IRC log of dnt on 2012-01-26

Timestamps are in UTC.

08:26:20 [RRSAgent]
RRSAgent has joined #dnt
08:26:20 [RRSAgent]
logging to http://www.w3.org/2012/01/26-dnt-irc
08:26:22 [trackbot]
RRSAgent, make logs world
08:26:22 [Zakim]
Zakim has joined #dnt
08:26:24 [trackbot]
Zakim, this will be
08:26:24 [Zakim]
I don't understand 'this will be', trackbot
08:26:25 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
08:26:25 [trackbot]
Date: 26 January 2012
08:26:27 [npdoty]
scribenick: npdoty
08:26:33 [npdoty]
schunter: thanks for coming back
08:26:40 [npdoty]
... some changes to the agenda
08:26:56 [npdoty]
... do some breakout sessions in smaller groups and then come back to the main group
08:27:08 [npdoty]
... first with the TPE and then again with Compliance later
08:27:17 [npdoty]
agenda: http://www.w3.org/2011/tracking-protection/agenda-2012-24-01-belgium.html
08:27:43 [npdoty]
schunter: going through community group comments
08:27:50 [npdoty]
... discussion of timeline, planning and closing remarks
08:28:38 [mischat]
mischat has joined #dnt
08:28:46 [alex_]
alex_ has joined #dnt
08:28:47 [npdoty]
... three breakout sessions for TPE, simplified response header, response header changes and technical mechanism for sites belonging to a party
08:29:20 [npdoty]
tlr: need a discussion on the javascript api?
08:30:02 [johnsimpson]
johnsimpson has joined #dnt
08:30:35 [rvaneijk]
rvaneijk has joined #dnt
08:31:58 [npdoty]
schunter: by show of hands, not a lot of interest in the simplified response header at the moment
08:32:31 [npdoty]
tlr: need a group including people who understand browser/javascript apis and those who understand communication between advertisers and publishers
08:33:44 [npdoty]
jmayer: maybe the sites-belong-to-a-party is a full group discussion, rather than a breakout
08:36:26 [npdoty]
could use some of the discussion time in 11:30 block to discuss the sites-belong-to-a-party as a full group
08:36:37 [jmayer]
jmayer has joined #dnt
08:39:59 [Chapell]
Chapell has joined #DNT
08:40:50 [npdoty]
scribing: Shane for the half-hour plenary block this morning; JC to scribe compliance block; Karl to scribe compliance plenary this afternoon; Bryan for the CG responses; npdoty to scribe wrap-up
08:41:46 [Joanne]
Joanne has joined #DNT
08:42:16 [npdoty]
topic: Process
08:42:17 [jimk]
jimk has joined #dnt
08:42:34 [npdoty]
schunter: challenges to keeping up with the timeline
08:42:42 [sean]
sean has joined #dnt
08:42:47 [npdoty]
... slow progress in generating text, we need to produce more text
08:42:56 [npdoty]
... sometimes text is not delivered as promised
08:43:07 [npdoty]
... slow progress in actually closing issues
08:43:26 [npdoty]
... yesterday we did a much better job, closed more issues yesterday than we ever had
08:44:02 [npdoty]
... some issues where the group is divided and we need to find a middle ground
08:44:15 [npdoty]
... need to find solutions that everyone can live with
08:44:28 [npdoty]
... refine the process a bit
08:44:35 [npdoty]
... Goal 1: Text-centric
08:44:45 [npdoty]
... "if it's not written as text, it does not exist"
08:45:01 [npdoty]
... just criticizing doesn't work, need a counter-proposal as text
08:45:15 [npdoty]
... time-boxed discussions, then assign text for proposals
08:45:21 [npdoty]
... Goal 2: Project management
08:45:23 [alex_]
alex_ has joined #dnt
08:45:31 [npdoty]
... track issues along a timeline more rigidly
08:45:47 [npdoty]
... calls for text, reviews and decisions
08:46:13 [npdoty]
... if we set a deadline where we need text, if we don't get proposals then we as chairs will close issues as no one is interested
08:46:17 [aleecia]
aleecia has joined #dnt
08:46:47 [efelten]
efelten has joined #dnt
08:46:56 [npdoty]
... open issues, getting text proposals, counterproposals
08:47:26 [npdoty]
... if we have unanimity in the group, or if the chairs can identify solutions that fit an 80/20 solution, we can close the issue
08:47:44 [npdoty]
... then W3C process continues on re-opening issues or objecting as usual
08:48:06 [rvaneijk]
rvaneijk has joined #dnt
08:48:17 [npdoty]
... benefits: keeping to our promised deadlines, focusing on concrete and specific proposals
08:48:33 [npdoty]
... npdoty and chairs need to work on tracking issues and deadlines this way
08:48:42 [npdoty]
... and want the group to agree that we can push harder on deadlines
08:49:37 [npdoty]
shane: I agree with the general process, I share the urgency, but having the co-chairs decide, is that part of the W3C process?
08:49:49 [npdoty]
aleecia: it is, we've seen it in HTML5 for example
08:50:10 [npdoty]
... they have a survey to get opinions
08:50:21 [npdoty]
... and objections and then chairs can choose the least objection
08:50:42 [npdoty]
... one thing it implies is that it's useful to put text they can get a majority on rather than on the edges
08:50:53 [npdoty]
... trying to persuade each other to support your text
08:51:07 [npdoty]
... our alternative would be to take these things down to a vote; nobody is thrilled with that idea
08:51:20 [npdoty]
... rather than get an arbitrary level from a vote
08:52:02 [npdoty]
tlr: important element from the HTML5 chairs, not who screams loudest or gets the most me-too's, but weigh the rationales given and the information before the group
08:52:31 [npdoty]
... here is the impact this has on this group of people and that group of people, documented in writing
08:52:38 [npdoty]
... beats a pure headcount approach
08:53:23 [npdoty]
jc: still calls for a suggested decision; leanings of the chairs
08:53:43 [npdoty]
dsinger: just puts more pressure on us to reach consensus
08:53:58 [tl]
tl has joined #dnt
08:54:09 [npdoty]
aleecia: not about my or matthias' previous knowledge, but about the text that's in front of us
08:54:29 [npdoty]
schunter: there's always a level of subjectivity, but try for objectivity based on what's presented in front of us
08:55:27 [npdoty]
tlr: in formal objections, argue in front of the group or in front of the director; if the chairs are not being objective in their analysis, that would be a reason for the director to overturn
08:55:35 [npdoty]
... "least reasoned objective"
08:55:46 [npdoty]
... best process we've seen so far in groups that are massively split
08:56:02 [npdoty]
... based on proposals and counter-proposals before the chairs
08:56:36 [npdoty]
jimk: I can see advantages as a process, but need some pretty clear shared goals even if those goals are in tension with each other
08:56:45 [aleecia]
aleecia has joined #dnt
08:56:59 [npdoty]
... need those goals/objectives to be a bit clearer
08:57:39 [aleecia_]
aleecia_ has joined #dnt
08:58:07 [npdoty]
karl: in html5, when the chairs make a decision, they publish a text report where they explain for each argument exactly why and what was most important
08:58:12 [jimk]
jimk has joined #dnt
08:58:17 [npdoty]
sean: this all sounds reasonable
08:58:23 [vincent]
vincent has joined #dnt
08:58:32 [npdoty]
... how does this connect to the mini-groups we're looking at today?
08:58:41 [npdoty]
... everything you've described in this process sounds fair
08:58:55 [johnsimpson]
johnsimpson has joined #dnt
08:59:01 [npdoty]
schunter: the mini-groups are about generating the text proposals
08:59:11 [johnsimpson]
test
08:59:17 [npdoty]
sean: trying to get to text1, so that people can generate counterproposals
08:59:41 [johnsimpson]
thanks
09:00:06 [npdoty]
schunter: ideally the mini-group would generate a text that the group as a whole would agree to, but if it doesn't, it can start the generation of more counter-proposals
09:01:02 [npdoty]
amyc: thanks for looking at new alternatives to move us forward
09:01:20 [npdoty]
... from law school, important to get text-based definitions
09:02:17 [npdoty]
... changing definitions could then change something we thought we had agreed on
09:02:24 [npdoty]
aleecia: can re-open in some cases
09:03:08 [npdoty]
jmayer: there will be some cases when the further discussion reveals that we didn't actually have consensus
09:03:35 [npdoty]
alan: I'm concerned about silence acting as consent, particularly given how quickly we've started moving
09:03:59 [npdoty]
... might be hard for me to tell you whether I have a counter-proposal when I'm uncertain about definitions
09:04:13 [npdoty]
<phone ringing; thanks to vincent for handling those calls>
09:04:39 [npdoty]
tlr: that might be a classic case of new information being a reason for chairs to re-open an issue
09:05:31 [npdoty]
aleecia: Matthias uses the term "earthquake" for the series of changes that an issue affects including potentially several other issues
09:06:39 [npdoty]
schunter: the difference is that if we talked about something a long time ago and someone didn't raise any concerns until months later, that won't fly
09:07:11 [npdoty]
... very counterproductive if we build a lot on an issue and then have to re-open them later
09:07:37 [npdoty]
ted: I'm happy to hear that we're going to move more quickly, because that will help me understand whether I can agree or disagree, because I currently don't know how they interact
09:07:56 [npdoty]
schunter: our primary goal is to have a complete document end-to-end
09:08:22 [npdoty]
... I feel we have agreement and we're now allowed to get on your nerves a bit more
09:13:32 [aleecia]
do we have anyone scribing?
09:14:05 [aleecia]
thanks, Rob!
09:14:18 [npdoty]
scribenick: rvaneijk
09:14:33 [npdoty]
amyc: how would the end user actually see this?
09:14:37 [rvaneijk]
rvaneijk has joined #dnt
09:14:55 [fwagner]
fwagner has joined #dnt
09:15:03 [johnsimpson]
johnsimpson has joined #dnt
09:17:30 [karl]
karl has joined #dnt
09:18:29 [npdoty]
scribenick: npdoty
09:18:40 [npdoty]
fielding: could have the value in the file, rather than a redirect
09:18:48 [npdoty]
... and what if the site lied about who it's owner was?
09:18:55 [npdoty]
npdoty: +1 on presence in a file
09:19:21 [npdoty]
... but what are we actually going to do with this? if it's just about signaling data sharing, then lying won't matter much
09:19:55 [npdoty]
... but if we are thinking about safety messages to the user, then deception is a problem
09:20:45 [npdoty]
bryan: what about maintaining a list on the master site? a list in XML/JSON, and then a redirect to the master's list on the child sites
09:21:10 [npdoty]
shane: I agree that the security problem is an issue
09:22:08 [npdoty]
... and even if my operational team wouldn't like this, I could support the list and you only need to do this if you want a 1st-party exception
09:22:40 [npdoty]
kevin: how does that validation actually occur?
09:22:48 [npdoty]
... i imagine there are sites where this list is changing hourly
09:25:01 [npdoty]
kevin: would your UA regularly fetch this well-known URI automatically?
09:25:40 [npdoty]
bryan: if the user wants to know the owner, your user agent could fetch it automatically
09:25:56 [npdoty]
karl: the protocol seems simple, but the management seems very difficult
09:27:00 [karl]
karl: is the cost of implementation higher than the benefits for… who? users? companies? Adding sites to the list, removing the list and then managing the short lifetime of web sites bought by spammers
09:27:03 [tedleung]
tedleung has joined #dnt
09:28:09 [npdoty]
shane: the goal here is to be less arbitrary than some of the alternatives for determining how the party is sharing data
09:28:54 [npdoty]
john: can we get a terse definition of the problem?
09:29:42 [npdoty]
shane: began with trying to determine a first party affiliation in a programmatic way
09:29:53 [rvaneijk]
rvaneijk has joined #dnt
09:30:11 [npdoty]
jmayer: this doesn't solve that problem
09:30:30 [rvaneijk]
jmayer: what we are doing is specifying a protocol for assertion for a party which it belongs to
09:30:31 [npdoty]
... this would only help with understanding the assertion by a site
09:33:04 [vincent]
vincent has joined #dnt
09:33:05 [npdoty]
shane: agree that this is just about the assertion, not about the actual distinction between 1st/3rd
09:33:26 [npdoty]
jmayer: I think it's mostly just useful for an enforcement hook, and in that case it's over-engineered
09:33:42 [npdoty]
kevin: struggling to understand what we're going to do with that thing
09:33:57 [rvaneijk]
kevin: struggeling to understand what we are doing with this. It is a way to convey pary relations
09:34:26 [rvaneijk]
... now puslishing and maintaining in real time
09:34:34 [npdoty]
scribenick: rvaneijk
09:35:09 [rvaneijk]
kevin: question: who is going to use this
09:35:20 [rvaneijk]
dsinger: eg user agent
09:35:32 [rvaneijk]
... or type in url manual
09:35:49 [rvaneijk]
kevin: why would a user do this
09:36:12 [rvaneijk]
dsullivan: is also for sites that have not implemented DNT fuly
09:36:56 [rvaneijk]
amy: we have compliance doc and track expression doc
09:36:59 [npdoty]
s/dsullivan/bryan/
09:37:04 [rvaneijk]
wileys: is a TPE discussion
09:37:35 [rvaneijk]
... removing the subjectivity for whatever the compliance rules come up with
09:38:32 [rvaneijk]
... rather than 200 differerent urls's for a site with site specific exceptions having a master
09:38:46 [rvaneijk]
kevin: so if you have an exception it can hit a master ulr?
09:38:47 [karl]
http://www.w3.org/TR/2009/NOTE-powder-primer-20090901/
09:38:56 [karl]
POWDER — the Protocol for Web Description Resources — provides a mechanism to describe and discover Web resources and helps the users to make a decision whether a given resource is of interest. There are a variety of use cases: from providing a better means to describing Web resources and creating trustmarks to aiding content discovery, child protection and Semantic Web searches.
09:38:58 [rvaneijk]
shane: yes could be a vehicle to do it that way
09:39:08 [npdoty]
see also http://www.w3.org/P3P/2004/03-domain-relationships.html
09:39:32 [rvaneijk]
john: why the assetion?
09:39:58 [rvaneijk]
dsinger: could be used to check an op-in status
09:40:46 [rvaneijk]
wileys: is pure technical, all about site specific exceptions. It simplifies the amounth of data stored on a client's site
09:41:16 [rvaneijk]
karl: references powder working group
09:41:53 [wseltzer]
wseltzer has joined #dnt
09:41:58 [rvaneijk]
bryan: on of the forms of assertions instead of a re-direct could be that
09:42:10 [rvaneijk]
... this is what powder is
09:42:19 [ninjamarnau]
ninjamarnau has joined #dnt
09:42:26 [dsinger]
dsinger has joined #dnt
09:42:28 [amyc]
could powder be another may reference?
09:42:34 [rvaneijk]
kevin: when you are surfing and hit a site and want to ask for a site specific exception
09:43:37 [rvaneijk]
... answer is 'these 40 domains'
09:45:21 [rvaneijk]
npdoty: particialar request for a user. The user should not have to allow every site
09:45:41 [rvaneijk]
kevin; depends on how we define parties. Not chopping up
09:46:01 [rvaneijk]
wileys: what is the key to all the other sites the user might interact with?
09:46:17 [amyc]
thinks answer to Nick's question is the language used in user override, rather than machine readable
09:46:44 [rvaneijk]
ninja: risk of confusing 1st and 3rd parties
09:48:12 [rvaneijk]
dsinger: it is about where data flows, eg in an advertising use cse
09:49:06 [karl]
it would be cool if sean could draw what he just explained.
09:50:08 [rvaneijk]
rvaneijk: problem in NL is domains not resolving and just using ip adresses
09:50:49 [rvaneijk]
jmayer: new proposal: a party must through reasonable means to make known the relations somehow
09:52:04 [rvaneijk]
robsheval: example of peoplefinder.com
09:52:45 [rvaneijk]
robsheval: the lists of affeliations should be open. incentives for independent parties to build these lists themselves. Not just central.
09:54:33 [rvaneijk]
shane: if user experience, every user will turn off DNT
09:54:48 [rvaneijk]
s/sean/shane/
09:55:23 [rvaneijk]
sean: the experience on site specific exceptions method may result in pop-ups. Otherwise you will not be able to see the sports
09:57:16 [rvaneijk]
shane: we are trying to solve the transparancy
09:57:26 [vincent]
vincent has joined #dnt
09:58:47 [rvaneijk]
dsinger: question: when a user grans an exception to a 3rd party A on 1st party B, they are implicitly granting an exception to all sites inthe party that B is a member off?
09:59:21 [rvaneijk]
shane: first party specific exception, do not narrow in on sites
09:59:45 [rvaneijk]
dsinger: we are not sure why we want the list
10:01:28 [rvaneijk]
jmayer: are we putting out 1st/3rd party?
10:01:49 [rvaneijk]
shane: we are not trying to solve the compliance document (1st/3rd party)
10:02:47 [rvaneijk]
jamayer: domain pair do not need mapping, do not solve the problem entirely
10:02:48 [npdoty]
resolution: we're not trying to define the breadth of a party using this mechanism
10:03:26 [rvaneijk]
jmayer: are we trying to solve discoverability fo law enforcers, researchers, users?
10:03:37 [rvaneijk]
... 3 thing, what are we trying to solve?
10:03:56 [rvaneijk]
dsinger: it is not about 1st 3rd party distinctions.
10:04:25 [mischat]
mischat has joined #dnt
10:05:30 [rvaneijk]
dsinger: assertion of party relationships that are claimed
10:06:55 [karl]
karl has joined #dnt
10:08:03 [rvaneijk]
jmayer: browser could use some of the info within site specific exceptions but is different problem
10:08:35 [karl]
I still do not see what the browser is supposed to actually do when having cross checked the domains.
10:09:31 [rvaneijk]
nick: automated discoverabliilty of assertion of party relationships (goal1) and master list (goal2) proposal is to write 2 texts first
10:09:40 [karl]
And what is happening when a site has 15 site-specific exceptions, how does it empower the user? How the user understands the meaning of these relations
10:10:19 [rvaneijk]
dsinger: defining actions first
10:11:19 [rvaneijk]
... dave/nick to refine/write this
10:11:38 [rvaneijk]
... amy to write up (2)
10:11:46 [rvaneijk]
.. bryan assists
10:12:48 [npdoty]
action: singer to write up automated discoverability of party relationships proposal (Nick and Bryan to help)
10:12:49 [trackbot]
Created ACTION-99 - Write up automated discoverability of party relationships proposal (Nick and Bryan to help) [on David Singer - due 2012-02-02].
10:13:45 [npdoty]
action: amy to write up use of machine-readable party relationships for site-specific exceptions (Joanne and Kevin to help)
10:13:45 [trackbot]
Created ACTION-100 - Write up use of machine-readable party relationships for site-specific exceptions (Joanne and Kevin to help) [on Amy Colando - due 2012-02-02].
10:17:18 [fwagner_]
fwagner_ has joined #dnt
10:20:50 [Joanne]
Joanne has joined #DNT
10:27:17 [Zakim]
Zakim has left #dnt
10:37:20 [karlcow_]
karlcow_ has joined #dnt
10:37:25 [amyc]
amyc has joined #dnt
10:37:38 [aleecia]
aleecia has joined #dnt
10:37:55 [amyc]
test
10:38:02 [efelten]
efelten has joined #dnt
10:38:08 [amyc]
Matthias: what header format should look like
10:38:17 [KevinT]
KevinT has joined #dnt
10:38:23 [amyc]
... TL proposal for input, mixed with other input
10:38:42 [amyc]
came up with proposal as simple as possible, talked with Roy, Shane
10:38:57 [amyc]
... TK is name of header
10:39:08 [amyc]
... field 1
10:39:14 [amyc]
... plus two optional field
10:39:34 [npdoty_]
npdoty_ has joined #dnt
10:40:00 [amyc]
.. field 1: does not track beyond what is permitted in spec OR is first party OR service provider/processor
10:41:04 [amyc]
... where last item is under outsourcing requirements spec, when operating under separate domain
10:41:40 [amyc]
nick: what about separating out why you are tracking
10:42:15 [amyc]
jonathan: asserting 1st or 3rd party?
10:42:46 [amyc]
...asserting will do no more than what 3rd party will do
10:42:50 [bryan]
bryan has joined #dnt
10:42:58 [amyc]
tl: right
10:43:04 [bryan]
present+ Bryan_Sullivan
10:43:14 [amyc]
efelten: so user agent will be able to know
10:43:33 [npdoty]
rrsagent, pointer?
10:43:33 [RRSAgent]
See http://www.w3.org/2012/01/26-dnt-irc#T10-43-33
10:43:38 [npdoty]
rrsagent, make logs public
10:44:03 [vincent]
vincent has joined #dnt
10:44:10 [amyc]
jonathan: 2 distinct things, one is what you are and what is what you are doing
10:44:31 [amyc]
tl: most queries don't care what your status is, just what you are doing
10:45:22 [amyc]
kevin: on service provider, following 1st party rules?
10:45:34 [amyc]
... exemption to first party rules?
10:45:54 [amyc]
tl: service provider has more use restrictions than 1st party
10:46:29 [amyc]
kevin: automated resources will treat them identiically
10:46:51 [Joanne]
Joanne has joined #DNT
10:47:11 [amyc]
efelten: what if someone thinks first party, but is mistaken. helpful to know
10:47:31 [amyc]
bryan: intended for use?
10:48:02 [amyc]
matthias: site cannot always tell whether it is first party or 3rd party, as in embedded case where might not be able to detect
10:48:26 [amyc]
bryan: context dependent
10:48:49 [amyc]
matthias: anything except 1 means that you may be tracked
10:49:06 [amyc]
tl: can only tell what tracking is occurring here and now
10:49:36 [amyc]
david: being tracked in all cases
10:49:45 [amyc]
jonathan: in compliance with spec
10:50:08 [amyc]
matthias: field 2 +3 is opt-in
10:50:28 [amyc]
... site specific exceptions, meaning explicit opt-in
10:50:55 [amyc]
... browser may know or may be other schemes for override
10:50:57 [ninjamarnau]
ninjamarnau has joined #dnt
10:51:03 [johnsimpson_]
johnsimpson_ has joined #dnt
10:51:16 [amyc]
... may retrieve more information about override opt-in in field 3
10:51:36 [amyc]
tl: not specifying what in that field yet
10:51:47 [amyc]
bryan: purpose?
10:52:08 [amyc]
matthias: well known URI to maintain information
10:52:23 [amyc]
tl: not by convention
10:52:49 [amyc]
bryan: URL is not included, concerns about data size
10:53:21 [amyc]
... how often used
10:53:50 [amyc]
tl: server can choose to what to include
10:54:00 [amyc]
bryan: significant bandwidth
10:54:13 [amyc]
nick: shorter the better
10:55:27 [amyc]
matthias: discussion as to whether header is mandatory or not, did not happen
10:55:28 [npdoty]
we could specifically recommend that the response field be as short as possible, or that it be a 1 character
10:55:33 [npdoty]
with a SHOULD, say
10:55:38 [amyc]
... disagreement on mandatory
10:55:43 [npdoty]
s/response field/response explanation field/
10:56:42 [amyc]
... but format of header is required
10:57:03 [amyc]
matthias: need to generate text then can propose close
10:57:24 [amyc]
... on format of header
10:57:48 [jimk]
jimk has joined #dnt
10:57:50 [amyc]
bryan: exceptions need to be disclosed on regular basis now moot
10:58:12 [amyc]
ninja: disagree
10:58:20 [amyc]
... that exceptions are tracking
10:58:47 [amyc]
david: suggests that scenarios and purposes be part of text
10:58:58 [npdoty]
bryan suggests that activities for which there is an exception are not tracking; ninja disagrees
10:59:01 [amyc]
matthias: good for preamble text to declare goals
10:59:28 [amyc]
tl: field 3 can be there without field 2
10:59:34 [amyc]
bryan: include a 0?
11:00:05 [amyc]
matthias: field 2 is optional sometimes
11:00:14 [npdoty]
we still need to clarify the actual encoding mechanism (for optional fields, for example) but we're not doing that in this session
11:00:19 [amyc]
... if want to do more, then must have field 2
11:01:07 [amyc]
kevin: does functionality match tl original proposal?
11:01:17 [amyc]
tl: every state in previous one matches
11:01:40 [amyc]
... merged some because following 3rd party definition
11:02:12 [amyc]
jonathan: what is dependency if response header required?
11:02:36 [amyc]
tl: if header not required, may prefer more states
11:03:33 [amyc]
jonathan: may be dependencies based on how that is resolved
11:03:39 [bryan]
My understanding is that field 2 (Opt-in status) is optional, but something has to be there if field 3 is provided, since field 3 can't take the place of field 2.
11:03:45 [amyc]
matthias: lets not discuss here
11:03:52 [npdoty]
action: schunter to confirm that we have an open issue on whether the response header is mandatory
11:03:53 [trackbot]
Created ACTION-102 - Confirm that we have an open issue on whether the response header is mandatory [on Matthias Schunter - due 2012-02-02].
11:04:11 [amyc]
ninja: simple and elegant, but does this answer do I track
11:04:23 [bryan]
There seemed to be disagreement on the assumptions that exceptions do not need to be conveyed because they are not considered as "tracking".
11:04:46 [amyc]
...what about a response that says I don't track you anyway
11:05:03 [amyc]
kevin: user asked please follow DNT rules
11:05:07 [npdoty]
bryan, that's a question we should look at once we have a particular encoding detail
11:05:19 [amyc]
ninja: don't get a definite answer, but OK with this
11:05:38 [amyc]
kevin: would have to define tracking and not tracking
11:05:56 [bryan]
My understanding of Field 3 is that the well-known URL is not part of the field, and the "string" is a generic value (and does not assumed to be user-specific).
11:06:33 [amyc]
tl: not trackable could be optional as super heightened level of privacy
11:07:04 [amyc]
matthias: switch to david working group
11:07:16 [amyc]
david: backed up into what problems trying to solve
11:07:28 [npdoty]
I share what I think is Ninja's concern that the user wants to know whether they're being tracked, rather than the legal status of whether the server will comply with the Compliance spec
11:07:38 [amyc]
... automated discoverabulity by assertion
11:07:56 [amyc]
... also use to manage user overrides
11:08:09 [ninjamarnau]
I think if we find an agreement on ehat tracking is, we can reopen this
11:08:27 [amyc]
david: simplify request noise
11:08:56 [amyc]
jonathan: automated way of listing
11:09:29 [amyc]
david: not about 1st/3rd party distinctions
11:09:45 [amyc]
... action to educate on POWDER
11:10:16 [amyc]
nick: we agreed that this was assertion, not sufficient
11:10:33 [amyc]
jonathan: about party assertion
11:11:12 [amyc]
david: sites may maintain redirection pointer to master site that may resolve to text file of domain names
11:11:40 [amyc]
... if file does not exist, may not be able to verify assertion
11:11:55 [amyc]
... goes through use cases
11:13:10 [amyc]
... reviews action items with Nick
11:13:24 [amyc]
nick, are you adding action items
11:13:39 [amyc]
david: did not agree to anything, even definition of problem
11:14:01 [npdoty]
action-100?
11:14:01 [trackbot]
ACTION-100 -- Amy Colando to write up use of machine-readable party relationships for site-specific exceptions (Joanne and Kevin to help) -- due 2012-02-02 -- OPEN
11:14:01 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/100
11:14:03 [amyc]
efelten: in scores example, user opts into list of properties may change
11:14:05 [npdoty]
action-99?
11:14:05 [trackbot]
ACTION-99 -- David Singer to write up automated discoverability of party relationships proposal (Nick and Bryan to help) -- due 2012-02-02 -- OPEN
11:14:05 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/99
11:14:28 [amyc]
... should be clear to user whether override applies to list of sites or ownership
11:14:43 [amyc]
... distinction should be made clear to user so that he or she understands
11:14:59 [amyc]
karl: must make sure this is implementable
11:15:12 [amyc]
... both on server and client side
11:15:26 [amyc]
jonathan: my view
11:15:52 [amyc]
...salient issues are tools for researchers and regulators, not really for users
11:16:26 [amyc]
... OK with text that this should generally be reasonably discoverable as in prviacy policy, without need to technical format
11:16:54 [amyc]
... for 3rd party content, OK with name pair
11:17:15 [amyc]
... 3rd party should ask for permission for new domains, because 3rd party domains are stable
11:18:11 [amyc]
nick: goes through action items for Amy and for Jonathan (reasonably discoverable)
11:18:41 [tedleung]
tedleung has joined #dnt
11:18:57 [amyc]
jonathan: talking about assertion to be reasonably discoverable, not the definition
11:19:30 [amyc]
bryan: what would be good example, what about mobile devices
11:19:45 [npdoty]
action: mayer to write-up "reasonably discoverable assertions" standard for party-membership for purposes of researcher/enforcement only
11:19:46 [trackbot]
Created ACTION-105 - Write-up "reasonably discoverable assertions" standard for party-membership for purposes of researcher/enforcement only [on Jonathan Mayer - due 2012-02-02].
11:19:53 [amyc]
david: register new domain name not much work, maintaining list is more work
11:20:11 [amyc]
tl: great possible functionality to have able to read by user agents
11:20:14 [npdoty]
s/register new domain/creating a redirect when you register new domain/
11:20:47 [vt]
vt has joined #dnt
11:20:48 [amyc]
matthias: close discussion until text
11:21:22 [amyc]
... feedback on process?
11:21:35 [amyc]
nick: problem because breakout group was large
11:21:52 [bryan]
I believe discoverability of site relationships by user (and user-agent, if that is the way the user discovers this, but is not an essential requirement) are very important and need to be described in Jonathan's non-normative description of "reasonable access" to this information.
11:22:34 [amyc]
matthias: lunch break, back at 1330
11:22:45 [npdoty]
thanks to amyc for scribing!
11:23:15 [tl]
tl has joined #dnt
11:32:31 [rvaneijk]
rvaneijk has joined #dnt
12:26:11 [mischat]
mischat has joined #dnt
12:27:38 [mischat_]
mischat_ has joined #dnt
12:28:46 [fwagner]
fwagner has joined #dnt
12:31:04 [rvaneijk]
rvaneijk has joined #dnt
12:35:04 [Joanne]
Joanne has joined #DNT
12:37:15 [efelten]
efelten has joined #dnt
12:52:12 [fwagner]
fwagner has joined #dnt
13:00:55 [tl]
tl has joined #dnt
13:04:20 [JC]
JC has joined #DNT
13:12:33 [karl]
karl has joined #dnt
13:34:42 [efelten]
efelten has joined #dnt
13:36:04 [bryan]
bryan has joined #dnt
13:36:37 [andyzei]
andyzei has joined #dnt
13:36:48 [karl]
Topic: What is TRacking
13:37:05 [rvaneijk]
rvaneijk has left #dnt
13:37:14 [rvaneijk]
rvaneijk has joined #dnt
13:37:16 [karl]
shane: (introducing the summary of what they came up with Do Not Profile + Do not Cross Site track)
13:37:23 [karl]
scribenick: karl
13:37:42 [karl]
1st party may collect and profile
13:37:48 [karl]
shane: 1st party may collect and profile
13:38:22 [karl]
... 3rd parties MUST NOT collect data across multiple, non-affiliated or branded websites
13:38:56 [karl]
jmayer: about 3rd parties, what does that mean "collecting across"
13:39:07 [karl]
shane: it is a general rule.
13:39:24 [karl]
... if you collect data segregated by parties.
13:39:44 [karl]
... You can profile into a silo
13:40:13 [karl]
npdoty: 3rd party can't collect across sites ?
13:40:34 [karl]
shane: Correct, they can collect only into the context of the site your are visiting.
13:40:53 [tl]
tl has joined #dnt
13:40:53 [karl]
... only siloed
13:41:32 [karl]
kevinsmith: What happens in vegas stays in vegas
13:41:36 [karl]
(laughter)
13:41:58 [karl]
... all data and interactions have to stay on that Web sites. Data have to be siloed.
13:42:10 [karl]
... they can't be combined with data from other 1st parties
13:42:41 [karl]
... There is a minimum threshold. Everyone in the room wants to avoid cross-sites tracking.
13:43:37 [karl]
... The idea is very straightforward. I can explain it to someone else.
13:43:37 [karl]
... the more I interact with a precise site will not impact other sites.
13:43:49 [karl]
... It has high chances to be implemented.
13:44:16 [karl]
... It is easy to understand from a consumer perspective.
13:44:24 [karl]
... It removes the creepiness factor.
13:44:28 [tedleung]
tedleung has joined #dnt
13:44:55 [karl]
... It doesn't remove the deep level of creepiness.
13:44:55 [karl]
... There are companies out there which knows things about me.
13:45:03 [karl]
aleecia: What about shane solution?
13:45:22 [karl]
kevinsmith: no. Because ours is more straightforward
13:45:32 [karl]
aleecia: what about you shane?
13:45:37 [karl]
shane: no.
13:45:51 [karl]
john: @@@@ missed the question
13:46:11 [karl]
kevinsmith: @@@
13:46:14 [npdoty]
s/@@@@/what's in Shane's proposal that's not in yours?/
13:46:36 [npdoty]
s/@@@/don't need to define a "third party", have to define the boundaries of a party but not when you become first or third
13:47:09 [karl]
sean: You will have to monitor agencies, if they are running cross-site tracking.
13:47:30 [karl]
.... it will be difficult to implement.
13:47:47 [karl]
aleecia: all summaries will be send to the list.
13:48:12 [karl]
xyz: Do not create profile.
13:48:34 [karl]
... There are people who do not want to have a profile at all.
13:49:15 [karl]
npdoty: the two concerns. Targetting from unexpected sources and retention from unexpected sources.
13:49:30 [karl]
... do not use data to modify the user experience.
13:49:51 [karl]
... do not contribute data from this user experience to a profile.
13:50:13 [karl]
... we had a few exceptions.
13:50:22 [karl]
... but we will send details.
13:50:58 [karl]
vincent: Do Not Remember
13:51:13 [karl]
... or remember to forget me
13:51:39 [jmayer]
jmayer has joined #dnt
13:51:52 [karl]
... DNT=1 should be kept in the logs to taint them to remember to erase them later.
13:52:41 [karl]
... In case with a lot of logs, we do not keep the data in the aggregated logs.
13:53:04 [karl]
... Do not modify the client state (no cookies change)
13:53:34 [karl]
... no personalization by third parties. No memory at the application level.
13:54:05 [karl]
Sean: Reason in between for deidentification instead of anonymizing.
13:54:13 [karl]
vincent: You may need http logs.
13:54:36 [karl]
Ninja: We are the hard liners.
13:54:59 [karl]
... we have collection limit, retention limit, correlation limit,
13:55:16 [karl]
... every handshake contains a huge amount of information
13:55:27 [karl]
... the party doesn't need to receive that data
13:55:47 [karl]
... the party must not retain the data, except according to the compliance documents.
13:56:08 [karl]
... There are issues with IP address and navigation.
13:56:24 [karl]
... We want to keep these but separate and strictly for the purpose.
13:57:00 [karl]
... We are not sure how to address yet the first party itself.
13:57:09 [karl]
... It may address first parties.
13:57:19 [karl]
Shane: How would you address digital fingerprinting?
13:57:39 [karl]
ninja: @@@
13:57:49 [karl]
Shane: it can happen in real time.
13:58:10 [npdoty]
s/@@@/would apply not at the time of collection of data, but rather the correlation restriction/
13:58:19 [karl]
s/@@@/correlation/
13:58:19 [karl]
ooops
13:58:39 [karl]
ninja: The fingerprint would not happen.
13:59:13 [karl]
jmayer: passing fingerprint useragent, IP, etc. we need to put collection limits.
13:59:32 [karl]
... but that it is different from actively collecting.
13:59:37 [dwainberg]
dwainberg has joined #dnt
14:00:21 [karl]
shane: how do you honor the stated exceptions at the same time than this proposal.
14:00:34 [karl]
sean: it would take a longer conversation.
14:00:42 [karl]
shane: I consider it to be a weakness.
14:01:17 [alex_]
alex_ has joined #dnt
14:02:21 [karl]
karl: I think the proposal on do not remember is very similar with the one from Ninja group. We could consolidate
14:04:23 [bryan]
bryan has joined #dnt
14:05:10 [karl]
Topic: Going through WG issues
14:05:33 [npdoty]
rrsagent, pointer?
14:05:33 [RRSAgent]
See http://www.w3.org/2012/01/26-dnt-irc#T14-05-33
14:05:47 [karl]
aleecia: (going through some of the issues to consolidate some of them)
14:06:01 [karl]
... no objections to consolidation?
14:06:07 [karl]
Agreement from the group
14:07:00 [karl]
issue-16
14:07:07 [karl]
issue-36?
14:07:07 [trackbot]
ISSUE-36 -- Should DNT opt-outs distinguish between behavioral targeting and other personalization? -- open
14:07:07 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/36
14:07:26 [karl]
aleecia: we could close that as no
14:08:03 [karl]
aleecia: we do not have any proposals for it.
14:08:10 [karl]
issue-36, close
14:09:06 [karl]
jmayer: this is an issue about personnalization.
14:09:47 [karl]
aleecia: we can tag it as raised
14:11:09 [karl]
zzz: to what extent DNT signals you can not deliver content based on the user interaction
14:11:25 [karl]
aleecia: The issue-36 is changed from OPEN to RAISED
14:11:41 [karl]
issue-71?
14:11:41 [trackbot]
ISSUE-71 -- Does DNT also affect past collection or use of past collection of info? -- open
14:11:41 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/71
14:12:09 [karl]
aleecia: interesting issue in terms of Europe.
14:12:29 [karl]
efelten: it will be handled on case by case.
14:13:08 [vt]
vt has joined #dnt
14:13:13 [karl]
ACTION: ninja working with Ninja to draft a response on issue-71
14:13:13 [trackbot]
Could not create new action (failed to parse response from server) - please contact sysreq with the details of what happened.
14:13:13 [trackbot]
Could not create new action (unparseable data in server response: local variable 'd' referenced before assignment) - please contact sysreq with the details of what happened.
14:13:49 [karl]
ACTION: amy to work with Ninja to draft a response on issue-71
14:13:50 [trackbot]
Could not create new action (failed to parse response from server) - please contact sysreq with the details of what happened.
14:13:50 [trackbot]
Could not create new action (unparseable data in server response: local variable 'd' referenced before assignment) - please contact sysreq with the details of what happened.
14:14:02 [karl]
issue-72
14:14:05 [karl]
issue-72?
14:14:05 [trackbot]
ISSUE-72 -- Basic principle: independent use as an agent of a first party -- open
14:14:05 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/72
14:14:39 [karl]
aleecia: I think I should close it.
14:14:47 [karl]
shane: we are addressing it elsewhere
14:15:10 [karl]
issue-72, close
14:17:14 [karl]
tl: when we were talking about the response headers, there is no room for signaling "no tracking at all".
14:17:43 [tlr]
tlr has joined #dnt
14:18:48 [karl]
aleecia: some people will not implement DNT, because they go a lot further than it.
14:18:54 [karl]
... there is a use case for it.
14:19:18 [karl]
tl: we need text on this to describe the issue.
14:19:49 [fielding]
fielding has joined #dnt
14:20:23 [karl]
issue-55?
14:20:23 [trackbot]
Getting info on ISSUE-55 failed - alert sysreq of a possible bug
14:20:42 [karl]
jmayer: it seems a sub-species of what is tracking
14:20:52 [karl]
aleecia: I think it should be closed.
14:21:39 [karl]
vincent: is it about targeted ads without tracking.
14:21:45 [karl]
jmayer: it depends on how people undertsand tracking
14:22:12 [karl]
aleecia: let's leave it as raised.
14:22:23 [karl]
... then collect text and eventually close
14:22:26 [karl]
issue-69?
14:22:26 [trackbot]
Getting info on ISSUE-69 failed - alert sysreq of a possible bug
14:22:53 [karl]
johnsimpsons: I thought we had already language about it
14:23:51 [karl]
aleecia: we will take half an hour break.
14:24:00 [npdoty]
apologies, we're aware of trackbot and tracker problems and the team is working on it
14:25:08 [karl]
--- BREAK ---
14:25:20 [npdoty]
thank you for scribing, karl!
14:25:52 [karl]
npdoty, bad scribing. Native speakers are sometimes fast :)
14:27:36 [npdoty]
issue-69?
14:27:36 [trackbot]
ISSUE-69 -- Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy) -- open
14:27:36 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/69
14:44:08 [aleecia]
aleecia has joined #dnt
14:49:22 [bryan]
scribenick: bryan
14:49:51 [npdoty]
Topic: Community Group Comments and Responses
14:50:08 [bryan]
matthias: thanks to community group for comments improving the quality of the proposal
14:51:11 [vt]
vt has joined #dnt
14:52:03 [tlr]
ACTION: roessler to follow up on JavaScript API and report hallway conversation with Shane
14:52:04 [trackbot]
Created ACTION-111 - Follow up on JavaScript API and report hallway conversation with Shane [on Thomas Roessler - due 2012-02-02].
14:53:14 [alex_]
alex_ has joined #dnt
14:55:24 [Joanne]
Joanne has joined #DNT
14:56:03 [aleecia]
http://www.w3.org/community/dntrack/2012/01/14/community-group-comments-on-w3c-dnt/
14:56:10 [ninjamarnau]
ninjamarnau has joined #dnt
14:56:13 [fwagner]
fwagner has joined #dnt
14:56:34 [npdoty]
schunter: comment on "Advertising revenue is the single largest source...."
14:56:41 [bryan]
bryan has joined #dnt
14:56:42 [npdoty]
... agree that we should substantiate
14:57:38 [npdoty]
... and should acknowledge the privacy goals as well
14:57:57 [bryan]
matthias: concerns expressed re statements about "ad revenue as largest single source of funding...
14:58:11 [efelten]
efelten has joined #dnt
14:59:17 [bryan]
dsinger: statements such as objected to do not belong in a technical spec
14:59:38 [bryan]
matthias: re UA shipping with DNT:0
15:00:01 [bryan]
... we have not specified a default, that is up to the UA
15:00:05 [karl]
The issue with revenues is that it doesn't create more interoperability. So it can be dropped.
15:00:16 [npdoty]
dsinger is suggesting potentially a separate introductory document outside the spec
15:00:37 [npdoty]
fielding: I disagree, you're wrong, the audience (for the spec?) is not in the room
15:00:52 [bryan]
... UA configuration and related DNT settings may be updated as the user customizes their device
15:01:47 [bryan]
... re entities constituting a 1st party
15:02:11 [bryan]
... (the responses being presented will be circulated to the group)
15:03:19 [bryan]
tlr: re entities, we will respond that we are thinking about this and will come back later
15:03:54 [bryan]
matthias: re issue 43, we will leave it to sites to decide the options they will provide under DNT
15:04:19 [bryan]
shanew: other options e.g. paywalls, etc will be explored in the market
15:05:01 [bryan]
matthias: issue 71, we need more info on what "it should" means, e.g. erasing old traces, stop using old data, etc
15:07:25 [npdoty]
alan: should have a general caveat that even where we have a consensus now we may re-open issues
15:07:29 [npdoty]
tlr: +1
15:07:49 [bryan_]
bryan_ has joined #dnt
15:08:25 [npdoty]
schunter: will send out a doc with my proposed responses and get more feedback
15:08:39 [bryan_]
jmayer: re defaults, its actually that we are not taking a position on UA defaults
15:08:57 [bryan_]
... (no objections)
15:08:57 [bryan_]
matthias: is this procedure OK?
15:09:09 [bryan_]
jonhsimpson: timeline?
15:09:17 [bryan_]
aleecia: longer than 2 weeks
15:09:23 [npdoty]
scribenick: bryan_
15:09:38 [bryan_]
s/jonhsimpson/johnsimpson/
15:10:11 [bryan_]
johnsimpson: we may have more substantive comments at last call time, it may be better for the group to continue working on issues
15:10:39 [bryan_]
tlr: input is most useful while work is going on. last call input may be turned down unless there is new information on the issue.
15:12:10 [bryan_]
shanew: I heard John say that rather than respond to each, we should say thanks and we will work on these points in the context of open issue resolution
15:13:49 [npdoty]
jimk: maybe it would be useful to split these up to particular issues in the Tracker
15:13:57 [npdoty]
aleecia: yes, Nick can help with that
15:14:39 [bryan_]
sorry for the instability of scribing
15:14:39 [npdoty]
jeffc: I think it's helpful to get specific responses back, so that we can take that back to the international Community Group and continue to get their feedback
15:15:56 [npdoty]
scribenick: npdoty
15:16:03 [npdoty]
topic: Wrap-up
15:16:14 [npdoty]
aleecia: finally starting to close bunches of issues
15:16:14 [npdoty]
... fantastic!
15:16:23 [npdoty]
... only opened one new issue (thank you, tl)
15:16:58 [npdoty]
... hearing some issues with the call time (including from editors/chairs), will try to find a better time with doodle
15:17:16 [npdoty]
... but will fall back on the existing time if we can't find a better time
15:17:28 [npdoty]
... thinking about another face-to-face meeting since it's clear we still have a lot of work
15:17:46 [npdoty]
... looking at 2-4 April, 11-13 April
15:17:54 [npdoty]
... probably in DC
15:18:15 [npdoty]
shane: Ad Tech may be the second week of April, and would be in SF
15:18:57 [npdoty]
straw poll -- at least a few affected by Ad Tech
15:19:31 [npdoty]
Ad Tech is April 3-4
15:20:04 [npdoty]
potential conflict with a Brussels behavioral targeting event
15:20:47 [npdoty]
aleecia: we've been invited back here at some point, which is nice
15:20:59 [npdoty]
... potential events in June to connect with
15:21:02 [karl]
http://www.ietf.org/meeting/cutoff-dates-2012.html#IETF83
15:21:06 [npdoty]
"will they have Internet by then?"
15:21:36 [npdoty]
aleecia: we're thinking April around DC
15:21:54 [npdoty]
aleecia: how do we do our next publication?
15:22:06 [karl]
IETF 83: March 25-30, 2012, Paris, France
15:22:21 [npdoty]
... clear not at last call, but should publish another working draft
15:22:27 [npdoty]
... can have multiple proposals and open text in the documents
15:22:40 [npdoty]
... much easier if we can look at the document as a big picture
15:22:55 [npdoty]
... get text inputs during the next two weeks
15:23:11 [tl]
New plan: instead of posting working drafts, we just move to a git repo, and if anyone wants to see where we are, they can checkout the head.
15:23:25 [npdoty]
... freeze on new input Feb 8, editors to have a full draft by Feb 15, which we can discuss quickly on a call
15:23:55 [npdoty]
dsinger: no time to write/edit in the next two weeks due to other standards meetings
15:24:12 [npdoty]
tlr: no new proposals for this Working Draft after Feb 8
15:24:44 [npdoty]
aleecia: review as a group on the Feb 22nd call, then publish immediately after that
15:25:01 [npdoty]
topic: Thanks
15:25:04 [tl]
Also: if we use git, then everyone can propose patches easily, and the editors can just pull in changes as desired.
15:25:17 [npdoty]
aleecia: thanks to the European Commission for hosting
15:25:18 [tl]
Just saying...
15:25:26 [npdoty]
... thanks to the editors <applause>
15:25:31 [npdoty]
... thanks to the W3C folks
15:25:42 [npdoty]
... thanks to everyone for your sustained efforts
15:25:56 [npdoty]
thanks to the chairs!
15:26:03 [npdoty]
yay aleecia, yay schunter
15:26:19 [rvaneijk]
rvaneijk has left #dnt
16:14:49 [tedleung]
tedleung has joined #dnt
16:24:43 [tl]
tl has joined #dnt
16:36:03 [aleecia]
aleecia has joined #dnt
16:56:15 [jimk]
jimk has joined #dnt
17:00:36 [hober]
hober has joined #dnt
17:02:32 [trackbot]
trackbot has joined #dnt
17:30:09 [mischat_]
mischat_ has joined #dnt
17:32:32 [trackbot]
trackbot has joined #dnt
17:34:15 [jimk]
jimk has joined #dnt
17:37:13 [karl]
karl has joined #dnt
17:39:36 [karlcow_]
karlcow_ has joined #dnt
17:41:27 [trackbot]
trackbot has joined #dnt
17:54:26 [jimk]
jimk has joined #dnt