguity

aleecia: what we can test is a party says it's a first party and acts as a first party
... some of this will not be part of w3c; it will come with independent testing or ftc

tl: on testability, this is a non-technical component of the standard. this is a policy decision. we have to give up the hope that everything will be verifiable.

aleecia: there are ways to test things not automated. we can test for 3rd party interactions.

<aleecia> more… space… between… words?

karl: to clarify, was not talking about auto testing. we have cases like accessibility guidelines, where we can have human testing. it has to be testable.

aleecia: what would be untestable?
... we can handle this by saying all interactions are by default 3rd party,

alex: related to this issue, we have agreed on a balanced approached, and it seems to me we're seeing everything from the user/website perspective, and we have defined 1st/3rd along those lines

<justin> This isn't a first-party, third-party question --- this goes to the exceptions to tracking

alex: use case of Product A that wants to advertise on various websites, and wants to measure reach, frequency, etc.

<justin> Your use case is clearly a third party, this question is addressed elsewhere.

<jmayer> that is, what justin said

<carmenb> an advertiser is a 3rd party

alex: clarifying...wants to see discussion around the point of view of the advertiser and how the advertiser is viewed in this 1st vs 3rd party ecosystem

<karl> advertiser as a class of products

alex: how is an advertiser able to have metrics around an ad.

<Frankie> right, Jonathan !

aleecia: company is most likely to have a relationship with an advertising company. this gets into potential exceptions.

<jmayer> 1P vs. 3P: "What interactions are we going to impose some privacy limits on?"

<jmayer> Tracking: "What limits are we going to impose?"

aleecia: users perspective vs companies perspective; is you're implementing DNT how do you say you're getting a lighter touch as a 1st party.
... you know that because of way users interact

<fielding> another way to think of it: what use cases do we need to guide advertising networks with regard to tracking for the purpose of frequency capping, measuring reach, etc.?

<karl> user - network infrastructure - primary companies - services companies (including ads companies) with blurry lines in between those

<jkaran> raising my pencil q+

alex: problem is how will the advertising agency, if treated as a 3rd party, how will it consolidate data across websites to get a single picture?

<Frankie> goes all around purposes of collecting data...

<justin> Look at the FPWD: there are exceptions for tracking for third-parties like ad networks (sec 3.4) http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html

<jules> so these are the issues i described during my brief presentation about the non 'behavioral" third party ad metric, ad delivery uses

jkaran: can explain some of how this works

aleecia: we can take this up offline or later
... we are close to being able to get text on issue 10, and in doing so will address 88 and 26, when and how does a 3rd party become treated as a first party.
... now to issue 4
... what is the default for dnt in a client config
... should there be a state of sending that the user has not made a choice

<carmenb> please link blog

<aleecia> Google says: http://blog.mozilla.com/privacy/2011/11/09/dnt-cannot-be-default/

<aleecia> er, google search turns up <url>

tl: issue is more about server defaults; less clear what you should do when you do not get a dnt signal. not valuable to us to know when user has not made a choice. what server should do with no signal is up to the server.
... user agents should not say things the user hasn't told them to say

pde: if there was an indication that browsers would turn it on by default we might have to discuss it, but otherwise not an issue

<tl> correction: user agents should not say things on behalf of the user which do not represent what the agent thinks the user wants

WileyS: there probably will be use cases in the real world where dnt is changed w/out user's action. so, in employer case, how will servers deal? race conditions in that case when sites ask for permission?

<pde> aleecia, perhaps a NN bill passed in the Netherlands?

<aleecia> summary of options: (1) we say nothing, (2) agents SHOULD not speak for users who have not had a choice, (3) agents MUST not speak for users who have not made a choice

jmayer: softer touch approaches: what happens if on install of browser a pref dialog pops up asking if user wants it on? a lot of room for design in that space, so if the principle
... is that we don't want a world where dnt enabled by default a rule about what a browser can do is going to get us there.

aleecia: we have 15 mins left, and probably will not come to a decision. how do we move this forward?

<aleecia> zakim who is speaking?

<karl> an echo feature would send back to the user the DNT header seen by the server, so the user (browser) would know if the header has been modified along the way

aleecia: does the ability to turn dnt on and off address the point, or was there more?

<fielding> karl, a user can go to a website that can send back the header setting in content -- that is a simple CGI script. There is no need for it in the protocol.

Frankie: what do we do if the user agent says nothing? from the legal point of view, if the user agent says nothing the user can be tracked.

aleecia: we don't do laws, so this is something that might be decided country by country.

<kimon> can you put me on speaker queu?

Frankie: we need a switch that's on or off. the question is the default setting will depend on legal; there can be no standard.

<scribe> ACTION: Frankie will write up a proposal wrt default settings [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action03]

<trackbot> Sorry, couldn't find user - Frankie

<Frankie> trackbot its me

andyzei: what about shared PCs other environments? we need a definition of user.

ISSUE: what is a user?

<trackbot> Created ISSUE-100 - What is a user? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/100/edit .

<aleecia> issue: what is a user? add to defns

<trackbot> Created ISSUE-101 - What is a user? add to defns ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/101/edit .

<scribe> ACTION: Frankie to write proposal wrt default settings [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action04]

<trackbot> Sorry, couldn't find user - Frankie

kimon: scared by the prospect of having the legislate dnt; unless it's off by definition everywhere, we're going to have real difficulties.

<aleecia> who is talking?

<scribe> ACTION: kimon and Frankie will write up proposals wrt to default settings [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action05]

<trackbot> Sorry, couldn't find user - kimon

<Frankie> sorry karl...

aleecia: any other comments?

<kimon> kimon=vp@iabeurope.eu

aleecia: next meeting chaired by Matthias, and will look at the header

<Frankie> frankie= frank.wagner@telekom.de

<aleecia> thank you to scribes!

<adrianba> thank you chair

Summary of Action Items

[NEW] ACTION: aleecia to ping peter re: action-20 [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action01]
[NEW] ACTION: Frankie to write proposal wrt default settings [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action04]
[NEW] ACTION: Frankie will write up a proposal wrt default settings [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action03]
[NEW] ACTION: jmayer to Draft Near-Consensus First Party vs. Third Party Section with tl [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action02]
[NEW] ACTION: kimon and Frankie will write up proposals wrt to default settings [recorded in http://www.w3.org/2011/11/09-dnt-minutes.html#action05]
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2011/11/17 05:19:24 $