IRC log of dnt on 2012-01-25

Timestamps are in UTC.

08:57:52 [RRSAgent]
RRSAgent has joined #dnt
08:57:52 [RRSAgent]
logging to http://www.w3.org/2012/01/25-dnt-irc
08:57:57 [tlr]
ISSUE-7 closed
08:57:58 [trackbot]
ISSUE-7 What types of tracking exist, and what are the use cases for these types of tracking? closed
08:58:02 [tlr]
ISSUE-8 closed
08:58:02 [trackbot]
ISSUE-8 How do we enhance transparency and consumer awareness? closed
08:58:04 [tlr]
issue-9 closed
08:58:05 [trackbot]
ISSUE-9 Understand all the different first- and third-party cases. closed
08:58:35 [tlr]
issue-7: lack of interest at 2012-01-26 meeting
08:58:35 [trackbot]
ISSUE-7 What types of tracking exist, and what are the use cases for these types of tracking? notes added
08:58:38 [tlr]
issue-8: lack of interest at 2012-01-26 meeting
08:58:38 [trackbot]
ISSUE-8 How do we enhance transparency and consumer awareness? notes added
08:58:42 [tlr]
issue-9: lack of interest at 2012-01-26 meeting
08:58:43 [trackbot]
ISSUE-9 Understand all the different first- and third-party cases. notes added
08:58:53 [tlr]
issue-12: lack of interest at 2012-01-26 meeting
08:58:54 [trackbot]
ISSUE-12 How does tracking require relation to unique identities, pseudonyms, etc.? notes added
08:58:58 [tlr]
issue-12 closed
08:58:59 [trackbot]
ISSUE-12 How does tracking require relation to unique identities, pseudonyms, etc.? closed
09:00:03 [tlr]
ISSUE-16: discussed collection vs retention, not otherwise needed
09:00:04 [trackbot]
ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) notes added
09:00:34 [tlr]
issue-16 closed
09:00:35 [trackbot]
ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) closed
09:01:13 [tlr]
issue-20: touch upon unidentified / unidentifiable in compliance; Shane: challenge to write text
09:01:13 [trackbot]
ISSUE-20 Different types of data, what counts as PII, and what definition of PII notes added
09:01:30 [tlr]
issue-20: touch upon unidentified / unidentifiable in compliance; Shane: challenge to write text
09:01:30 [trackbot]
ISSUE-20 Different types of data, what counts as PII, and what definition of PII notes added
09:01:33 [tlr]
issue-20 closed
09:01:33 [trackbot]
ISSUE-20 Different types of data, what counts as PII, and what definition of PII closed
09:03:03 [tlr]
ACTION: kevin to produce draft for ISSUE-21
09:03:03 [trackbot]
Sorry, amibiguous username (more than one match) - kevin
09:03:03 [trackbot]
Try using a different identifier, such as family name or username (eg. ktrilli2, ksmith5)
09:03:08 [tlr]
ACTION: trilli to produce draft for ISSUE-21
09:03:09 [trackbot]
Created ACTION-55 - Produce draft for ISSUE-21 [on Kevin Trilli - due 2012-02-01].
09:03:49 [tlr]
ISSUE-21: jonathan mayer: difference between response header and technical verification is what brought this up initially.
09:03:49 [trackbot]
ISSUE-21 Enable external audit of DNT compliance notes added
09:07:03 [tlr]
ACTION: mayer to draft text for issue-28
09:07:03 [trackbot]
Created ACTION-57 - Draft text for issue-28 [on Jonathan Mayer - due 2012-02-01].
09:07:16 [tlr]
ACTION: amy to draft text for issue-28
09:07:16 [trackbot]
Created ACTION-58 - Draft text for issue-28 [on Amy Colando - due 2012-02-01].
09:08:02 [npdoty]
npdoty has joined #dnt
09:08:36 [tlr]
issue-33: likely duplicate
09:08:36 [trackbot]
ISSUE-33 Complexity of user choice (are exemptions exposed to users?) notes added
09:08:50 [tlr]
ACTION: npdoty to find duplicate for ISSUE-33, add note
09:08:50 [trackbot]
Created ACTION-59 - Find duplicate for ISSUE-33, add note [on Nick Doty - due 2012-02-01].
09:08:54 [tlr]
issue-35?
09:08:54 [trackbot]
ISSUE-35 -- How will DNT interact with existing opt-out programs (industry self-reg, other)? -- raised
09:08:54 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/35
09:09:07 [tlr]
issue-38 closed
09:09:07 [trackbot]
ISSUE-38 Granularity for different people who share a device or browser closed
09:09:50 [tlr]
issue-41 closed
09:09:50 [trackbot]
ISSUE-41 Consistent way to discuss tracking with users (terminology matters!) closed
09:10:09 [tlr]
issue-43: addressed by site-specific exceptions
09:10:10 [trackbot]
ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track notes added
09:10:12 [tlr]
issue-43 closed
09:10:12 [trackbot]
ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track closed
09:10:33 [tlr]
trackbot, reopen issue-43
09:10:34 [trackbot]
ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track re-opened
09:10:54 [tlr]
ACTION: npdoty to find out whether ISSUE-43 is a duplicate (and of what)
09:10:55 [trackbot]
Created ACTION-60 - Find out whether ISSUE-43 is a duplicate (and of what) [on Nick Doty - due 2012-02-01].
09:11:33 [tlr]
ACTION-60: close issue-43 with appropriate annotation
09:11:33 [trackbot]
ACTION-60 Find out whether ISSUE-43 is a duplicate (and of what) notes added
09:11:38 [tlr]
issue-45?
09:11:38 [trackbot]
ISSUE-45 -- Companies making public commitments with a "regulatory hook" for US legal purposes -- raised
09:11:38 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/45
09:12:17 [mischat]
mischat has joined #dnt
09:13:10 [tlr]
action: tl to write no-change proposal for ISSUE-45
09:13:10 [trackbot]
Sorry, amibiguous username (more than one match) - tl
09:13:10 [trackbot]
Try using a different identifier, such as family name or username (eg. tleung2, tlowenth)
09:13:29 [tlr]
action: lowenthal to write no-change proposal for ISSUE-45
09:13:30 [trackbot]
Created ACTION-61 - Write no-change proposal for ISSUE-45 [on Thomas Lowenthal - due 2012-02-01].
09:13:32 [tlr]
ACTION: mayer to write "text in privacy policy" proposal for ISSUE-45
09:13:32 [trackbot]
Created ACTION-62 - Write "text in privacy policy" proposal for ISSUE-45 [on Jonathan Mayer - due 2012-02-01].
09:14:10 [tlr]
issue-54?
09:14:10 [trackbot]
ISSUE-54 -- Can first party provide targeting based on registration information even while sending DNT -- open
09:14:10 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/54
09:17:20 [tlr]
issue-15?
09:17:20 [trackbot]
ISSUE-15 -- What special treatment should there be for children's data? -- open
09:17:20 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/15
09:18:18 [tlr]
ISSUE-15: consensus this is not an issue we take on specifically; fall back to applicable law
09:18:18 [trackbot]
ISSUE-15 What special treatment should there be for children's data? notes added
09:18:50 [npdoty]
issue-15 pending review
09:19:03 [tlr]
issue-15 closed
09:19:03 [trackbot]
ISSUE-15 What special treatment should there be for children's data? closed
09:19:15 [npdoty]
issue-36?
09:19:15 [trackbot]
ISSUE-36 -- Should DNT opt-outs distinguish between behavioral targeting and other personalization? -- open
09:19:15 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/36
09:19:16 [tlr]
issue-36?
09:19:16 [trackbot]
ISSUE-36 -- Should DNT opt-outs distinguish between behavioral targeting and other personalization? -- open
09:19:16 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/36
09:22:31 [tlr]
ACTION: lowenthal to write counter-proposal for issue-36
09:22:32 [trackbot]
Created ACTION-63 - Write counter-proposal for issue-36 [on Thomas Lowenthal - due 2012-02-01].
09:24:41 [tlr]
ISSUE-36: current text intended *specifically* for third parties
09:24:42 [trackbot]
ISSUE-36 Should DNT opt-outs distinguish between behavioral targeting and other personalization? notes added
09:26:31 [npdoty]
I think we probably need different action items for different counter-proposals
09:26:54 [npdoty]
jeff, ninja, nick, tom are the interested parties for issue-36 counter-proposals
09:27:08 [tlr]
ISSUE-36: JeffC, ninja, Nick, Tom will review action
09:27:08 [trackbot]
ISSUE-36 Should DNT opt-outs distinguish between behavioral targeting and other personalization? notes added
09:27:13 [tlr]
issue-39?
09:27:13 [trackbot]
ISSUE-39 -- Tracking of geographic data (however it's determined, or used) -- open
09:27:13 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/39
09:28:44 [rigo]
rigo has joined #dnt
09:30:47 [tlr]
issue-39: historic data covered; real-time use out of scope
09:30:48 [trackbot]
ISSUE-39 Tracking of geographic data (however it's determined, or used) notes added
09:32:57 [tlr]
ISSUE-16 reopened
09:33:02 [tlr]
trackbot, reopen ISSUE-16
09:33:02 [trackbot]
ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) re-opened
09:33:14 [rigo]
SW: issue 63 is out of scope of DNT
09:33:28 [tlr]
ACTION: jonathan to propose new text for ISSUE-16
09:33:28 [trackbot]
Created ACTION-64 - Propose new text for ISSUE-16 [on Jonathan Mayer - due 2012-02-01].
09:33:39 [tlr]
ACTION: lowenthal to propose clarification on ISSUE-39
09:33:39 [trackbot]
Created ACTION-65 - Propose clarification on ISSUE-39 [on Thomas Lowenthal - due 2012-02-01].
09:33:48 [tlr]
ACTION: chester to propose counterproposal for ISSUE-39
09:33:48 [trackbot]
Created ACTION-66 - Propose counterproposal for ISSUE-39 [on Jeffrey Chester - due 2012-02-01].
09:33:56 [rigo]
issue-16: Jonathan to propose new text
09:33:56 [trackbot]
ISSUE-16 What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) notes added
09:33:57 [rigo]
rigo has joined #dnt
09:35:21 [tlr]
ACTION: justin to propose text on ISSUE-39
09:35:22 [trackbot]
Created ACTION-67 - Propose text on ISSUE-39 [on Justin Brookman - due 2012-02-01].
09:36:01 [tlr]
issue-54?
09:36:01 [trackbot]
ISSUE-54 -- Can first party provide targeting based on registration information even while sending DNT -- open
09:36:01 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/54
09:37:06 [rigo]
rigo has joined #dnt
09:37:40 [rigo]
SW: can third parties use registration information from first party
09:37:59 [tlr]
SH: need to generalize beyond first registration data
09:37:59 [rigo]
Jeff: DNT should trump
09:38:08 [rigo]
Sean: this is more than registration data
09:38:25 [rigo]
Justin: information is not covered. That needs to be clarified
09:38:29 [tlr]
ACTION: justin to provide text on ISSUE-54
09:38:30 [trackbot]
Created ACTION-68 - Provide text on ISSUE-54 [on Justin Brookman - due 2012-02-01].
09:38:59 [npdoty]
action-68: we need to clarify that data collected while you're a first party can't be used later as a third-party (in a third-party ad context, for example)
09:38:59 [trackbot]
ACTION-68 Provide text on ISSUE-54 notes added
09:39:22 [tlr]
SW: argue that use of registration information in should only happen in first-party contexts
09:39:29 [tlr]
s/ in/ /
09:39:31 [rigo]
MS: if advertising on Yahoo as first party, this trumps DNT signal
09:40:32 [rigo]
SW: we have some out of band agreement to have photo logged on Blog. That will be conflict with DNT
09:40:43 [rigo]
... explicit consent will trump DNT
09:41:09 [rigo]
TL: agree, but difference with real consent and some general conditions
09:41:30 [rigo]
Sean; specific registration, suggest to close this issue
09:41:33 [tlr]
ACTION: harvey to propose renaming issue-54
09:41:33 [trackbot]
Created ACTION-69 - Propose renaming issue-54 [on Sean Harvey - due 2012-02-01].
09:41:52 [rigo]
Andy: we have issue 65
09:42:30 [tlr]
issue-65?
09:42:30 [trackbot]
ISSUE-65 -- How does logged in and logged out state work -- open
09:42:30 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/65
09:42:32 [rigo]
JC: if we do that all social widgets will be disabled
09:43:28 [rigo]
TL: disagreed with the premise, disagreed to have anything in the text
09:43:29 [tlr]
ACTION: lowenthal to review andy's text on issue-65
09:43:30 [trackbot]
Created ACTION-70 - Review andy's text on issue-65 [on Thomas Lowenthal - due 2012-02-01].
09:44:08 [tlr]
ACTION: zeigler to link previous text proposal from issue-65
09:44:08 [trackbot]
Created ACTION-71 - Link previous text proposal from issue-65 [on Andy Zeigler - due 2012-02-01].
09:44:23 [rigo]
MS: to Tom, if you find to agree with Andy just send empty counterproposal
09:44:49 [tlr]
issue-95?
09:44:49 [trackbot]
ISSUE-95 -- May an institution or network provider set a tracking preference for a user? -- pending review
09:44:49 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/95
09:44:51 [rigo]
issue-95?
09:44:51 [trackbot]
ISSUE-95 -- May an institution or network provider set a tracking preference for a user? -- pending review
09:44:51 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/95
09:45:10 [rigo]
SW: intermediaries that should not modify signal
09:45:28 [npdoty]
action-71: Andy had already written a draft shared with Tom and some revisions, but would be good to link that directly to issue-65
09:45:29 [trackbot]
ACTION-71 Link previous text proposal from issue-65 notes added
09:45:46 [rigo]
AM: not to be discussed now. Matthias business
09:45:54 [tlr]
issue-74?
09:45:54 [trackbot]
ISSUE-74 -- Are surveys out of scope? -- raised
09:45:54 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/74
09:46:04 [tlr]
issue-25?
09:46:04 [trackbot]
ISSUE-25 -- Possible exemption for research purposes -- pending review
09:46:04 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/25
09:46:12 [rigo]
issue-74?
09:46:12 [trackbot]
ISSUE-74 -- Are surveys out of scope? -- raised
09:46:12 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/74
09:46:41 [rigo]
AM: action on me
09:46:51 [tlr]
action: kathy to review aleecia's draft on issue-25, issue-74
09:46:52 [trackbot]
Created ACTION-72 - Review aleecia's draft on issue-25, issue-74 [on Kathy Joe - due 2012-02-01].
09:46:59 [rigo]
Kathy offers to review that text
09:47:20 [rigo]
AM: please send directly to the mailing list
09:47:43 [npdoty]
issue-74: could also connect to the Market Research exception discussed 24 January 2012
09:47:44 [trackbot]
ISSUE-74 Are surveys out of scope? notes added
09:48:22 [rigo]
issue-91?
09:48:22 [trackbot]
ISSUE-91 -- Might want prohibitions on first parties re-selling data to get around the intent of DNT -- pending review
09:48:22 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/91
09:49:10 [rigo]
Justin: 4.1 of compliance spec
09:49:28 [tlr]
issue-91 closed
09:49:29 [rigo]
AM: propose to close the issue
09:49:29 [trackbot]
ISSUE-91 Might want prohibitions on first parties re-selling data to get around the intent of DNT closed
09:49:48 [rigo]
Resolution: current text accepted
09:50:33 [npdoty]
issue-91: closed as per the existing text "If an operator of a first party domain stores a request to which a [DNT-ON] header is attached, that operator must not transmit information about that stored communication to a third party, outside of the explicitly expressed exceptions as defined in this standard."
09:50:33 [trackbot]
ISSUE-91 Might want prohibitions on first parties re-selling data to get around the intent of DNT notes added
09:50:57 [rigo]
AM: editorial pass at the end of the process to get wording in line
09:51:07 [rigo]
AM: what is a user?
09:51:20 [rigo]
Ninja: Tom and I are still working on this
09:51:25 [tlr]
issue-91?
09:51:25 [trackbot]
ISSUE-91 -- Might want prohibitions on first parties re-selling data to get around the intent of DNT -- closed
09:51:25 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/91
09:51:44 [tlr]
issue-101?
09:51:44 [trackbot]
ISSUE-101 -- What is a user? add to defns -- pending review
09:51:44 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/101
09:53:11 [rigo]
TL: Please put deadline on me and Ninja to come up with a wording until 3 Feb
09:53:28 [npdoty]
the action is action-40
09:53:30 [rigo]
AM: issue-101 move from pending to open
09:53:44 [tlr]
action-101?
09:53:44 [trackbot]
ACTION-101 does not exist
09:53:52 [tlr]
ISSUE-101?
09:53:52 [trackbot]
ISSUE-101 -- What is a user? add to defns -- open
09:53:52 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/101
09:53:59 [rigo]
issue-104?
09:53:59 [trackbot]
ISSUE-104 -- Could use a better defn of user agent, rather than browser -- pending review
09:53:59 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/104
09:54:18 [rigo]
AM: good text that came in from Roy.
09:54:35 [tlr]
issue-104 closed
09:54:36 [trackbot]
ISSUE-104 Could use a better defn of user agent, rather than browser closed
09:54:43 [rigo]
AM close issue 104
09:54:55 [tlr]
ISSUE-104: section 3.11 user agent
09:54:55 [trackbot]
ISSUE-104 Could use a better defn of user agent, rather than browser notes added
09:55:02 [rigo]
3.11 text accepted
09:55:58 [rigo]
DS: exception and exemption are not used consistently
09:56:18 [rigo]
AM: used in different ways, I'm mixed up too
10:07:19 [aleecia]
aleecia has joined #dnt
10:24:39 [fwagner]
fwagner has joined #dnt
10:36:14 [tlr]
tlr has joined #dnt
10:36:51 [fwagner]
fwagner has joined #dnt
10:37:16 [tlr]
topic: excitement
10:37:51 [npdoty]
npdoty has joined #dnt
10:38:55 [rvaneijk]
rvaneijk has joined #dnt
10:38:59 [npdoty]
scribenick: npdoty
10:39:03 [npdoty]
topic: What are we doing here?
10:39:15 [npdoty]
aleecia: some things that I've heard
10:39:23 [rvaneijk]
Aleecia: Do Not Track profile
10:39:32 [rvaneijk]
... Do not X-site track
10:39:39 [npdoty]
... Do Not Profile -- continue to collect, but don't profile
10:39:45 [npdoty]
... Do Not Cross-site Track
10:39:53 [npdoty]
... Do Not Cross Time Track
10:40:14 [tl]
tl has joined #dnt
10:40:45 [jmayer]
jmayer has joined #dnt
10:41:06 [npdoty]
rigo: a scenario where somebody visits a site on medical information to inform himself, and this is shared with his insurance which affects his fees when they assume that he's sick
10:41:15 [npdoty]
... a pure 1st-party scenario
10:41:28 [npdoty]
... can or should Do Not Track address that
10:41:29 [npdoty]
?
10:42:34 [npdoty]
aleecia: discuss this list or add to the categories first; later we can look at specific use cases
10:42:55 [npdoty]
dsinger: do not build a database? is that different than "Do Not Profile"?
10:43:17 [npdoty]
jimk: about data collection/retention, unlike the others
10:43:40 [npdoty]
WileyS: I think do-not-profile can be characterized in that way
10:43:54 [npdoty]
tl: treat me as someone about whom you know nothing and remember nothing about me
10:44:14 [npdoty]
aleecia: every impression is a first impression, like "Do Not Track Across Time"
10:44:34 [npdoty]
fielding: tl, do you intend that to also include 1st parties?
10:45:03 [npdoty]
tl: this would only apply if I didn't intend to communicate with you, so 1st parties would be exempt
10:45:34 [npdoty]
sean: concerned about 1st/3rd party distinction for these
10:46:06 [npdoty]
dsinger: we can separately define the exceptions to tracking, but the definition of tracking is under discussion now
10:46:29 [npdoty]
fielding: applying to ePrivacy directive
10:46:41 [npdoty]
... including the first party issues that have to do with setting cookies
10:47:02 [npdoty]
... setting cookies as a first party under the ePrivacy directive might be something we're trying to address here
10:47:39 [npdoty]
rigo: recording consent in the first party context
10:48:38 [npdoty]
<cross-talk: should we be having this high-level conversation?>
10:49:20 [npdoty]
rvaneijk: tracking is "following user behavior across sites"
10:50:20 [npdoty]
mzaneis: pretty clear that the Internet is based on data collection; everybody collects data and everybody tracks
10:51:01 [npdoty]
karl: distinction of cross-site tracking between companies or by services
10:51:12 [jmayer]
jmayer: If your views on web privacy reduce to one word, you are part of the problem, not part of the solution.
10:51:31 [npdoty]
johnsimpson: do not track should mean do not collect
10:53:13 [npdoty]
wileys: "do not target", even if it's not going to be popular in the room <some laughter>
10:53:14 [rvaneijk]
rvaneijk has joined #dnt
10:54:52 [rvaneijk]
vtoubiana: if do not profile means do not remember?
10:55:04 [npdoty]
vincent: would recommend-- remember my interests, but not the sites that I visited
10:55:07 [rvaneijk]
JC: pulling profiles out of a log file is different
10:55:15 [npdoty]
scribe not sure he got that one right
10:55:31 [rvaneijk]
DGINFSO: identifyability is enough of a disctinction
10:55:32 [npdoty]
alex: do not collect data unique to a user
10:55:43 [rvaneijk]
bsullivan: not including PII?
10:55:47 [npdoty]
bryan: isn't that the same as not collecting PII?
10:56:21 [npdoty]
aleecia: Google opt-out cookie might be an example in practice
10:56:34 [npdoty]
... aggregation as another potential tool
10:57:12 [npdoty]
collection, retention, use, minimization, aggregation
10:57:17 [rvaneijk]
scribe: thumbs up for Karl
10:58:08 [npdoty]
Do Not Target: still allows collection, allows retention, has a use limitation, could have minimization, aggregation unlikely
10:58:32 [npdoty]
Do Not Profile: allows collection, allows retention, use limitation
11:01:10 [npdoty]
Do Not Create A Profile: limits collection, limits retention, some kind of minimization?
11:03:15 [npdoty]
Do Not Cross Site Track (dsinger): tunnel vision, don't remember anything about the interaction except what took place between you and the user
11:03:55 [npdoty]
... impacts collection, impacts retention (in a different way), doesn't limit use
11:04:46 [npdoty]
Do Not Cross Time Track / Forget Me / Don't Remember Me / a stateless service: allows collection, prohibits retention, no other changes
11:05:34 [npdoty]
Do Not Collect Identifiable Information: affects collection and retention
11:05:46 [npdoty]
aleecia: collection will generally always involve retention, right?
11:06:47 [npdoty]
... minimization and aggregation don't differentiate between these proposals
11:10:56 [npdoty]
ninja: what's the difference between Do Not Target and Do Not Profile?
11:11:45 [npdoty]
WileyS: Do Not Target would create a profile and keep it around in case the user changes their mind
11:12:17 [npdoty]
Do Not Profile is just Do Not Create A Profile
11:13:10 [npdoty]
Do Not Collect Identifiable Information might be mostly about aggregation
11:14:05 [npdoty]
aleecia: Do Not Remember Me is the more-than-just-advertising view of Do Not Profile
11:16:00 [rvaneijk]
ndoty: use limitation instead of data collection limitation
11:18:10 [rvaneijk]
shane: categorisation is key in creating profiles
11:18:42 [npdoty]
scribenick: rvaneijk
11:18:49 [rvaneijk]
rigo: can data that has been collected be shared to oter parties
11:19:13 [rvaneijk]
rfielding: it is ok to customize for current session
11:19:25 [rvaneijk]
... so targeting in current session based on data collected in current session
11:19:57 [rvaneijk]
swiley: if we only can vote for one, then distinguise enough between options
11:21:51 [npdoty]
no support for Do Not Target
11:22:06 [npdoty]
some support for all others, perhaps less for the last one around which there was confusion
11:22:07 [rvaneijk]
aleecia: humming result: do not target is off the list
11:23:05 [npdoty]
action: ninja to write-up Do Not Collect Identifiable Information
11:23:06 [trackbot]
Created ACTION-73 - Write-up Do Not Collect Identifiable Information [on Ninja Marnau - due 2012-02-01].
11:23:18 [npdoty]
action-73 due 02-08
11:23:18 [trackbot]
ACTION-73 Write-up Do Not Collect Identifiable Information due date now 02-08
11:23:40 [npdoty]
action: jeffc to write-up Do Not Create A Profile
11:23:40 [trackbot]
Sorry, couldn't find user - jeffc
11:23:52 [npdoty]
action: chester to write-up Do Not Create A Profile
11:23:52 [trackbot]
Created ACTION-74 - Write-up Do Not Create A Profile [on Jeffrey Chester - due 2012-02-01].
11:24:27 [npdoty]
action: shane to write-up a hybrid of Do Not Profile and Do Not Cross-Site Track
11:24:27 [trackbot]
Created ACTION-75 - Write-up a hybrid of Do Not Profile and Do Not Cross-Site Track [on Shane Wiley - due 2012-02-01].
11:24:58 [npdoty]
action: kevin smith to write up Do Not Cross-Site Track
11:24:58 [trackbot]
Sorry, amibiguous username (more than one match) - kevin
11:24:58 [trackbot]
Try using a different identifier, such as family name or username (eg. ktrilli2, ksmith5)
11:25:11 [npdoty]
action: ksmith5 to write up Do Not Cross-Site Track
11:25:11 [trackbot]
Created ACTION-76 - Write up Do Not Cross-Site Track [on Kevin Smith - due 2012-02-01].
11:25:23 [npdoty]
action: singer to write up Do Not Cross-Site Track
11:25:23 [trackbot]
Created ACTION-77 - Write up Do Not Cross-Site Track [on David Singer - due 2012-02-01].
11:25:39 [tlr]
issue-5?
11:25:39 [trackbot]
ISSUE-5 -- What is the definition of tracking? -- raised
11:25:39 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/5
11:25:59 [rvaneijk]
rfielding: please attach all commonts on these action items as issue-5
11:26:07 [tlr]
s/commonts/comments/
11:26:08 [npdoty]
action: karl to write up Forget Me/ Do Not Cross Time Track
11:26:08 [trackbot]
Created ACTION-78 - Write up Forget Me/ Do Not Cross Time Track [on Karl Dubost - due 2012-02-01].
11:26:31 [npdoty]
aleecia: for each, please tag with issue-5, a description and use cases
11:28:06 [rvaneijk]
dsinger: implications on structure of document and use of already drafted terms
11:28:33 [rvaneijk]
aleecia: will take this into account in future process of dealing with the issuelist
11:30:04 [rvaneijk]
ksmith: all depends on what we are going to do. THerefor it is important to choose as a group on what we are going to do. So we can answer the question: does this text meet our objectives?
11:30:50 [rvaneijk]
rvaneijk has left #dnt
11:31:08 [npdoty]
back at 1:30
11:37:29 [mischat_]
mischat_ has joined #dnt
12:29:01 [efelten]
efelten has joined #dnt
12:29:32 [dsinger]
dsinger has joined #dnt
12:29:54 [tedleung]
tedleung has joined #dnt
12:32:56 [dsinger]
issue-25?
12:32:56 [trackbot]
ISSUE-25 -- Possible exemption for research purposes -- pending review
12:32:56 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/25
12:33:06 [efelten]
efelten has joined #dnt
12:33:13 [fwagner]
fwagner has joined #dnt
12:33:22 [Joanne]
Joanne has joined #DNT
12:33:42 [KevinT]
KevinT has joined #dnt
12:33:56 [tlr]
tlr has joined #dnt
12:34:12 [aleecia]
aleecia has joined #dnt
12:34:48 [vincent]
vincent has joined #dnt
12:36:43 [rvaneijk]
rvaneijk has joined #dnt
12:37:48 [jmayer]
jmayer has joined #dnt
12:38:30 [sean]
sean has joined #dnt
12:38:38 [sean]
We are online baby!
12:38:44 [sean]
Matthias: we now move to TPE spec
12:38:55 [npdoty]
topic: Tracking Preference Expression issues
12:38:56 [rigo]
rigo has joined #dnt
12:39:04 [sean]
Matthias: goal is to assign as many of the issues as possible
12:39:28 [sean]
Matthias: has a list of pending items on the screen: let's go through the list together
12:40:15 [sean]
ISSUE-27 - how should opt back in mechanism be decided. draft text from shane & nick.
12:41:07 [sean]
Nick: overview. the idea is taht some sites may want to ask for an exception. your browser will know all of your exceptions. no need to track out of band exceptions.
12:41:36 [sean]
Nick: A JS API keeps track of the exceptions asynchronously.
12:41:54 [sean]
Nick: DOM property could check for exceptiosn & wouldn't need to prompt the user.
12:42:15 [sean]
Nick: Exceptions limited to origin pair. while i browse site x, vendor y can "track" me
12:43:09 [sean]
Adobe: does not currently pass first party info to third party, NIck/Shane: this is an open item.
12:44:01 [sean]
RIgo: the way browsers work may clash with our party definitions. we need to measure pain of sticking iwth browser definitions vs benefits of enlarging first party definitions (multiple first parties, etc.)
12:45:11 [sean]
NIK; spec is agnostic on how the data is stored, done on client side but client can choose how (in answer to Tom from Opera)
12:45:23 [sean]
Shane: its up to each vendor to decide on the interface
12:45:35 [reader]
reader has joined #dnt
12:45:43 [alex_]
alex_ has joined #dnt
12:45:58 [sean]
Matthias: main issue: does this work where there are multiple first parties? and is the proposed format expressive enough.
12:46:28 [sean]
ACTION ITEM for ISSUE 27 for Tom: validate whetherh TPE lists can be used to store opt-back-in features or not.
12:46:28 [trackbot]
Sorry, couldn't find user - ITEM
12:47:23 [sean]
ACTION ITEM for Issue 27: Shane to work with David Singer & Nick to determine whether David's party paradigm would resolve this issue.
12:47:23 [trackbot]
Sorry, couldn't find user - ITEM
12:47:40 [sean]
Shane: what you would store in the 1/3 party pair would be the parent. Nick is skeptical.
12:48:05 [sean]
thx
12:48:06 [rvaneijk_]
rvaneijk_ has joined #dnt
12:48:28 [sean]
Action: Tom to validate whether TPE lists can be used to store opt-back-in features or not
12:48:28 [trackbot]
Sorry, couldn't find user - Tom
12:48:36 [aleecia]
(helps to have a deadline too, like Action: Tom to make cookies by tuesday)
12:48:46 [aleecia]
(Tom = tl)
12:49:13 [rvaneijk]
rvaneijk has joined #dnt
12:49:31 [tl]
No, that item was assigned to Karl?
12:49:38 [sean]
yes sorry
12:50:12 [sean]
Action: karl dubost to validate whether TPE lists can be use to store opt-back-in features or not
12:50:12 [trackbot]
Created ACTION-79 - Dubost to validate whether TPE lists can be use to store opt-back-in features or not [on Karl Dubost - due 2012-02-01].
12:51:02 [sean]
Action: dsinger with shane to determine whether dave singer's new party paradigm would be a solution for Issue 27
12:51:02 [trackbot]
Sorry, couldn't find user - dsinger
12:51:11 [Chapell]
Chapell has joined #DNT
12:51:35 [sean]
Action: david singer and shane wiley to determine whether dave singer's paradigm on parties would be a solution for Issue 27
12:51:35 [trackbot]
Created ACTION-80 - Singer and shane wiley to determine whether dave singer's paradigm on parties would be a solution for Issue 27 [on David Singer - due 2012-02-01].
12:51:45 [rigo]
Action: Karl to validate whether the TPLs can also express a cluster of whitelists for use with the Javascript API as defined by Nick
12:51:45 [trackbot]
Created ACTION-81 - Validate whether the TPLs can also express a cluster of whitelists for use with the Javascript API as defined by Nick [on Karl Dubost - due 2012-02-01].
12:52:06 [sean]
Matthias: Shane can get us an opinion on Action 81 in the next week
12:52:25 [karlcow]
karlcow has joined #dnt
12:52:42 [karlcow]
RRSAgent, make logs public
12:52:56 [rigo_]
rigo_ has joined #dnt
12:53:12 [sean]
Matthias: close the discussion on Issue 27
12:53:23 [rigo]
trackbot, drop Action-81
12:53:23 [trackbot]
Sorry, rigo, I don't understand 'trackbot, drop Action-81'. Please refer to http://www.w3.org/2005/06/tracker/irc for help
12:54:09 [fwagner]
fwagner has joined #dnt
12:54:17 [rigo]
trackbot, close Action-81
12:54:17 [trackbot]
ACTION-81 Validate whether the TPLs can also express a cluster of whitelists for use with the Javascript API as defined by Nick closed
12:54:21 [ksmith]
ksmith has joined #DNT
12:54:32 [rigo]
was duplicate
12:55:21 [sean]
Issue 78: what's the difference between absence of DNT header and DNT=0
12:55:57 [tl]
Action: tl to Assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27].
12:55:57 [trackbot]
Sorry, amibiguous username (more than one match) - tl
12:55:57 [trackbot]
Try using a different identifier, such as family name or username (eg. tleung2, tlowenth)
12:56:24 [sean]
Roy: current text does not have consensus. could put an action item on roy to put an action item to edit & put a new draft into the spec.
12:56:48 [tl]
Action: tlowenth to Assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27].
12:56:48 [trackbot]
Created ACTION-82 - Assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27]. [on Thomas Lowenthal - due 2012-02-01].
12:57:13 [sean]
Roy: this conversation relates to meanings of DNT 1 & 0, relative to compliance items (cross-tracking) being in the header spec
12:57:41 [sean]
Shane: other issue was DNT=nothing instead of not sending a DNT header at all. related potentially to eprivacy.
12:58:17 [bryan]
bryan has joined #dnt
12:58:20 [sean]
Rigo: We should require the sending of DNT unset, because only then does the service know you can trigger an opt back in (if they get consent)
12:58:30 [sean]
TL: disagrees. you'll know which ua version supports DNT
12:58:34 [bryan]
present+ Bryan_Sullivan
12:58:43 [sean]
Nick: you could check for the js method.
12:59:29 [sean]
Kevin: should be an option for DNT-OFF. e.g. if dnt is on by default, someone could set the preference globally to OFF
12:59:58 [sean]
TL: when you see a DNT header, it's talking to you. so you should not be able to get anything on the state of the rest of the world.
13:00:43 [sean]
Aleecia: don't think that's going to happen based on how we are building it. legislation might be that if you don't get a signal then you have to assume it is on
13:00:59 [vincent_]
vincent_ has joined #dnt
13:01:57 [sean]
Shane: would help in knowing whether a given browser version is capable of passing DNT header
13:02:19 [sean]
action: roy fielding to take the text from the email conversation & place it in the doc
13:02:19 [trackbot]
Created ACTION-83 - Fielding to take the text from the email conversation & place it in the doc [on Roy Fielding - due 2012-02-01].
13:02:48 [sean]
Aleecia: need non-normative text that makes the purpose of 0 clearer
13:03:17 [sean]
TL: not happy passing null for a mozilla user
13:03:43 [sean]
TL: happy with the current proposal. Matthas asks we wait for Roy's next text version & we will comment further from there
13:04:23 [sean]
action: describe the reason for setting DNT=null
13:04:23 [trackbot]
Sorry, couldn't find user - describe
13:04:45 [sean]
action: shane wiley to describe the reason for setting DNT=null
13:04:45 [trackbot]
Created ACTION-84 - Wiley to describe the reason for setting DNT=null [on Shane Wiley - due 2012-02-01].
13:05:43 [sean]
ISSUE 84 Do we need a JS API / DOM property for client side js access to DNT status
13:06:05 [rigo]
trackbot, comment ACTION-83 take text from email about section for and DNT-header values
13:06:05 [trackbot]
ACTION-83 Fielding to take the text from the email conversation & place it in the doc notes added
13:06:09 [sean]
Jonathan: comfortable where we are now, no objections to text
13:07:17 [sean]
Tom: remove the ability to set this within the DOM. it will always be an HTTP request. Shane seconds this.
13:08:09 [sean]
Rigo: not sure why this can take different values
13:08:45 [sean]
Shane: If you're a 3p on a 1p DOM, if i look into the DOM header the current signal is 1. but site specific exception is in place and that's 0. you would have to start building business rules on different signals from DOM vs HTTP request
13:08:57 [vincent]
vincent has joined #dnt
13:09:53 [sean]
Jonathan: agrees. there are ways of making JS DNT aware that is in the JS provided by the browser. website can serves some js that reflects what the server received in the header. not hard to write & will always be correct. also comfortable dropping DOM with some discussion explaining why.
13:11:07 [sean]
Thomas; we want to figure out a way taht no party finds out the settings for other parties. it might be worth having a few people put their heads together & think it through a bit more. if we get site specific exceptions solved cleanly i suspect we will have this solved as well
13:11:28 [sean]
Matthias: let's drop this & charge a group with leader to find a way to repair it. if not, drop it.
13:11:47 [sean]
Rigo: which use cases will we love if we do not have JS API?
13:12:24 [andyzei]
andyzei has joined #dnt
13:15:16 [sean]
Thomas; everyone agrees API is not going to work. let's remove the text since we don't know how to fix it. if people come up with new proposal we can create a new issue.
13:15:49 [fwagner]
fwagner has joined #dnt
13:16:58 [sean]
much debate about whether or not we should close this issue, or open a new issue
13:17:14 [tlr]
proposed: close issue-96, re-open issue-84
13:17:37 [vincent]
vincent has joined #dnt
13:18:20 [aleecia]
jmayer: difference between browser API and not. Is the issue one about should js be DNT aware? (If so, yes, we have a proposal.)
13:18:28 [sean]
Jonathan: will send an email to the list on technical solutions (possible), or do we need an issue specifically on an API & leave that issue open?
13:19:17 [sean]
action: jonathan mayer to draft text to send out around a potential technical solution
13:19:17 [trackbot]
Created ACTION-85 - Mayer to draft text to send out around a potential technical solution [on Jonathan Mayer - due 2012-02-01].
13:19:25 [sean]
ISSUE 87
13:19:47 [rigo]
issue-87?
13:19:47 [trackbot]
ISSUE-87 -- Should there be an option for the server to respond with "I don't know what my policy is" -- pending review
13:19:47 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/87
13:19:50 [sean]
closed; Issue 87
13:19:51 [tlr]
issue-86?
13:19:51 [trackbot]
ISSUE-86 -- Do we have general extensibility capability for header response? -- closed
13:19:51 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/86
13:19:54 [npdoty]
close issue-87
13:19:58 [trackbot]
ISSUE-87 Should there be an option for the server to respond with "I don't know what my policy is" closed
13:20:01 [sean]
closed ISSUE-87
13:20:08 [sean]
closed: Issue-87
13:20:15 [rigo]
trackbot, close issue-87
13:20:15 [trackbot]
ISSUE-87 Should there be an option for the server to respond with "I don't know what my policy is" closed
13:20:28 [sean]
Issue 95
13:20:38 [rigo]
issue-95?
13:20:38 [trackbot]
ISSUE-95 -- May an institution or network provider set a tracking preference for a user? -- pending review
13:20:38 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/95
13:20:43 [sean]
may an institution or a network provider set a TPE for a user?
13:20:45 [vt]
vt has joined #dnt
13:21:00 [sean]
y please
13:22:07 [sean]
bryan sullivan: want the ability to express a preference by a corporation, for a family
13:22:19 [sean]
david singer: is it ok i agree to be tracked because i am using wifi in a given hotel?
13:22:50 [sean]
shane: a legal issue, but potentially yes
13:23:41 [rigo]
the general setting would kill the user consent thingy as it wouldn't be the user's consent anymore
13:25:32 [sean]
jim killock: believes setting DNT on is legitimate, setting it off is not
13:27:02 [sean]
thomas; do we have any contributors in this room that want to propose changes to this text? would otherwise prefer we close the issue.
13:27:27 [sean]
Bryan Sullivan: must the preference be managed just on the device
13:27:34 [sean]
shane: no we excplicitly called out that it is not limited in this way
13:28:07 [sean]
david singer: can we have some examples to back up this text? Shane -- we provided on the email chian
13:28:34 [sean]
close: issue-95
13:28:40 [tlr]
issue-95 closed
13:28:40 [trackbot]
ISSUE-95 May an institution or network provider set a tracking preference for a user? closed
13:28:57 [sean]
issue-96?
13:28:57 [trackbot]
ISSUE-96 -- The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) -- pending review
13:28:57 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/96
13:28:58 [tlr]
issue-96?
13:28:58 [trackbot]
ISSUE-96 -- The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) -- pending review
13:29:00 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/96
13:29:20 [tlr]
issue-96 closed
13:29:21 [trackbot]
ISSUE-96 The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) closed
13:29:25 [tlr]
issue-84?
13:29:25 [trackbot]
ISSUE-84 -- Do we need a JavaScript API / DOM property for client-side js access to Do Not Track status? -- pending review
13:29:25 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/84
13:29:44 [sean]
close: issue-96
13:29:55 [rigo]
trackbot, close issue-96
13:29:55 [trackbot]
ISSUE-96 The doNotTrack attribute should mirror the value of the header (potentially empty, extensions, etc.) closed
13:30:40 [rigo]
Topic: Response headers
13:32:14 [sean]
matthias: 3 high level areas: (1) Elements (fields) if we send the header, what elements go into it?
13:32:19 [sean]
(2) when to send the response headers
13:32:41 [sean]
(3) misc
13:33:12 [sean]
RIgo: caching is likely to take up a lot of time
13:33:13 [vt]
vt has joined #dnt
13:34:48 [sean]
TL: main components: 1/3p, whether subject to exceptions, option for serer to tell users they're opted back in, response for catchable objects
13:35:22 [sean]
no-dnt -- not allowed, means you're not in compliance. for now it is a reserved value
13:36:25 [sean]
well-known URI: whatever exceptions you are claiming there. not sure if its human readable or not yet
13:36:39 [rigo]
DNT: P3P-URI would be also nice :)
13:36:58 [sean]
TL: main idea: on resources which tracking occurs, the access of that resource could produce data compatible with DNT, you get a response header.
13:37:23 [sean]
caching situation: tracking doesn't take place here, so not needed
13:38:32 [sean]
Rigo: concerned the solution is overly complex with too many values. also has URI that points to further documentation that might contradict the meaning
13:38:52 [sean]
TL: feels this is covered in the spec. not allowed to contradict.
13:39:50 [sean]
TL: header that says " we follow DNT" is not as useful to a client browser that wants to take dynamic actions based on levels of compliance
13:43:56 [sean]
Alex: compliance is definitive, yes or no. if i the server have an exception with you through the user via a website visited, or through a backend contract. when a server comes in with DNT-on I don't know why that is the case.
13:44:57 [sean]
Matthias: the concern here is that the server side third party may not be able to distinguish between these different values and may not know how to respond accurately.
13:45:31 [rvaneijk]
rvaneijk has joined #dnt
13:45:58 [sean]
Alex: would be easier to send a static header response
13:46:47 [sean]
Kevin: this is very thorough. however i find it overly complicated & confusing and a little redundant. haven't heard a use case to presenta big enough advantage to justify the cost of the complexity involved here.
13:47:05 [sean]
Kevin: greatly simplified when you look at it as cross site tracking instead of 1st v 3rd
13:47:20 [bryan]
+1 to Kevin's concern over the complexity of including 1st and 3rd party distinction in the response
13:47:53 [sean]
Nick: DNT=0 -- could we specify the syntax. DNT=0 indicates you don't comply. move some of this langauge to the compliance spec.
13:48:07 [sean]
Nick: if I know i am never going to track, what value should I set?
13:49:28 [npdoty]
I think we could clarify dnt:c to apply to any resource that surely won't be tracked
13:49:46 [sean]
Roy: edit: if a message is marked as cacheable,it is considered compliant
13:52:12 [sean]
Roy: little o, big o and 0 seems like a bad idea. pick letters that are not confused with one another
13:53:23 [sean]
TL: Ok to use 3 letters? people say yes
13:53:33 [npdoty]
action: doty to write a clarification of dnt:c to apply to never-tracked resources
13:53:33 [trackbot]
Created ACTION-86 - Write a clarification of dnt:c to apply to never-tracked resources [on Nick Doty - due 2012-02-01].
13:53:40 [sean]
action: tom lowenthal to draft new letter indicators
13:53:40 [trackbot]
Sorry, couldn't find user - tom
13:53:48 [aleecia]
(tl)
13:53:58 [sean]
action: tl to draft new values for the DNT states
13:53:58 [trackbot]
Sorry, amibiguous username (more than one match) - tl
13:53:58 [trackbot]
Try using a different identifier, such as family name or username (eg. tleung2, tlowenth)
13:54:06 [tlr]
ACTION: lowenthal to color bikeshed in distinguishable colors
13:54:06 [trackbot]
Created ACTION-87 - Color bikeshed in distinguishable colors [on Thomas Lowenthal - due 2012-02-01].
13:54:09 [npdoty]
tl, I think IanF and other Google employees will complain if you increase the length of the response, even if only by a character
13:54:39 [tlr]
ACTION-87: this action item actually refers to the DNT response header coding. requirements: brief, pronounceable, distinguishable.
13:54:39 [trackbot]
ACTION-87 Color bikeshed in distinguishable colors notes added
13:56:24 [sean]
Rigo: main reason for pushing response header was consent mechanism. static dnt=1 would serve this purpose better
14:00:27 [karl]
q?
14:01:10 [amyc]
amyc has joined #dnt
14:01:44 [Chapell]
Chapell has joined #DNT
14:02:37 [sean]
kevin: could get rid of opt-dnt 1 and 3 by rolling it into except dnt3
14:03:29 [sean]
Matthias: let's have tom & kevin sit together & discuss further.
14:03:50 [sean]
Matthias: we have 2 ways to move forward (1) fix this expressive solution (2) a much simpler solution with a completely different design
14:05:39 [sean]
Karl: we're getting ahead of the compliance doc
14:06:04 [kj]
kj has joined #dnt
14:06:31 [sean]
Ed: are we discussing whether to have finer granularity in reasons for tracking, should server say why they're allowed to track in a given context?
14:08:51 [sean]
Aleecia: if we have the framework on compliance, it probably doesn't change much. so let's go down this road.
14:09:22 [aleecia]
"I don't like it" is not a proposal :-)
14:09:30 [karl]
another option is to have a first version which is very simple and can be more expressive later if we think we need it
14:09:37 [sean]
Rigo: volunteers to try a simpler alternative
14:09:43 [bryan]
q+
14:09:53 [karl]
later = after implementations experience
14:10:18 [sean]
action: rigo shane wiley roy fielding sean harvey to draft a simpler version of the spec
14:10:18 [trackbot]
Created ACTION-88 - Shane wiley roy fielding sean harvey to draft a simpler version of the spec [on Rigo Wenning - due 2012-02-01].
14:10:40 [sean]
Week of FEb 3 for Action 88 (rigo is the leader of the group)
14:10:41 [karl]
many technologies failed because the first version was too complex to implement
14:10:46 [tlr]
ACTION-88: refers to DNT HTTP response header
14:10:47 [trackbot]
ACTION-88 Shane wiley roy fielding sean harvey to draft a simpler version of the spec notes added
14:13:49 [KevinT]
q+
14:14:11 [sean]
shane: we have exceptions from compliance doc. this says you're employing one of these exceptions or not & it doesn't seem valuable & adds non-useful complexity to the response header
14:15:01 [sean]
david singer: wants to make sure there is a simple binary response for the user
14:15:42 [sean]
Roy: options for what to call this response header. DNT, T...
14:15:49 [karl]
MrT
14:15:53 [sean]
shane: T is a bad idea because it is often used e.g. for "time"
14:17:54 [sean]
Aleecia/Roy: TK will be the header name for the moment
14:18:14 [npdoty]
+1 on TK
14:18:14 [sean]
action: roy fielding to make final decision on response header name
14:18:15 [trackbot]
Created ACTION-89 - Fielding to make final decision on response header name [on Roy Fielding - due 2012-02-01].
14:18:20 [karl]
ER ~ Emergency Room
14:19:10 [sean]
ed felten: from law enforcement standpoint. assume a bad actor. I'm trying to catch them lying to the user. the more specific, the easier it is to do that. if there is only one value and there are 8 exceptions to hide behind its harder to figure out what's happening.
14:19:53 [bryan]
I'm concerned about the amount of data traffic that this will generate, given that operational exceptions and outsourcing exceptions will be common for example, and the explanations will amount to a lot of text over time. I would prefer if any static response aspects could be in a file (XML, JSON) at the "well-known" URL, and the DNT header was a simple ack of DNT:1 or DNT:0.
14:20:01 [sean]
Kevin: need to account for user & also expert "auditor" or complier
14:20:53 [sean]
Bryan: worried amount of data this is goign to generate. any extra data static & sent on a regular basis, potentially billions of times a day for large sites
14:21:01 [sean]
TL: this was previously handled
14:21:31 [bryan]
brief explanation of the result would be at least courteous....
14:21:31 [sean]
Rigo: each of these values/states should be easily testable
14:21:36 [sean]
TL: that's not possible
14:21:50 [bryan]
if not informative for others that are also not aware of it...
14:22:23 [npdoty]
how significant is the cost of data, bryan? 5 or 6 additional characters on responses (which tend to be much larger than requests)?
14:22:36 [fwagner]
fwagner has joined #dnt
14:23:01 [sean]
karl: concern about developers making mistakes on the server side
14:23:02 [bryan]
every static response adds up quickly
14:23:30 [bryan]
this is why accept: */* is very common now in mobile devices
14:24:09 [npdoty]
you can see discussion in http://www.w3.org/2011/11/01-dnt-minutes.html, where Ian's suggestion was about keeping it down to a few characters per response rather than full URLs
14:24:13 [sean]
jonathan: 2 reasons he preferes more granularity (1) complexity overstated. site doesn't have to implement all of them, only a very small subset.
14:24:42 [npdoty]
within those minutes, Ctrl-F "bytes" is a quick way to find the relevant area
14:24:43 [sean]
jonathan: (2) there is real value to this additional data. analytics to let us know how it is being used etc
14:25:35 [npdoty]
(I think bytes cost has been discussed since too, but those Santa Clara minutes was in my immediate memory)
14:25:48 [efelten]
efelten has joined #dnt
14:26:21 [sean]
aaaaand break
14:26:29 [npdoty]
thanks for scribing, sean!
14:26:46 [bryan]
Ian's response is understood, but from a network operator perspective the cost of carrying unnecessary bytes is excessive
14:27:05 [dan]
dan has joined #dnt
14:38:46 [KevinT]
KevinT has joined #dnt
14:55:25 [dwainberg]
dwainberg has joined #dnt
14:59:35 [KevinT_]
KevinT_ has joined #dnt
15:06:51 [dan]
dan has joined #dnt
15:07:07 [kj_]
kj_ has joined #dnt
15:08:45 [johnsimpson]
johnsimpson has joined #dnt
15:08:48 [KevinT_]
topic: open issues
15:09:06 [KevinT_]
issue 43?
15:09:32 [KevinT_]
trackbot, issue=43?
15:09:32 [trackbot]
Sorry, KevinT_, I don't understand 'trackbot, issue=43?'. Please refer to http://www.w3.org/2005/06/tracker/irc for help
15:10:13 [KevinT_]
dsigner: agree in principle
15:10:14 [karl]
rrsagent, please draft the minutes
15:10:14 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/01/25-dnt-minutes.html karl
15:10:32 [tlr]
issue-23 closed
15:10:32 [trackbot]
ISSUE-23 Possible exemption for analytics closed
15:10:48 [tlr]
issue-43 closed
15:10:48 [trackbot]
ISSUE-43 Sites should be able to let the user know their options when they arrive with Do Not Track closed
15:11:02 [tlr]
trackbot, reopen issue-23
15:11:02 [trackbot]
ISSUE-23 Possible exemption for analytics re-opened
15:11:24 [tlr]
issue-105?
15:11:24 [trackbot]
ISSUE-105 -- Response header without request header? -- open
15:11:24 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/105
15:11:47 [fwagner]
fwagner has joined #dnt
15:12:53 [tlr]
ACTION: Tom to modify response header text according to resolution of issue-105 (MUST, otherwise MAY)
15:12:53 [trackbot]
Sorry, couldn't find user - Tom
15:13:00 [tlr]
ACTION: Lowenthal to modify response header text according to resolution of issue-105 (MUST, otherwise MAY)
15:13:04 [trackbot]
Created ACTION-90 - Modify response header text according to resolution of issue-105 (MUST, otherwise MAY) [on Thomas Lowenthal - due 2012-02-01].
15:13:04 [aleecia]
(Tom is tl)
15:13:08 [Chapell]
Chapell has joined #DNT
15:13:11 [tlr]
issue-105 closed
15:13:11 [trackbot]
ISSUE-105 Response header without request header? closed
15:13:59 [vincent_]
vincent_ has joined #dnt
15:14:12 [KevinT_]
107, 90, 48, 51, 76, 79 are all issues related to response headers
15:15:13 [rigo]
issue-61?
15:15:14 [trackbot]
ISSUE-61 -- A site could publish a list of the other domains that are associated with them -- open
15:15:14 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/61
15:15:45 [jmayer]
jmayer has joined #dnt
15:16:33 [KevinT_]
dsinger and shane to add issue 61 to existing action item (need to find #)
15:19:40 [sean]
sean has joined #dnt
15:19:55 [KevinT_]
matthias; issue 47 moved to response header team
15:21:18 [tlr]
issue-61?
15:21:19 [trackbot]
ISSUE-61 -- A site could publish a list of the other domains that are associated with them -- raised
15:21:19 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/61
15:21:39 [andyzei]
andyzei has joined #dnt
15:21:51 [KevinT_]
next topic: raised TPE issues
15:22:38 [efelten]
efelten has joined #dnt
15:22:59 [KevinT_]
issue-114?
15:23:00 [trackbot]
ISSUE-114 -- Guidance or mitigation of fingerprinting risk for user-agent-managed site-specific tracking exceptions -- raised
15:23:00 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/114
15:23:12 [KevinT_]
ISSUE-109?
15:23:12 [trackbot]
ISSUE-109 -- siteSpecificTrackingExceptions property has fingerprinting risks: is it necessary? -- raised
15:23:12 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/109
15:24:15 [tlr]
action: zeigler to write text on fingerprinting risk (ISSUE-109, ISSUE-114), with Nick Doty
15:24:15 [trackbot]
Created ACTION-91 - Write text on fingerprinting risk (ISSUE-109, ISSUE-114), with Nick Doty [on Andy Zeigler - due 2012-02-01].
15:24:29 [tlr]
issue-109 open
15:24:34 [tlr]
trackbot, issue-109 is open
15:24:34 [trackbot]
Sorry, tlr, I don't understand 'trackbot, issue-109 is open'. Please refer to http://www.w3.org/2005/06/tracker/irc for help
15:25:10 [KevinT_]
issue=113?
15:25:42 [tlr]
issue-113?
15:25:42 [trackbot]
ISSUE-113 -- Should there be a JavaScript API to prompt for a Web-wide exception? -- raised
15:25:42 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/113
15:25:46 [tlr]
issue-109?
15:25:46 [trackbot]
ISSUE-109 -- siteSpecificTrackingExceptions property has fingerprinting risks: is it necessary? -- open
15:25:46 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/109
15:25:51 [tlr]
issue-91?
15:25:51 [trackbot]
ISSUE-91 -- Might want prohibitions on first parties re-selling data to get around the intent of DNT -- closed
15:25:51 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/91
15:26:03 [tlr]
issue-114?
15:26:03 [trackbot]
ISSUE-114 -- Guidance or mitigation of fingerprinting risk for user-agent-managed site-specific tracking exceptions -- open
15:26:03 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/114
15:26:41 [KevinT_]
shane: first party context - ex: web-wide exception for widget (social network widget)
15:27:52 [KevinT_]
ksmith: can add widgets without going to widget publisher's site
15:28:04 [KevinT_]
ndoty: not a high priority
15:29:51 [tlr]
action: alan to write text for issue-113
15:29:52 [trackbot]
Created ACTION-92 - Write text for issue-113 [on Alan Chapell - due 2012-02-01].
15:29:55 [tlr]
issue-113
15:29:59 [tlr]
issue-113?
15:29:59 [trackbot]
ISSUE-113 -- Should there be a JavaScript API to prompt for a Web-wide exception? -- raised
15:29:59 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/113
15:30:42 [KevinT_]
issue=115?
15:30:53 [fwagner]
fwagner has joined #dnt
15:31:01 [tlr]
issue-115?
15:31:01 [trackbot]
ISSUE-115 -- Should sites be able to manage site-specific tracking exceptions outside of the user-agent-managed system? -- raised
15:31:01 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/115
15:31:17 [KevinT_]
issue-115?
15:31:17 [trackbot]
ISSUE-115 -- Should sites be able to manage site-specific tracking exceptions outside of the user-agent-managed system? -- raised
15:31:17 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/115
15:32:20 [KevinT_]
shane: need to consider existing opt-ins already in place, shouldnt be MUST
15:32:35 [rvaneijk]
issue-14?
15:32:35 [trackbot]
ISSUE-14 -- How does what we talk about with 1st/3rd party relate to European law about data controller vs data processor? -- open
15:32:35 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/14
15:33:15 [KevinT_]
andyzei: not cool to overnotify users, DNT-2 - please don't track me even if you think you can
15:33:57 [KevinT_]
jeff chester: concerns around lack of transparency for out of band --> suggest best practices
15:35:26 [tlr]
action: jeff to write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim - due in 2 weeks
15:35:26 [trackbot]
Sorry, couldn't find user - jeff
15:35:30 [tlr]
action: chester to write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim - due in 2 weeks
15:35:30 [trackbot]
Created ACTION-93 - write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim [on Jeffrey Chester - due 1970-01-01].
15:35:41 [tlr]
action-93 due 2012-02-07
15:35:41 [trackbot]
ACTION-93 write suggestions for best practices for issue-115, assisted by Ninja, Alan, Jim due date now 2012-02-07
15:35:45 [tlr]
issue-115?
15:35:45 [trackbot]
ISSUE-115 -- Should sites be able to manage site-specific tracking exceptions outside of the user-agent-managed system? -- raised
15:35:45 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/115
15:36:40 [bryan]
q+
15:37:12 [bryan]
+1 to Rigo's comment
15:38:33 [KevinT_]
jimK: past precedent of tracking cookies deposited without consent don't qualify for consent in DNT
15:40:02 [KevinT_]
jmayer: browsers have better set of incentives to educate users vs. business use of privacy policy; if not in browser - have stronger language around notice to be accountability
15:41:21 [mgroman]
mgroman has joined #DNT
15:41:37 [KevinT_]
jmayer: opt-in api - allow for adding text to make user message easier to understand (vs. domain only)
15:41:52 [karl]
karl has joined #dnt
15:43:04 [bryan]
Re sites managing user preferences using out of band methods, browsers are not the only user agents intended to be covered by DNT requirements. Users may not be able to manage DNT preferences across all HTTP-based applications effectively, thus out of band methods can help ensure users can more effectively manage DNT options across all their HTTP-based apps.
15:46:13 [tlr]
action: jmayer to write proposal to communicate information about consent to user as part of opt back in API
15:46:13 [trackbot]
Created ACTION-94 - Write proposal to communicate information about consent to user as part of opt back in API [on Jonathan Mayer - due 2012-02-01].
15:48:12 [KevinT_]
rigo: to bryan - tpl revisited
15:48:47 [KevinT_]
jc wants to rumble
15:50:20 [KevinT_]
issue-112?
15:50:20 [trackbot]
ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- raised
15:50:20 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/112
15:50:43 [KevinT_]
issue-118?
15:50:43 [trackbot]
ISSUE-118 -- Should requesting a user-agent-managed site-specific exception be asynchronous? -- raised
15:50:43 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/118
15:52:45 [tlr]
ACTION: npdoty to write proposal for asynchronous API (ISSUE-118)
15:52:45 [trackbot]
Created ACTION-95 - Write proposal for asynchronous API (ISSUE-118) [on Nick Doty - due 2012-02-01].
15:53:02 [npdoty]
action-95 due 02-07
15:53:02 [trackbot]
ACTION-95 Write proposal for asynchronous API (ISSUE-118) due date now 02-07
15:53:06 [KevinT_]
issue-62?
15:53:06 [trackbot]
ISSUE-62 -- The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context -- raised
15:53:06 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/62
15:53:44 [KevinT_]
issue-46?
15:53:44 [trackbot]
ISSUE-46 -- Enable users to do more granular blocking based on whether the site responds honoring Do Not Track -- raised
15:53:44 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/46
15:53:51 [tlr]
trackbot, ping
15:53:51 [tlr]
action-95 due 2012-02-07
15:53:51 [tlr]
issue-62?
15:53:51 [tlr]
issue-62 closed
15:53:51 [trackbot]
Sorry, tlr, I don't understand 'trackbot, ping'. Please refer to http://www.w3.org/2005/06/tracker/irc for help
15:53:51 [trackbot]
ACTION-95 Write proposal for asynchronous API (ISSUE-118) due date now 2012-02-07
15:53:51 [trackbot]
ISSUE-62 -- The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context -- raised
15:53:53 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/62
15:53:57 [trackbot]
ISSUE-62 The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context closed
15:54:43 [tlr]
+1 to Tom. This is out of scope.
15:56:01 [karl]
automatic is missing in that issue :)
15:56:02 [KevinT_]
tl: out of scope + matthias, rigo
15:56:11 [karl]
issue-46?
15:56:11 [trackbot]
ISSUE-46 -- Enable users to do more granular blocking based on whether the site responds honoring Do Not Track -- raised
15:56:11 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/46
15:56:17 [npdoty]
issue-46?
15:56:17 [trackbot]
ISSUE-46 -- Enable users to do more granular blocking based on whether the site responds honoring Do Not Track -- raised
15:56:17 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/46
15:56:30 [KevinT_]
issue-77?
15:56:30 [trackbot]
ISSUE-77 -- How does a website determine if it is a first or third party and should this be included in the protocol? -- raised
15:56:30 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/77
15:56:55 [tlr]
issue-46: out of scope
15:56:55 [trackbot]
ISSUE-46 Enable users to do more granular blocking based on whether the site responds honoring Do Not Track notes added
15:56:56 [tlr]
issue-46 closed
15:56:56 [trackbot]
ISSUE-46 Enable users to do more granular blocking based on whether the site responds honoring Do Not Track closed
15:57:13 [KevinT_]
discussed: don't need protocol close 77
15:57:34 [efelten]
efelten has joined #dnt
15:58:27 [KevinT_]
trackbot, close issue-77
15:58:28 [trackbot]
ISSUE-77 How does a website determine if it is a first or third party and should this be included in the protocol? closed
15:58:38 [KevinT_]
issue-108?
15:58:38 [trackbot]
ISSUE-108 -- Should/could the tracking preference expression be extended to other protocols beyond HTTP? -- raised
15:58:38 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/108
16:01:19 [tl]
Revised response header spec: https://pad.riseup.net/p/3g4uYDAvNb1n
16:01:37 [KevinT_]
dsinger: suggest text: future documents can be built with same effects into future protocols
16:02:04 [KevinT_]
jmayer: intent to apply to all protocols.
16:02:37 [KevinT_]
aleccia: add to dsinger's comments - original intent was for http, but can be mirrored to other protocols and still remain DNT
16:04:18 [KevinT_]
roy: belongs in compliance spec?
16:04:32 [mgroman]
mgroman has joined #DNT
16:04:44 [karl]
HTTP Tracking Preference Expression
16:04:57 [npdoty]
"our work is designed to apply to all HTTP communications (including mobile apps) and may additionally be applied to additional protocols (ex: SPDY). While we design for HTTP, there is nothing to prevent other protocols from adopting the approaches, definitions, etc. we work out."
16:04:59 [bryan]
http://tools.ietf.org/html/draft-ietf-core-coap-08 is the current version of CoAP and for M2M this will be the transport for HTTP-based applications on constrained bearers for machine-to-machine applications.
16:05:08 [KevinT_]
action: issue-108 jmayer to create text for other protocols
16:05:08 [trackbot]
Sorry, couldn't find user - issue-108
16:05:24 [karl]
HTTP Tracking Preference Expression is one possible implementation of Tracking compliance specification
16:05:30 [KevinT_]
action: jmayer for issue 108 for future protocols
16:05:30 [trackbot]
Created ACTION-96 - For issue 108 for future protocols [on Jonathan Mayer - due 2012-02-01].
16:06:02 [KevinT_]
action: dsinger issue 108 add similar protocol statements to TPE
16:06:02 [trackbot]
Sorry, couldn't find user - dsinger
16:06:26 [npdoty]
dsinger, I think the existing text in a note on ISSUE-108 would be a good starting point for that sentence to add to TPE; we discussed it on a call in December
16:06:47 [KevinT_]
action: dsinger add similar protocol language to TPE spec
16:06:47 [trackbot]
Sorry, couldn't find user - dsinger
16:07:00 [npdoty]
action: singer to add similar protocol language to TPE spec
16:07:01 [trackbot]
Created ACTION-97 - Add similar protocol language to TPE spec [on David Singer - due 2012-02-01].
16:07:30 [npdoty]
action-97: dsinger, I think the existing text in a note on ISSUE-108 would be a good starting point for that sentence to add to TPE; we discussed it on a call in December
16:07:30 [trackbot]
ACTION-97 Add similar protocol language to TPE spec notes added
16:07:42 [KevinT_]
trackbot, close issue-110
16:07:43 [trackbot]
ISSUE-110 Is top-level-origin for outgoing requests workable for site-specific tracking exceptions? closed
16:08:09 [KevinT_]
issue-111?
16:08:09 [trackbot]
ISSUE-111 -- Different DNT values to signify existence of associated exceptions -- raised
16:08:09 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/111
16:10:57 [KevinT_]
tl: feels this is covered already
16:11:18 [KevinT_]
rigo: +1 using p3p case example
16:11:48 [KevinT_]
ndoty: shane feels this is valuable use case for publishers (keep raised)
16:12:56 [karl]
tl, does DNT:1 could block an HTTP referer? example an iframe. Thinking about the wikipedia just cited, where the tracking could occur just with the words in the URI.
16:13:39 [tlr]
ACTION: shane to bring input on ISSUE-111 to the group; otherwise it's closed
16:13:40 [trackbot]
Created ACTION-98 - Bring input on ISSUE-111 to the group; otherwise it's closed [on Shane Wiley - due 2012-02-01].
16:13:50 [tl]
karl, DNT not a technical measure, just a preference expression. Perhaps you could change your browser to add this behavior?
16:14:18 [karl]
yup… but breaking a lot of things. :) hmmm difficult
16:15:22 [npdoty]
action-98: Shane, since most of the people in the group were happy to close this issue now, we'd like to see an explanation of text/use cases for why we should continue to discuss it or adopt it
16:15:23 [trackbot]
ACTION-98 Bring input on ISSUE-111 to the group; otherwise it's closed notes added
17:18:48 [dsinger]
dsinger has joined #dnt
17:35:24 [LaurenGelman]
LaurenGelman has joined #dnt
17:41:49 [clp]
clp has joined #dnt
17:42:27 [clp]
Hello, sorry to be late, I can't listen on phone but just wanted to drop in briefly.
17:43:39 [clp]
clp has joined #dnt
17:44:51 [clp]
clp has joined #dnt
17:47:05 [aleecia]
aleecia has joined #dnt
17:50:23 [dwainberg]
dwainberg has joined #dnt
17:51:34 [mischat]
mischat has joined #dnt
21:38:37 [RRSAgent]
RRSAgent has joined #dnt
21:38:37 [RRSAgent]
logging to http://www.w3.org/2012/01/25-dnt-irc
21:38:42 [npdoty]
rrsagent, draft minutes
21:38:42 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/01/25-dnt-minutes.html npdoty
21:39:31 [npdoty]
trackbot, end meeting
21:39:31 [trackbot]
Zakim, list attendees
21:39:31 [Zakim]
sorry, trackbot, I don't know what conference this is
21:39:34 [trackbot]
RRSAgent, please draft minutes
21:39:34 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/01/25-dnt-minutes.html trackbot
21:39:35 [trackbot]
RRSAgent, bye
21:39:49 [npdoty]
rrsagent, make minutes public
21:39:49 [RRSAgent]
I'm logging. I don't understand 'make minutes public', npdoty. Try /msg RRSAgent help
21:39:57 [npdoty]
rrsagent, make logs public
21:40:05 [npdoty]
rrsagent, bye
21:40:05 [RRSAgent]
I see no action items