08:57:52 RRSAgent has joined #dnt 08:57:52 logging to http://www.w3.org/2012/01/25-dnt-irc 08:57:57 ISSUE-7 closed 08:57:58 ISSUE-7 What types of tracking exist, and what are the use cases for these types of tracking? closed 08:58:02 ISSUE-8 closed 08:58:02 ISSUE-8 How do we enhance transparency and consumer awareness? closed 08:58:04 issue-9 closed 08:58:05 ISSUE-9 Understand all the different first- and third-party cases. closed 08:58:35 issue-7: lack of interest at 2012-01-26 meeting 08:58:35 ISSUE-7 What types of tracking exist, and what are the use cases for these types of tracking? notes added 08:58:38 issue-8: lack of interest at 2012-01-26 meeting 08:58:38 ISSUE-8 How do we enhance transparency and consumer awareness? notes added 08:58:42 issue-9: lack of interest at 2012-01-26 meeting 08:58:43 ISSUE-9 Understand all the different first- and third-party cases. notes added 08:58:53 issue-12: lack of interest at 2012-01-26 meeting 08:58:54 ISSUE-12 How does tracking require relation to unique identities, pseudonyms, etc.? notes added 08:58:58 issue-12 closed 08:58:59 ISSUE-12 How does tracking require relation to unique identities, pseudonyms, etc.? closed 09:00:03 ISSUE-16: discussed collection vs retention, not otherwise needed 09:00:04 ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) notes added 09:00:34 issue-16 closed 09:00:35 ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) closed 09:01:13 issue-20: touch upon unidentified / unidentifiable in compliance; Shane: challenge to write text 09:01:13 ISSUE-20 Different types of data, what counts as PII, and what definition of PII notes added 09:01:30 issue-20: touch upon unidentified / unidentifiable in compliance; Shane: challenge to write text 09:01:30 ISSUE-20 Different types of data, what counts as PII, and what definition of PII notes added 09:01:33 issue-20 closed 09:01:33 ISSUE-20 Different types of data, what counts as PII, and what definition of PII closed 09:03:03 ACTION: kevin to produce draft for ISSUE-21 09:03:03 Sorry, amibiguous username (more than one match) - kevin 09:03:03 Try using a different identifier, such as family name or username (eg. ktrilli2, ksmith5) 09:03:08 ACTION: trilli to produce draft for ISSUE-21 09:03:09 Created ACTION-55 - Produce draft for ISSUE-21 [on Kevin Trilli - due 2012-02-01]. 09:03:49 ISSUE-21: jonathan mayer: difference between response header and technical verification is what brought this up initially. 09:03:49 ISSUE-21 Enable external audit of DNT compliance notes added 09:07:03 ACTION: mayer to draft text for issue-28 09:07:03 Created ACTION-57 - Draft text for issue-28 [on Jonathan Mayer - due 2012-02-01]. 09:07:16 ACTION: amy to draft text for issue-28 09:07:16 Created ACTION-58 - Draft text for issue-28 [on Amy Colando - due 2012-02-01]. 09:08:02 npdoty has joined #dnt 09:08:36 issue-33: likely duplicate 09:08:36 ISSUE-33 Complexity of user choice (are exemptions exposed to users?) notes added 09:08:50 ACTION: npdoty to find duplicate for ISSUE-33, add note 09:08:50 Created ACTION-59 - Find duplicate for ISSUE-33, add note [on Nick Doty - due 2012-02-01]. 09:08:54 issue-35? 09:08:54 ISSUE-35 -- How will DNT interact with existing opt-out programs (industry self-reg, other)? -- raised 09:08:54 http://www.w3.org/2011/tracking-protection/track/issues/35 09:09:07 issue-38 closed 09:09:07 ISSUE-38 Granularity for different people who share a device or browser closed 09:09:50 issue-41 closed 09:09:50 ISSUE-41 Consistent way to discuss tracking with users (terminology matters!) closed 09:10:09 issue-43: addressed by site-specific exceptions 09:10:10 ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track notes added 09:10:12 issue-43 closed 09:10:12 ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track closed 09:10:33 trackbot, reopen issue-43 09:10:34 ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track re-opened 09:10:54 ACTION: npdoty to find out whether ISSUE-43 is a duplicate (and of what) 09:10:55 Created ACTION-60 - Find out whether ISSUE-43 is a duplicate (and of what) [on Nick Doty - due 2012-02-01]. 09:11:33 ACTION-60: close issue-43 with appropriate annotation 09:11:33 ACTION-60 Find out whether ISSUE-43 is a duplicate (and of what) notes added 09:11:38 issue-45? 09:11:38 ISSUE-45 -- Companies making public commitments with a "regulatory hook" for US legal purposes -- raised 09:11:38 http://www.w3.org/2011/tracking-protection/track/issues/45 09:12:17 mischat has joined #dnt 09:13:10 action: tl to write no-change proposal for ISSUE-45 09:13:10 Sorry, amibiguous username (more than one match) - tl 09:13:10 Try using a different identifier, such as family name or username (eg. tleung2, tlowenth) 09:13:29 action: lowenthal to write no-change proposal for ISSUE-45 09:13:30 Created ACTION-61 - Write no-change proposal for ISSUE-45 [on Thomas Lowenthal - due 2012-02-01]. 09:13:32 ACTION: mayer to write "text in privacy policy" proposal for ISSUE-45 09:13:32 Created ACTION-62 - Write "text in privacy policy" proposal for ISSUE-45 [on Jonathan Mayer - due 2012-02-01]. 09:14:10 issue-54? 09:14:10 ISSUE-54 -- Can first party provide targeting based on registration information even while sending DNT -- open 09:14:10 http://www.w3.org/2011/tracking-protection/track/issues/54 09:17:20 issue-15? 09:17:20 ISSUE-15 -- What special treatment should there be for children's data? -- open 09:17:20 http://www.w3.org/2011/tracking-protection/track/issues/15 09:18:18 ISSUE-15: consensus this is not an issue we take on specifically; fall back to applicable law 09:18:18 ISSUE-15 What special treatment should there be for children's data? notes added 09:18:50 issue-15 pending review 09:19:03 issue-15 closed 09:19:03 ISSUE-15 What special treatment should there be for children's data? closed 09:19:15 issue-36? 09:19:15 ISSUE-36 -- Should DNT opt-outs distinguish between behavioral targeting and other personalization? -- open 09:19:15 http://www.w3.org/2011/tracking-protection/track/issues/36 09:19:16 issue-36? 09:19:16 ISSUE-36 -- Should DNT opt-outs distinguish between behavioral targeting and other personalization? -- open 09:19:16 http://www.w3.org/2011/tracking-protection/track/issues/36 09:22:31 ACTION: lowenthal to write counter-proposal for issue-36 09:22:32 Created ACTION-63 - Write counter-proposal for issue-36 [on Thomas Lowenthal - due 2012-02-01]. 09:24:41 ISSUE-36: current text intended *specifically* for third parties 09:24:42 ISSUE-36 Should DNT opt-outs distinguish between behavioral targeting and other personalization? notes added 09:26:31 I think we probably need different action items for different counter-proposals 09:26:54 jeff, ninja, nick, tom are the interested parties for issue-36 counter-proposals 09:27:08 ISSUE-36: JeffC, ninja, Nick, Tom will review action 09:27:08 ISSUE-36 Should DNT opt-outs distinguish between behavioral targeting and other personalization? notes added 09:27:13 issue-39? 09:27:13 ISSUE-39 -- Tracking of geographic data (however it's determined, or used) -- open 09:27:13 http://www.w3.org/2011/tracking-protection/track/issues/39 09:28:44 rigo has joined #dnt 09:30:47 issue-39: historic data covered; real-time use out of scope 09:30:48 ISSUE-39 Tracking of geographic data (however it's determined, or used) notes added 09:32:57 ISSUE-16 reopened 09:33:02 trackbot, reopen ISSUE-16 09:33:02 ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) re-opened 09:33:14 SW: issue 63 is out of scope of DNT 09:33:28 ACTION: jonathan to propose new text for ISSUE-16 09:33:28 Created ACTION-64 - Propose new text for ISSUE-16 [on Jonathan Mayer - due 2012-02-01]. 09:33:39 ACTION: lowenthal to propose clarification on ISSUE-39 09:33:39 Created ACTION-65 - Propose clarification on ISSUE-39 [on Thomas Lowenthal - due 2012-02-01]. 09:33:48 ACTION: chester to propose counterproposal for ISSUE-39 09:33:48 Created ACTION-66 - Propose counterproposal for ISSUE-39 [on Jeffrey Chester - due 2012-02-01]. 09:33:56 issue-16: Jonathan to propose new text 09:33:56 ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) notes added 09:33:57 rigo has joined #dnt 09:35:21 ACTION: justin to propose text on ISSUE-39 09:35:22 Created ACTION-67 - Propose text on ISSUE-39 [on Justin Brookman - due 2012-02-01]. 09:36:01 issue-54? 09:36:01 ISSUE-54 -- Can first party provide targeting based on registration information even while sending DNT -- open 09:36:01 http://www.w3.org/2011/tracking-protection/track/issues/54 09:37:06 rigo has joined #dnt 09:37:40 SW: can third parties use registration information from first party 09:37:59 SH: need to generalize beyond first registration data 09:37:59 Jeff: DNT should trump 09:38:08 Sean: this is more than registration data 09:38:25 Justin: information is not covered. That needs to be clarified 09:38:29 ACTION: justin to provide text on ISSUE-54 09:38:30 Created ACTION-68 - Provide text on ISSUE-54 [on Justin Brookman - due 2012-02-01]. 09:38:59 action-68: we need to clarify that data collected while you're a first party can't be used later as a third-party (in a third-party ad context, for example) 09:38:59 ACTION-68 Provide text on ISSUE-54 notes added 09:39:22 SW: argue that use of registration information in should only happen in first-party contexts 09:39:29 s/ in/ / 09:39:31 MS: if advertising on Yahoo as first party, this trumps DNT signal 09:40:32 SW: we have some out of band agreement to have photo logged on Blog. That will be conflict with DNT 09:40:43 ... explicit consent will trump DNT 09:41:09 TL: agree, but difference with real consent and some general conditions 09:41:30 Sean; specific registration, suggest to close this issue 09:41:33 ACTION: harvey to propose renaming issue-54 09:41:33 Created ACTION-69 - Propose renaming issue-54 [on Sean Harvey - due 2012-02-01]. 09:41:52 Andy: we have issue 65 09:42:30 issue-65? 09:42:30 ISSUE-65 -- How does logged in and logged out state work -- open 09:42:30 http://www.w3.org/2011/tracking-protection/track/issues/65 09:42:32 JC: if we do that all social widgets will be disabled 09:43:28 TL: disagreed with the premise, disagreed to have anything in the text 09:43:29 ACTION: lowenthal to review andy's text on issue-65 09:43:30 Created ACTION-70 - Review andy's text on issue-65 [on Thomas Lowenthal - due 2012-02-01]. 09:44:08 ACTION: zeigler to link previous text proposal from issue-65 09:44:08 Created ACTION-71 - Link previous text proposal from issue-65 [on Andy Zeigler - due 2012-02-01]. 09:44:23 MS: to Tom, if you find to agree with Andy just send empty counterproposal 09:44:49 issue-95? 09:44:49 ISSUE-95 -- May an institution or network provider set a tracking preference for a user? -- pending review 09:44:49 http://www.w3.org/2011/tracking-protection/track/issues/95 09:44:51 issue-95? 09:44:51 ISSUE-95 -- May an institution or network provider set a tracking preference for a user? -- pending review 09:44:51 http://www.w3.org/2011/tracking-protection/track/issues/95 09:45:10 SW: intermediaries that should not modify signal 09:45:28 action-71: Andy had already written a draft shared with Tom and some revisions, but would be good to link that directly to issue-65 09:45:29 ACTION-71 Link previous text proposal from issue-65 notes added 09:45:46 AM: not to be discussed now. Matthias business 09:45:54 issue-74? 09:45:54 ISSUE-74 -- Are surveys out of scope? -- raised 09:45:54 http://www.w3.org/2011/tracking-protection/track/issues/74 09:46:04 issue-25? 09:46:04 ISSUE-25 -- Possible exemption for research purposes -- pending review 09:46:04 http://www.w3.org/2011/tracking-protection/track/issues/25 09:46:12 issue-74? 09:46:12 ISSUE-74 -- Are surveys out of scope? -- raised 09:46:12 http://www.w3.org/2011/tracking-protection/track/issues/74 09:46:41 AM: action on me 09:46:51 action: kathy to review aleecia's draft on issue-25, issue-74 09:46:52 Created ACTION-72 - Review aleecia's draft on issue-25, issue-74 [on Kathy Joe - due 2012-02-01]. 09:46:59 Kathy offers to review that text 09:47:20 AM: please send directly to the mailing list 09:47:43 issue-74: could also connect to the Market Research exception discussed 24 January 2012 09:47:44 ISSUE-74 Are surveys out of scope? notes added 09:48:22 issue-91? 09:48:22 ISSUE-91 -- Might want prohibitions on first parties re-selling data to get around the intent of DNT -- pending review 09:48:22 http://www.w3.org/2011/tracking-protection/track/issues/91 09:49:10 Justin: 4.1 of compliance spec 09:49:28 issue-91 closed 09:49:29 AM: propose to close the issue 09:49:29 ISSUE-91 Might want prohibitions on first parties re-selling data to get around the intent of DNT closed 09:49:48 Resolution: current text accepted 09:50:33 issue-91: closed as per the existing text "If an operator of a first party domain stores a request to which a [DNT-ON] header is attached, that operator must not transmit information about that stored communication to a third party, outside of the explicitly expressed exceptions as defined in this standard." 09:50:33 ISSUE-91 Might want prohibitions on first parties re-selling data to get around the intent of DNT notes added 09:50:57 AM: editorial pass at the end of the process to get wording in line 09:51:07 AM: what is a user? 09:51:20 Ninja: Tom and I are still working on this 09:51:25 issue-91? 09:51:25 ISSUE-91 -- Might want prohibitions on first parties re-selling data to get around the intent of DNT -- closed 09:51:25 http://www.w3.org/2011/tracking-protection/track/issues/91 09:51:44 issue-101? 09:51:44 ISSUE-101 -- What is a user? add to defns -- pending review 09:51:44 http://www.w3.org/2011/tracking-protection/track/issues/101 09:53:11 TL: Please put deadline on me and Ninja to come up with a wording until 3 Feb 09:53:28 the action is action-40 09:53:30 AM: issue-101 move from pending to open 09:53:44 action-101? 09:53:44 ACTION-101 does not exist 09:53:52 ISSUE-101? 09:53:52 ISSUE-101 -- What is a user? add to defns -- open 09:53:52 http://www.w3.org/2011/tracking-protection/track/issues/101 09:53:59 issue-104? 09:53:59 ISSUE-104 -- Could use a better defn of user agent, rather than browser -- pending review 09:53:59 http://www.w3.org/2011/tracking-protection/track/issues/104 09:54:18 AM: good text that came in from Roy. 09:54:35 issue-104 closed 09:54:36 ISSUE-104 Could use a better defn of user agent, rather than browser closed 09:54:43 AM close issue 104 09:54:55 ISSUE-104: section 3.11 user agent 09:54:55 ISSUE-104 Could use a better defn of user agent, rather than browser notes added 09:55:02 3.11 text accepted 09:55:58 DS: exception and exemption are not used consistently 09:56:18 AM: used in different ways, I'm mixed up too 10:07:19 aleecia has joined #dnt 10:24:39 fwagner has joined #dnt 10:36:14 tlr has joined #dnt 10:36:51 fwagner has joined #dnt 10:37:16 topic: excitement 10:37:51 npdoty has joined #dnt 10:38:55 rvaneijk has joined #dnt 10:38:59 scribenick: npdoty 10:39:03 topic: What are we doing here? 10:39:15 aleecia: some things that I've heard 10:39:23 Aleecia: Do Not Track profile 10:39:32 ... Do not X-site track 10:39:39 ... Do Not Profile -- continue to collect, but don't profile 10:39:45 ... Do Not Cross-site Track 10:39:53 ... Do Not Cross Time Track 10:40:14 tl has joined #dnt 10:40:45 jmayer has joined #dnt 10:41:06 rigo: a scenario where somebody visits a site on medical information to inform himself, and this is shared with his insurance which affects his fees when they assume that he's sick 10:41:15 ... a pure 1st-party scenario 10:41:28 ... can or should Do Not Track address that 10:41:29 ? 10:42:34 aleecia: discuss this list or add to the categories first; later we can look at specific use cases 10:42:55 dsinger: do not build a database? is that different than "Do Not Profile"? 10:43:17 jimk: about data collection/retention, unlike the others 10:43:40 WileyS: I think do-not-profile can be characterized in that way 10:43:54 tl: treat me as someone about whom you know nothing and remember nothing about me 10:44:14 aleecia: every impression is a first impression, like "Do Not Track Across Time" 10:44:34 fielding: tl, do you intend that to also include 1st parties? 10:45:03 tl: this would only apply if I didn't intend to communicate with you, so 1st parties would be exempt 10:45:34 sean: concerned about 1st/3rd party distinction for these 10:46:06 dsinger: we can separately define the exceptions to tracking, but the definition of tracking is under discussion now 10:46:29 fielding: applying to ePrivacy directive 10:46:41 ... including the first party issues that have to do with setting cookies 10:47:02 ... setting cookies as a first party under the ePrivacy directive might be something we're trying to address here 10:47:39 rigo: recording consent in the first party context 10:48:38 10:49:20 rvaneijk: tracking is "following user behavior across sites" 10:50:20 mzaneis: pretty clear that the Internet is based on data collection; everybody collects data and everybody tracks 10:51:01 karl: distinction of cross-site tracking between companies or by services 10:51:12 jmayer: If your views on web privacy reduce to one word, you are part of the problem, not part of the solution. 10:51:31 johnsimpson: do not track should mean do not collect 10:53:13 wileys: "do not target", even if it's not going to be popular in the room 10:53:14 rvaneijk has joined #dnt 10:54:52 vtoubiana: if do not profile means do not remember? 10:55:04 vincent: would recommend-- remember my interests, but not the sites that I visited 10:55:07 JC: pulling profiles out of a log file is different 10:55:15 scribe not sure he got that one right 10:55:31 DGINFSO: identifyability is enough of a disctinction 10:55:32 alex: do not collect data unique to a user 10:55:43 bsullivan: not including PII? 10:55:47 bryan: isn't that the same as not collecting PII? 10:56:21 aleecia: Google opt-out cookie might be an example in practice 10:56:34 ... aggregation as another potential tool 10:57:12 collection, retention, use, minimization, aggregation 10:57:17 scribe: thumbs up for Karl 10:58:08 Do Not Target: still allows collection, allows retention, has a use limitation, could have minimization, aggregation unlikely 10:58:32 Do Not Profile: allows collection, allows retention, use limitation 11:01:10 Do Not Create A Profile: limits collection, limits retention, some kind of minimization? 11:03:15 Do Not Cross Site Track (dsinger): tunnel vision, don't remember anything about the interaction except what took place between you and the user 11:03:55 ... impacts collection, impacts retention (in a different way), doesn't limit use 11:04:46 Do Not Cross Time Track / Forget Me / Don't Remember Me / a stateless service: allows collection, prohibits retention, no other changes 11:05:34 Do Not Collect Identifiable Information: affects collection and retention 11:05:46 aleecia: collection will generally always involve retention, right? 11:06:47 ... minimization and aggregation don't differentiate between these proposals 11:10:56 ninja: what's the difference between Do Not Target and Do Not Profile? 11:11:45 WileyS: Do Not Target would create a profile and keep it around in case the user changes their mind 11:12:17 Do Not Profile is just Do Not Create A Profile 11:13:10 Do Not Collect Identifiable Information might be mostly about aggregation 11:14:05 aleecia: Do Not Remember Me is the more-than-just-advertising view of Do Not Profile 11:16:00 ndoty: use limitation instead of data collection limitation 11:18:10 shane: categorisation is key in creating profiles 11:18:42 scribenick: rvaneijk 11:18:49 rigo: can data that has been collected be shared to oter parties 11:19:13 rfielding: it is ok to customize for current session 11:19:25 ... so targeting in current session based on data collected in current session 11:19:57 swiley: if we only can vote for one, then distinguise enough between options 11:21:51 no support for Do Not Target 11:22:06 some support for all others, perhaps less for the last one around which there was confusion 11:22:07 aleecia: humming result: do not target is off the list 11:23:05 action: ninja to write-up Do Not Collect Identifiable Information 11:23:06 Created ACTION-73 - Write-up Do Not Collect Identifiable Information [on Ninja Marnau - due 2012-02-01]. 11:23:18 action-73 due 02-08 11:23:18 ACTION-73 Write-up Do Not Collect Identifiable Information due date now 02-08 11:23:40 action: jeffc to write-up Do Not Create A Profile 11:23:40 Sorry, couldn't find user - jeffc 11:23:52 action: chester to write-up Do Not Create A Profile 11:23:52 Created ACTION-74 - Write-up Do Not Create A Profile [on Jeffrey Chester - due 2012-02-01]. 11:24:27 action: shane to write-up a hybrid of Do Not Profile and Do Not Cross-Site Track 11:24:27 Created ACTION-75 - Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track [on Shane Wiley - due 2012-02-01]. 11:24:58 action: kevin smith to write up Do Not Cross-Site Track 11:24:58 Sorry, amibiguous username (more than one match) - kevin 11:24:58 Try using a different identifier, such as family name or username (eg. ktrilli2, ksmith5) 11:25:11 action: ksmith5 to write up Do Not Cross-Site Track 11:25:11 Created ACTION-76 - Write up Do Not Cross-Site Track [on Kevin Smith - due 2012-02-01]. 11:25:23 action: singer to write up Do Not Cross-Site Track 11:25:23 Created ACTION-77 - Write up Do Not Cross-Site Track [on David Singer - due 2012-02-01]. 11:25:39 issue-5? 11:25:39 ISSUE-5 -- What is the definition of tracking? -- raised 11:25:39 http://www.w3.org/2011/tracking-protection/track/issues/5 11:25:59 rfielding: please attach all commonts on these action items as issue-5 11:26:07 s/commonts/comments/ 11:26:08 action: karl to write up Forget Me/ Do Not Cross Time Track 11:26:08 Created ACTION-78 - Write up Forget Me/ Do Not Cross Time Track [on Karl Dubost - due 2012-02-01]. 11:26:31 aleecia: for each, please tag with issue-5, a description and use cases 11:28:06 dsinger: implications on structure of document and use of already drafted terms 11:28:33 aleecia: will take this into account in future process of dealing with the issuelist 11:30:04 ksmith: all depends on what we are going to do. THerefor it is important to choose as a group on what we are going to do. So we can answer the question: does this text meet our objectives? 11:30:50 rvaneijk has left #dnt 11:31:08 back at 1:30 11:37:29 mischat_ has joined #dnt 12:29:01 efelten has joined #dnt 12:29:32 dsinger has joined #dnt 12:29:54 tedleung has joined #dnt 12:32:56 issue-25? 12:32:56 ISSUE-25 -- Possible exemption for research purposes -- pending review 12:32:56 http://www.w3.org/2011/tracking-protection/track/issues/25 12:33:06 efelten has joined #dnt 12:33:13 fwagner has joined #dnt 12:33:22 Joanne has joined #DNT 12:33:42 KevinT has joined #dnt 12:33:56 tlr has joined #dnt 12:34:12 aleecia has joined #dnt 12:34:48 vincent has joined #dnt 12:36:43 rvaneijk has joined #dnt 12:37:48 jmayer has joined #dnt 12:38:30 sean has joined #dnt 12:38:38 We are online baby! 12:38:44 Matthias: we now move to TPE spec 12:38:55 topic: Tracking Preference Expression issues 12:38:56 rigo has joined #dnt 12:39:04 Matthias: goal is to assign as many of the issues as possible 12:39:28 Matthias: has a list of pending items on the screen: let's go through the list together 12:40:15 ISSUE-27 - how should opt back in mechanism be decided. draft text from shane & nick. 12:41:07 Nick: overview. the idea is taht some sites may want to ask for an exception. your browser will know all of your exceptions. no need to track out of band exceptions. 12:41:36 Nick: A JS API keeps track of the exceptions asynchronously. 12:41:54 Nick: DOM property could check for exceptiosn & wouldn't need to prompt the user. 12:42:15 Nick: Exceptions limited to origin pair. while i browse site x, vendor y can "track" me 12:43:09 Adobe: does not currently pass first party info to third party, NIck/Shane: this is an open item. 12:44:01 RIgo: the way browsers work may clash with our party definitions. we need to measure pain of sticking iwth browser definitions vs benefits of enlarging first party definitions (multiple first parties, etc.) 12:45:11 NIK; spec is agnostic on how the data is stored, done on client side but client can choose how (in answer to Tom from Opera) 12:45:23 Shane: its up to each vendor to decide on the interface 12:45:35 reader has joined #dnt 12:45:43 alex_ has joined #dnt 12:45:58 Matthias: main issue: does this work where there are multiple first parties? and is the proposed format expressive enough. 12:46:28 ACTION ITEM for ISSUE 27 for Tom: validate whetherh TPE lists can be used to store opt-back-in features or not. 12:46:28 Sorry, couldn't find user - ITEM 12:47:23 ACTION ITEM for Issue 27: Shane to work with David Singer & Nick to determine whether David's party paradigm would resolve this issue. 12:47:23 Sorry, couldn't find user - ITEM 12:47:40 Shane: what you would store in the 1/3 party pair would be the parent. Nick is skeptical. 12:48:05 thx 12:48:06 rvaneijk_ has joined #dnt 12:48:28 Action: Tom to validate whether TPE lists can be used to store opt-back-in features or not 12:48:28 Sorry, couldn't find user - Tom 12:48:36 (helps to have a deadline too, like Action: Tom to make cookies by tuesday) 12:48:46 (Tom = tl) 12:49:13 rvaneijk has joined #dnt 12:49:31 No, that item was assigned to Karl? 12:49:38 yes sorry 12:50:12 Action: karl dubost to validate whether TPE lists can be use to store opt-back-in features or not 12:50:12 Created ACTION-79 - Dubost to validate whether TPE lists can be use to store opt-back-in features or not [on Karl Dubost - due 2012-02-01]. 12:51:02 Action: dsinger with shane to determine whether dave singer's new party paradigm would be a solution for Issue 27 12:51:02 Sorry, couldn't find user - dsinger 12:51:11 Chapell has joined #DNT 12:51:35 Action: david singer and shane wiley to determine whether dave singer's paradigm on parties would be a solution for Issue 27 12:51:35 Created ACTION-80 - Singer and shane wiley to determine whether dave singer's paradigm on parties would be a solution for Issue 27 [on David Singer - due 2012-02-01]. 12:51:45 Action: Karl to validate whether the TPLs can also express a cluster of whitelists for use with the Javascript API as defined by Nick 12:51:45 Created ACTION-81 - Validate whether the TPLs can also express a cluster of whitelists for use with the Javascript API as defined by Nick [on Karl Dubost - due 2012-02-01]. 12:52:06 Matthias: Shane can get us an opinion on Action 81 in the next week 12:52:25 karlcow has joined #dnt 12:52:42 RRSAgent, make logs public 12:52:56 rigo_ has joined #dnt 12:53:12 Matthias: close the discussion on Issue 27 12:53:23 trackbot, drop Action-81 12:53:23 Sorry, rigo, I don't understand 'trackbot, drop Action-81'. Please refer to http://www.w3.org/2005/06/tracker/irc for help 12:54:09 fwagner has joined #dnt 12:54:17 trackbot, close Action-81 12:54:17 ACTION-81 Validate whether the TPLs can also express a cluster of whitelists for use with the Javascript API as defined by Nick closed 12:54:21 ksmith has joined #DNT 12:54:32 was duplicate 12:55:21 Issue 78: what's the difference between absence of DNT header and DNT=0 12:55:57 Action: tl to Assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27]. 12:55:57 Sorry, amibiguous username (more than one match) - tl 12:55:57 Try using a different identifier, such as family name or username (eg. tleung2, tlowenth) 12:56:24 Roy: current text does not have consensus. could put an action item on roy to put an action item to edit & put a new draft into the spec. 12:56:48 Action: tlowenth to Assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27]. 12:56:48 Created ACTION-82 - Assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27]. [on Thomas Lowenthal - due 2012-02-01]. 12:57:13 Roy: this conversation relates to meanings of DNT 1 & 0, relative to compliance items (cross-tracking) being in the header spec 12:57:41 Shane: other issue was DNT=nothing instead of not sending a DNT header at all. related potentially to eprivacy. 12:58:17 bryan has joined #dnt 12:58:20 Rigo: We should require the sending of DNT unset, because only then does the service know you can trigger an opt back in (if they get consent) 12:58:30 TL: disagrees. you'll know which ua version supports DNT 12:58:34 present+ Bryan_Sullivan 12:58:43 Nick: you could check for the js method. 12:59:29 Kevin: should be an option for DNT-OFF. e.g. if dnt is on by default, someone could set the preference globally to OFF 12:59:58 TL: when you see a DNT header, it's talking to you. so you should not be able to get anything on the state of the rest of the world. 13:00:43 Aleecia: don't think that's going to happen based on how we are building it. legislation might be that if you don't get a signal then you have to assume it is on 13:00:59 vincent_ has joined #dnt 13:01:57 Shane: would help in knowing whether a given browser version is capable of passing DNT header 13:02:19 action: roy fielding to take the text from the email conversation & place it in the doc 13:02:19 Created ACTION-83 - Fielding to take the text from the email conversation & place it in the doc [on Roy Fielding - due 2012-02-01]. 13:02:48 Aleecia: need non-normative text that makes the purpose of 0 clearer 13:03:17 TL: not happy passing null for a mozilla user 13:03:43 TL: happy with the current proposal. Matthas asks we wait for Roy's next text version & we will comment further from there 13:04:23 action: describe the reason for setting DNT=null 13:04:23 Sorry, couldn't find user - describe 13:04:45 action: shane wiley to describe the reason for setting DNT=null 13:04:45 Created ACTION-84 - Wiley to describe the reason for setting DNT=null [on Shane Wiley - due 2012-02-01]. 13:05:43 ISSUE 84 Do we need a JS API / DOM property for client side js access to DNT status 13:06:05 trackbot, comment ACTION-83 take text from email about section for and DNT-header values 13:06:05 ACTION-83 Fielding to take the text from the email conversation & place it in the doc notes added 13:06:09 Jonathan: comfortable where we are now, no objections to text 13:07:17 Tom: remove the ability to set this within the DOM. it will always be an HTTP request. Shane seconds this. 13:08:09 Rigo: not sure why this can take different values 13:08:45 Shane: If you're a 3p on a 1p DOM, if i look into the DOM header the current signal is 1. but site specific exception is in place and that's 0. you would have to start building business rules on different signals from DOM vs HTTP request 13:08:57 vincent has joined #dnt 13:09:53 Jonathan: agrees. there are ways of making JS DNT aware that is in the JS provided by the browser. website can serves some js that reflects what the server received in the header. not hard to write & will always be correct. also comfortable dropping DOM with some discussion explaining why. 13:11:07 Thomas; we want to figure out a way taht no party finds out the settings for other parties. it might be worth having a few people put their heads together & think it through a bit more. if we get site specific exceptions solved cleanly i suspect we will have this solved as well 13:11:28 Matthias: let's drop this & charge a group with leader to find a way to repair it. if not, drop it. 13:11:47 Rigo: which use cases will we love if we do not have JS API? 13:12:24 andyzei has joined #dnt 13:15:16 Thomas; everyone agrees API is not going to work. let's remove the text since we don't know how to fix it. if people come up with new proposal we can create a new issue. 13:15:49 fwagner has joined #dnt 13:16:58 much debate about whether or not we should close this issue, or open a new issue 13:17:14 proposed: close issue-96, re-open issue-84 13:17:37 vincent has joined #dnt 13:18:20 jmayer: difference between browser API and not. Is the issue one about should js be DNT aware? (If so, yes, we have a proposal.) 13:18:28 Jonathan: will send an email to the list on technical solutions (possible), or do we need an issue specifically on an API & leave that issue open? 13:19:17 action: jonathan mayer to draft text to send out around a potential technical solution 13:19:17 Created ACTION-85 - Mayer to draft text to send out around a potential technical solution [on Jonathan Mayer - due 2012-02-01]. 13:19:25 ISSUE 87 13:19:47 issue-87? 13:19:47 ISSUE-87 -- Should there be an option for the server to respond with "I don't know what my policy is" -- pending review 13:19:47 http://www.w3.org/2011/tracking-protection/track/issues/87 13:19:50 closed; Issue 87 13:19:51 issue-86? 13:19:51 ISSUE-86 -- Do we have general extensibility capability for header response? -- closed 13:19:51 http://www.w3.org/2011/tracking-protection/track/issues/86 13:19:54 close issue-87 13:19:58 ISSUE-87 Should there be an option for the server to respond with "I don't know what my policy is" closed 13:20:01 closed ISSUE-87 13:20:08 closed: Issue-87 13:20:15 trackbot, close issue-87 13:20:15 ISSUE-87 Should there be an option for the server to respond with "I don't know what my policy is" closed 13:20:28 Issue 95 13:20:38 issue-95? 13:20:38 ISSUE-95 -- May an institution or network provider set a tracking preference for a user? -- pending review 13:20:38 http://www.w3.org/2011/tracking-protection/track/issues/95 13:20:43 may an institution or a network provider set a TPE for a user? 13:20:45 vt has joined #dnt 13:21:00 y please 13:22:07 bryan sullivan: want the ability to express a preference by a corporation, for a family 13:22:19 david singer: is it ok i agree to be tracked because i am using wifi in a given hotel? 13:22:50 shane: a legal issue, but potentially yes 13:23:41 the general setting would kill the user consent thingy as it wouldn't be the user's consent anymore 13:25:32 jim killock: believes setting DNT on is legitimate, setting it off is not 13:27:02 thomas; do we have any contributors in this room that want to propose changes to this text? would otherwise prefer we close the issue. 13:27:27 Bryan Sullivan: must the preference be managed just on the device 13:27:34 shane: no we excplicitly called out that it is not limited in this way 13:28:07 david singer: can we have some examples to back up this text? Shane -- we provided on the email chian 13:28:34 close: issue-95 13:28:40 issue-95 closed 13:28:40 ISSUE-95 May an institution or network provider set a tracking preference for a user? closed 13:28:57 issue-96? 13:28:57 ISSUE-96 -- The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) -- pending review 13:28:57 http://www.w3.org/2011/tracking-protection/track/issues/96 13:28:58 issue-96? 13:28:58 ISSUE-96 -- The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) -- pending review 13:29:00 http://www.w3.org/2011/tracking-protection/track/issues/96 13:29:20 issue-96 closed 13:29:21 ISSUE-96 The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) closed 13:29:25 issue-84? 13:29:25 ISSUE-84 -- Do we need a JavaScript API / DOM property for client-side js access to Do Not Track status? -- pending review 13:29:25 http://www.w3.org/2011/tracking-protection/track/issues/84 13:29:44 close: issue-96 13:29:55 trackbot, close issue-96 13:29:55 ISSUE-96 The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) closed 13:30:40 Topic: Response headers 13:32:14 matthias: 3 high level areas: (1) Elements (fields) if we send the header, what elements go into it? 13:32:19 (2) when to send the response headers 13:32:41 (3) misc 13:33:12 RIgo: caching is likely to take up a lot of time 13:33:13 vt has joined #dnt 13:34:48 TL: main components: 1/3p, whether subject to exceptions, option for serer to tell users they're opted back in, response for catchable objects 13:35:22 no-dnt -- not allowed, means you're not in compliance. for now it is a reserved value 13:36:25 well-known URI: whatever exceptions you are claiming there. not sure if its human readable or not yet 13:36:39 DNT: P3P-URI would be also nice :) 13:36:58 TL: main idea: on resources which tracking occurs, the access of that resource could produce data compatible with DNT, you get a response header. 13:37:23 caching situation: tracking doesn't take place here, so not needed 13:38:32 Rigo: concerned the solution is overly complex with too many values. also has URI that points to further documentation that might contradict the meaning 13:38:52 TL: feels this is covered in the spec. not allowed to contradict. 13:39:50 TL: header that says " we follow DNT" is not as useful to a client browser that wants to take dynamic actions based on levels of compliance 13:43:56 Alex: compliance is definitive, yes or no. if i the server have an exception with you through the user via a website visited, or through a backend contract. when a server comes in with DNT-on I don't know why that is the case. 13:44:57 Matthias: the concern here is that the server side third party may not be able to distinguish between these different values and may not know how to respond accurately. 13:45:31 rvaneijk has joined #dnt 13:45:58 Alex: would be easier to send a static header response 13:46:47 Kevin: this is very thorough. however i find it overly complicated & confusing and a little redundant. haven't heard a use case to presenta big enough advantage to justify the cost of the complexity involved here. 13:47:05 Kevin: greatly simplified when you look at it as cross site tracking instead of 1st v 3rd 13:47:20 +1 to Kevin's concern over the complexity of including 1st and 3rd party distinction in the response 13:47:53 Nick: DNT=0 -- could we specify the syntax. DNT=0 indicates you don't comply. move some of this langauge to the compliance spec. 13:48:07 Nick: if I know i am never going to track, what value should I set? 13:49:28 I think we could clarify dnt:c to apply to any resource that surely won't be tracked 13:49:46 Roy: edit: if a message is marked as cacheable,it is considered compliant 13:52:12 Roy: little o, big o and 0 seems like a bad idea. pick letters that are not confused with one another 13:53:23 TL: Ok to use 3 letters? people say yes 13:53:33 action: doty to write a clarification of dnt:c to apply to never-tracked resources 13:53:33 Created ACTION-86 - Write a clarification of dnt:c to apply to never-tracked resources [on Nick Doty - due 2012-02-01]. 13:53:40 action: tom lowenthal to draft new letter indicators 13:53:40 Sorry, couldn't find user - tom 13:53:48 (tl) 13:53:58 action: tl to draft new values for the DNT states 13:53:58 Sorry, amibiguous username (more than one match) - tl 13:53:58 Try using a different identifier, such as family name or username (eg. tleung2, tlowenth) 13:54:06 ACTION: lowenthal to color bikeshed in distinguishable colors 13:54:06 Created ACTION-87 - Color bikeshed in distinguishable colors [on Thomas Lowenthal - due 2012-02-01]. 13:54:09 tl, I think IanF and other Google employees will complain if you increase the length of the response, even if only by a character 13:54:39 ACTION-87: this action item actually refers to the DNT response header coding. requirements: brief, pronounceable, distinguishable. 13:54:39 ACTION-87 Color bikeshed in distinguishable colors notes added 13:56:24 Rigo: main reason for pushing response header was consent mechanism. static dnt=1 would serve this purpose better 14:00:27 q? 14:01:10 amyc has joined #dnt 14:01:44 Chapell has joined #DNT 14:02:37 kevin: could get rid of opt-dnt 1 and 3 by rolling it into except dnt3 14:03:29 Matthias: let's have tom & kevin sit together & discuss further. 14:03:50 Matthias: we have 2 ways to move forward (1) fix this expressive solution (2) a much simpler solution with a completely different design 14:05:39 Karl: we're getting ahead of the compliance doc 14:06:04 kj has joined #dnt 14:06:31 Ed: are we discussing whether to have finer granularity in reasons for tracking, should server say why they're allowed to track in a given context? 14:08:51 Aleecia: if we have the framework on compliance, it probably doesn't change much. so let's go down this road. 14:09:22 "I don't like it" is not a proposal :-) 14:09:30 another option is to have a first version which is very simple and can be more expressive later if we think we need it 14:09:37 Rigo: volunteers to try a simpler alternative 14:09:43 q+ 14:09:53 later = after implementations experience 14:10:18 action: rigo shane wiley roy fielding sean harvey to draft a simpler version of the spec 14:10:18 Created ACTION-88 - Shane wiley roy fielding sean harvey to draft a simpler version of the spec [on Rigo Wenning - due 2012-02-01]. 14:10:40 Week of FEb 3 for Action 88 (rigo is the leader of the group) 14:10:41 many technologies failed because the first version was too complex to implement 14:10:46 ACTION-88: refers to DNT HTTP response header 14:10:47 ACTION-88 Shane wiley roy fielding sean harvey to draft a simpler version of the spec notes added 14:13:49 q+ 14:14:11 shane: we have exceptions from compliance doc. this says you're employing one of these exceptions or not & it doesn't seem valuable & adds non-useful complexity to the response header 14:15:01 david singer: wants to make sure there is a simple binary response for the user 14:15:42 Roy: options for what to call this response header. DNT, T... 14:15:49 MrT 14:15:53 shane: T is a bad idea because it is often used e.g. for "time" 14:17:54 Aleecia/Roy: TK will be the header name for the moment 14:18:14 +1 on TK 14:18:14 action: roy fielding to make final decision on response header name 14:18:15 Created ACTION-89 - Fielding to make final decision on response header name [on Roy Fielding - due 2012-02-01]. 14:18:20 ER ~ Emergency Room 14:19:10 ed felten: from law enforcement standpoint. assume a bad actor. I'm trying to catch them lying to the user. the more specific, the easier it is to do that. if there is only one value and there are 8 exceptions to hide behind its harder to figure out what's happening. 14:19:53 I'm concerned about the amount of data traffic that this will generate, given that operational exceptions and outsourcing exceptions will be common for example, and the explanations will amount to a lot of text over time. I would prefer if any static response aspects could be in a file (XML, JSON) at the "well-known" URL, and the DNT header was a simple ack of DNT:1 or DNT:0. 14:20:01 Kevin: need to account for user & also expert "auditor" or complier 14:20:53 Bryan: worried amount of data this is goign to generate. any extra data static & sent on a regular basis, potentially billions of times a day for large sites 14:21:01 TL: this was previously handled 14:21:31 brief explanation of the result would be at least courteous.... 14:21:31 Rigo: each of these values/states should be easily testable 14:21:36 TL: that's not possible 14:21:50 if not informative for others that are also not aware of it... 14:22:23 how significant is the cost of data, bryan? 5 or 6 additional characters on responses (which tend to be much larger than requests)? 14:22:36 fwagner has joined #dnt 14:23:01 karl: concern about developers making mistakes on the server side 14:23:02 every static response adds up quickly 14:23:30 this is why accept: */* is very common now in mobile devices 14:24:09 you can see discussion in http://www.w3.org/2011/11/01-dnt-minutes.html, where Ian's suggestion was about keeping it down to a few characters per response rather than full URLs 14:24:13 jonathan: 2 reasons he preferes more granularity (1) complexity overstated. site doesn't have to implement all of them, only a very small subset. 14:24:42 within those minutes, Ctrl-F "bytes" is a quick way to find the relevant area 14:24:43 jonathan: (2) there is real value to this additional data. analytics to let us know how it is being used etc 14:25:35 (I think bytes cost has been discussed since too, but those Santa Clara minutes was in my immediate memory) 14:25:48 efelten has joined #dnt 14:26:21 aaaaand break 14:26:29 thanks for scribing, sean! 14:26:46 Ian's response is understood, but from a network operator perspective the cost of carrying unnecessary bytes is excessive 14:27:05 dan has joined #dnt 14:38:46 KevinT has joined #dnt 14:55:25 dwainberg has joined #dnt 14:59:35 KevinT_ has joined #dnt 15:06:51 dan has joined #dnt 15:07:07 kj_ has joined #dnt 15:08:45 johnsimpson has joined #dnt 15:08:48 topic: open issues 15:09:06 issue 43? 15:09:32 trackbot, issue=43? 15:09:32 Sorry, KevinT_, I don't understand 'trackbot, issue=43?'. Please refer to http://www.w3.org/2005/06/tracker/irc for help 15:10:13 dsigner: agree in principle 15:10:14 rrsagent, please draft the minutes 15:10:14 I have made the request to generate http://www.w3.org/2012/01/25-dnt-minutes.html karl 15:10:32 issue-23 closed 15:10:32 ISSUE-23 Possible exemption for analytics closed 15:10:48 issue-43 closed 15:10:48 ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track closed 15:11:02 trackbot, reopen issue-23 15:11:02 ISSUE-23 Possible exemption for analytics re-opened 15:11:24 issue-105? 15:11:24 ISSUE-105 -- Response header without request header? -- open 15:11:24 http://www.w3.org/2011/tracking-protection/track/issues/105 15:11:47 fwagner has joined #dnt 15:12:53 ACTION: Tom to modify response header text according to resolution of issue-105 (MUST, otherwise MAY) 15:12:53 Sorry, couldn't find user - Tom 15:13:00 ACTION: Lowenthal to modify response header text according to resolution of issue-105 (MUST, otherwise MAY) 15:13:04 Created ACTION-90 - Modify response header text according to resolution of issue-105 (MUST, otherwise MAY) [on Thomas Lowenthal - due 2012-02-01]. 15:13:04 (Tom is tl) 15:13:08 Chapell has joined #DNT 15:13:11 issue-105 closed 15:13:11 ISSUE-105 Response header without request header? closed 15:13:59 vincent_ has joined #dnt 15:14:12 107, 90, 48, 51, 76, 79 are all issues related to response headers 15:15:13 issue-61? 15:15:14 ISSUE-61 -- A site could publish a list of the other domains that are associated with them -- open 15:15:14 http://www.w3.org/2011/tracking-protection/track/issues/61 15:15:45 jmayer has joined #dnt 15:16:33 dsinger and shane to add issue 61 to existing action item (need to find #) 15:19:40 sean has joined #dnt 15:19:55 matthias; issue 47 moved to response header team 15:21:18 issue-61? 15:21:19 ISSUE-61 -- A site could publish a list of the other domains that are associated with them -- raised 15:21:19 http://www.w3.org/2011/tracking-protection/track/issues/61 15:21:39 andyzei has joined #dnt 15:21:51 next topic: raised TPE issues 15:22:38 efelten has joined #dnt 15:22:59 issue-114? 15:23:00 ISSUE-114 -- Guidance or mitigation of fingerprinting risk for user-agent-managed site-specific tracking exceptions -- raised 15:23:00 http://www.w3.org/2011/tracking-protection/track/issues/114 15:23:12 ISSUE-109? 15:23:12 ISSUE-109 -- siteSpecificTrackingExceptions property has fingerprinting risks: is it necessary? -- raised 15:23:12 http://www.w3.org/2011/tracking-protection/track/issues/109 15:24:15 action: zeigler to write text on fingerprinting risk (ISSUE-109, ISSUE-114), with Nick Doty 15:24:15 Created ACTION-91 - Write text on fingerprinting risk (ISSUE-109, ISSUE-114), with Nick Doty [on Andy Zeigler - due 2012-02-01]. 15:24:29 issue-109 open 15:24:34 trackbot, issue-109 is open 15:24:34 Sorry, tlr, I don't understand 'trackbot, issue-109 is open'. Please refer to http://www.w3.org/2005/06/tracker/irc for help 15:25:10 issue=113? 15:25:42 issue-113? 15:25:42 ISSUE-113 -- Should there be a JavaScript API to prompt for a Web-wide exception? -- raised 15:25:42 http://www.w3.org/2011/tracking-protection/track/issues/113 15:25:46 issue-109? 15:25:46 ISSUE-109 -- siteSpecificTrackingExceptions property has fingerprinting risks: is it necessary? -- open 15:25:46 http://www.w3.org/2011/tracking-protection/track/issues/109 15:25:51 issue-91? 15:25:51 ISSUE-91 -- Might want prohibitions on first parties re-selling data to get around the intent of DNT -- closed 15:25:51 http://www.w3.org/2011/tracking-protection/track/issues/91 15:26:03 issue-114? 15:26:03 ISSUE-114 -- Guidance or mitigation of fingerprinting risk for user-agent-managed site-specific tracking exceptions -- open 15:26:03 http://www.w3.org/2011/tracking-protection/track/issues/114 15:26:41 shane: first party context - ex: web-wide exception for widget (social network widget) 15:27:52 ksmith: can add widgets without going to widget publisher's site 15:28:04 ndoty: not a high priority 15:29:51 action: alan to write text for issue-113 15:29:52 Created ACTION-92 - Write text for issue-113 [on Alan Chapell - due 2012-02-01]. 15:29:55 issue-113 15:29:59 issue-113? 15:29:59 ISSUE-113 -- Should there be a JavaScript API to prompt for a Web-wide exception? -- raised 15:29:59 http://www.w3.org/2011/tracking-protection/track/issues/113 15:30:42 issue=115? 15:30:53 fwagner has joined #dnt 15:31:01 issue-115? 15:31:01 ISSUE-115 -- Should sites be able to manage site-specific tracking exceptions outside of the user-agent-managed system? -- raised 15:31:01 http://www.w3.org/2011/tracking-protection/track/issues/115 15:31:17 issue-115? 15:31:17 ISSUE-115 -- Should sites be able to manage site-specific tracking exceptions outside of the user-agent-managed system? -- raised 15:31:17 http://www.w3.org/2011/tracking-protection/track/issues/115 15:32:20 shane: need to consider existing opt-ins already in place, shouldnt be MUST 15:32:35 issue-14? 15:32:35 ISSUE-14 -- How does what we talk about with 1st/3rd party relate to European law about data controller vs data processor? -- open 15:32:35 http://www.w3.org/2011/tracking-protection/track/issues/14 15:33:15 andyzei: not cool to overnotify users, DNT-2 - please don't track me even if you think you can 15:33:57 jeff chester: concerns around lack of transparency for out of band --> suggest best practices 15:35:26 action: jeff to write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim - due in 2 weeks 15:35:26 Sorry, couldn't find user - jeff 15:35:30 action: chester to write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim - due in 2 weeks 15:35:30 Created ACTION-93 - write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim [on Jeffrey Chester - due 1970-01-01]. 15:35:41 action-93 due 2012-02-07 15:35:41 ACTION-93 write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim due date now 2012-02-07 15:35:45 issue-115? 15:35:45 ISSUE-115 -- Should sites be able to manage site-specific tracking exceptions outside of the user-agent-managed system? -- raised 15:35:45 http://www.w3.org/2011/tracking-protection/track/issues/115 15:36:40 q+ 15:37:12 +1 to Rigo's comment 15:38:33 jimK: past precedent of tracking cookies deposited without consent don't qualify for consent in DNT 15:40:02 jmayer: browsers have better set of incentives to educate users vs. business use of privacy policy; if not in browser - have stronger language around notice to be accountability 15:41:21 mgroman has joined #DNT 15:41:37 jmayer: opt-in api - allow for adding text to make user message easier to understand (vs. domain only) 15:41:52 karl has joined #dnt 15:43:04 Re sites managing user preferences using out of band methods, browsers are not the only user agents intended to be covered by DNT requirements. Users may not be able to manage DNT preferences across all HTTP-based applications effectively, thus out of band methods can help ensure users can more effectively manage DNT options across all their HTTP-based apps. 15:46:13 action: jmayer to write proposal to communicate information about consent to user as part of opt back in API 15:46:13 Created ACTION-94 - Write proposal to communicate information about consent to user as part of opt back in API [on Jonathan Mayer - due 2012-02-01]. 15:48:12 rigo: to bryan - tpl revisited 15:48:47 jc wants to rumble 15:50:20 issue-112? 15:50:20 ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- raised 15:50:20 http://www.w3.org/2011/tracking-protection/track/issues/112 15:50:43 issue-118? 15:50:43 ISSUE-118 -- Should requesting a user-agent-managed site-specific exception be asynchronous? -- raised 15:50:43 http://www.w3.org/2011/tracking-protection/track/issues/118 15:52:45 ACTION: npdoty to write proposal for asynchronous API (ISSUE-118) 15:52:45 Created ACTION-95 - Write proposal for asynchronous API (ISSUE-118) [on Nick Doty - due 2012-02-01]. 15:53:02 action-95 due 02-07 15:53:02 ACTION-95 Write proposal for asynchronous API (ISSUE-118) due date now 02-07 15:53:06 issue-62? 15:53:06 ISSUE-62 -- The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context -- raised 15:53:06 http://www.w3.org/2011/tracking-protection/track/issues/62 15:53:44 issue-46? 15:53:44 ISSUE-46 -- Enable users to do more granular blocking based on whether the site responds honoring Do Not Track -- raised 15:53:44 http://www.w3.org/2011/tracking-protection/track/issues/46 15:53:51 trackbot, ping 15:53:51 action-95 due 2012-02-07 15:53:51 issue-62? 15:53:51 issue-62 closed 15:53:51 Sorry, tlr, I don't understand 'trackbot, ping'. Please refer to http://www.w3.org/2005/06/tracker/irc for help 15:53:51 ACTION-95 Write proposal for asynchronous API (ISSUE-118) due date now 2012-02-07 15:53:51 ISSUE-62 -- The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context -- raised 15:53:53 http://www.w3.org/2011/tracking-protection/track/issues/62 15:53:57 ISSUE-62 The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context closed 15:54:43 +1 to Tom. This is out of scope. 15:56:01 automatic is missing in that issue :) 15:56:02 tl: out of scope + matthias, rigo 15:56:11 issue-46? 15:56:11 ISSUE-46 -- Enable users to do more granular blocking based on whether the site responds honoring Do Not Track -- raised 15:56:11 http://www.w3.org/2011/tracking-protection/track/issues/46 15:56:17 issue-46? 15:56:17 ISSUE-46 -- Enable users to do more granular blocking based on whether the site responds honoring Do Not Track -- raised 15:56:17 http://www.w3.org/2011/tracking-protection/track/issues/46 15:56:30 issue-77? 15:56:30 ISSUE-77 -- How does a website determine if it is a first or third party and should this be included in the protocol? -- raised 15:56:30 http://www.w3.org/2011/tracking-protection/track/issues/77 15:56:55 issue-46: out of scope 15:56:55 ISSUE-46 Enable users to do more granular blocking based on whether the site responds honoring Do Not Track notes added 15:56:56 issue-46 closed 15:56:56 ISSUE-46 Enable users to do more granular blocking based on whether the site responds honoring Do Not Track closed 15:57:13 discussed: don't need protocol close 77 15:57:34 efelten has joined #dnt 15:58:27 trackbot, close issue-77 15:58:28 ISSUE-77 How does a website determine if it is a first or third party and should this be included in the protocol? closed 15:58:38 issue-108? 15:58:38 ISSUE-108 -- Should/could the tracking preference expression be extended to other protocols beyond HTTP? -- raised 15:58:38 http://www.w3.org/2011/tracking-protection/track/issues/108 16:01:19 Revised response header spec: https://pad.riseup.net/p/3g4uYDAvNb1n 16:01:37 dsinger: suggest text: future documents can be built with same effects into future protocols 16:02:04 jmayer: intent to apply to all protocols. 16:02:37 aleccia: add to dsinger's comments - original intent was for http, but can be mirrored to other protocols and still remain DNT 16:04:18 roy: belongs in compliance spec? 16:04:32 mgroman has joined #DNT 16:04:44 HTTP Tracking Preference Expression 16:04:57 "our work is designed to apply to all HTTP communications (including mobile apps) and may additionally be applied to additional protocols (ex: SPDY). While we design for HTTP, there is nothing to prevent other protocols from adopting the approaches, definitions, etc. we work out." 16:04:59 http://tools.ietf.org/html/draft-ietf-core-coap-08 is the current version of CoAP and for M2M this will be the transport for HTTP-based applications on constrained bearers for machine-to-machine applications. 16:05:08 action: issue-108 jmayer to create text for other protocols 16:05:08 Sorry, couldn't find user - issue-108 16:05:24 HTTP Tracking Preference Expression is one possible implementation of Tracking compliance specification 16:05:30 action: jmayer for issue 108 for future protocols 16:05:30 Created ACTION-96 - For issue 108 for future protocols [on Jonathan Mayer - due 2012-02-01]. 16:06:02 action: dsinger issue 108 add similar protocol statements to TPE 16:06:02 Sorry, couldn't find user - dsinger 16:06:26 dsinger, I think the existing text in a note on ISSUE-108 would be a good starting point for that sentence to add to TPE; we discussed it on a call in December 16:06:47 action: dsinger add similar protocol language to TPE spec 16:06:47 Sorry, couldn't find user - dsinger 16:07:00 action: singer to add similar protocol language to TPE spec 16:07:01 Created ACTION-97 - Add similar protocol language to TPE spec [on David Singer - due 2012-02-01]. 16:07:30 action-97: dsinger, I think the existing text in a note on ISSUE-108 would be a good starting point for that sentence to add to TPE; we discussed it on a call in December 16:07:30 ACTION-97 Add similar protocol language to TPE spec notes added 16:07:42 trackbot, close issue-110 16:07:43 ISSUE-110 Is top-level-origin for outgoing requests workable for site-specific tracking exceptions? closed 16:08:09 issue-111? 16:08:09 ISSUE-111 -- Different DNT values to signify existence of associated exceptions -- raised 16:08:09 http://www.w3.org/2011/tracking-protection/track/issues/111 16:10:57 tl: feels this is covered already 16:11:18 rigo: +1 using p3p case example 16:11:48 ndoty: shane feels this is valuable use case for publishers (keep raised) 16:12:56 tl, does DNT:1 could block an HTTP referer? example an iframe. Thinking about the wikipedia just cited, where the tracking could occur just with the words in the URI. 16:13:39 ACTION: shane to bring input on ISSUE-111 to the group; otherwise it's closed 16:13:40 Created ACTION-98 - Bring input on ISSUE-111 to the group; otherwise it's closed [on Shane Wiley - due 2012-02-01]. 16:13:50 karl, DNT not a technical measure, just a preference expression. Perhaps you could change your browser to add this behavior? 16:14:18 yup… but breaking a lot of things. :) hmmm difficult 16:15:22 action-98: Shane, since most of the people in the group were happy to close this issue now, we'd like to see an explanation of text/use cases for why we should continue to discuss it or adopt it 16:15:23 ACTION-98 Bring input on ISSUE-111 to the group; otherwise it's closed notes added 17:18:48 dsinger has joined #dnt 17:35:24 LaurenGelman has joined #dnt 17:41:49 clp has joined #dnt 17:42:27 Hello, sorry to be late, I can't listen on phone but just wanted to drop in briefly. 17:43:39 clp has joined #dnt 17:44:51 clp has joined #dnt 17:47:05 aleecia has joined #dnt 17:50:23 dwainberg has joined #dnt 17:51:34 mischat has joined #dnt 21:38:37 RRSAgent has joined #dnt 21:38:37 logging to http://www.w3.org/2012/01/25-dnt-irc 21:38:42 rrsagent, draft minutes 21:38:42 I have made the request to generate http://www.w3.org/2012/01/25-dnt-minutes.html npdoty 21:39:31 trackbot, end meeting 21:39:31 Zakim, list attendees 21:39:31 sorry, trackbot, I don't know what conference this is 21:39:34 RRSAgent, please draft minutes 21:39:34 I have made the request to generate http://www.w3.org/2012/01/25-dnt-minutes.html trackbot 21:39:35 RRSAgent, bye 21:39:49 rrsagent, make minutes public 21:39:49 I'm logging. I don't understand 'make minutes public', npdoty. Try /msg RRSAgent help 21:39:57 rrsagent, make logs public 21:40:05 rrsagent, bye 21:40:05 I see no action items