IRC log of dnt on 2012-06-06

Timestamps are in UTC.

15:37:56 [RRSAgent]
RRSAgent has joined #dnt
15:37:56 [RRSAgent]
logging to
15:38:05 [Zakim]
Zakim has joined #dnt
15:38:17 [aleecia]
Zakim, this will be DNT
15:38:17 [Zakim]
ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 22 minutes
15:38:26 [aleecia]
chair: aleecia
15:38:31 [aleecia]
15:38:47 [aleecia]
agenda+ Selection of scribe
15:38:58 [aleecia]
agenda+ Any comments on minutes:
15:39:11 [aleecia]
agenda+ Quick check that callers are identified
15:39:21 [aleecia]
agenda+ Review of overdue action items:
15:39:36 [aleecia]
agenda+ 1 weeks until registration closes (
15:39:51 [aleecia]
agenda+ Continued discussion around new issue-149, Compliance section for user agents (
15:39:59 [tl]
I'm excited already.
15:40:12 [aleecia]
agenda+ If we time allows, Roy has proposed a new text for what "collection" should mean (action-166).
15:40:24 [aleecia]
agenda+ Announce next meeting & adjourn
15:40:34 [aleecia]
Do you have Alex with you (or will you) for the call?
15:41:00 [aleecia]
regrets+ NickDoty
15:48:32 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:48:38 [Zakim]
+ +1.646.654.aaaa
15:48:40 [Zakim]
- +1.646.654.aaaa
15:48:40 [Zakim]
T&S_Track(dnt)12:00PM has ended
15:48:40 [Zakim]
Attendees were +1.646.654.aaaa
15:49:48 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:49:55 [Zakim]
15:50:35 [Zakim]
15:52:42 [Zakim]
+ +1.202.660.aaaa
15:52:54 [ifette]
ifette has joined #dnt
15:53:59 [aleecia]
zakim, who is making noise?
15:54:12 [Zakim]
aleecia, listening for 11 seconds I heard sound from the following: +1.202.660.aaaa (3%)
15:54:33 [rigo]
rigo has joined #dnt
15:54:44 [aleecia]
zakim, aaaa is edfelten
15:54:44 [Zakim]
+edfelten; got it
15:54:45 [rigo]
zakim, code?
15:54:45 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200, rigo
15:54:52 [aleecia]
zakim, mute edfelten
15:54:52 [Zakim]
edfelten should now be muted
15:55:03 [KevinT]
KevinT has joined #dnt
15:55:19 [Zakim]
+ +1.212.210.aabb
15:55:41 [Zakim]
15:56:38 [ninjamarnau]
ninjamarnau has joined #dnt
15:56:47 [rigo]
kevin, are you already on the call with 212 area code?
15:57:00 [KevinT]
no calling in now (415)
15:57:09 [Zakim]
15:57:17 [Zakim]
15:57:50 [aleecia]
zakim, who is on the call?
15:57:50 [Zakim]
On the phone I see eberkower, aleecia, edfelten (muted), +1.212.210.aabb, Rigo, ninjamarnau, KevinT
15:58:04 [Zakim]
- +1.212.210.aabb
15:58:20 [Zakim]
15:58:22 [aleecia]
Rigo, Nick is not here today. Is it ok if I throw things to you as we go?
15:58:30 [rigo]
15:58:43 [aleecia]
For example, updating overdue actions and keeping the agenda synched up with the call
15:58:44 [hwest]
hwest has joined #dnt
15:58:45 [aleecia]
Thank you!
15:58:46 [jchester2]
jchester2 has joined #dnt
15:58:51 [Zakim]
15:58:52 [rigo]
I'm currently on a mobile phone and mobile internet connection, happy to do things tomorrow
15:58:55 [Zakim]
15:59:00 [BrendanIAB]
BrendanIAB has joined #dnt
15:59:04 [aleecia]
Ah - ok, good to know, thanks.
15:59:13 [Zakim]
+ +1.202.386.aacc
15:59:16 [aleecia]
ifette, could you help out?
15:59:18 [rigo]
but feel free to put the usual team contact actions on me
15:59:25 [aleecia]
Got it, thanks
15:59:35 [ifette]
15:59:48 [ifette]
zakim, aacc is ifette
15:59:50 [efelten]
efelten has joined #dnt
15:59:53 [Zakim]
15:59:56 [Zakim]
+ifette; got it
15:59:59 [Zakim]
16:00:01 [degusta]
degusta has joined #dnt
16:00:05 [Zakim]
+ +1.212.565.aadd
16:00:06 [ifette]
though it's 1am here and i may miss a few things :)
16:00:08 [Zakim]
+ +1.310.292.aaee
16:00:08 [tl]
zakim, Mozilla has tl
16:00:10 [Zakim]
+tl; got it
16:00:29 [aleecia]
thank you. My ability to read, listen, think, and do process work at once leads to fail on process
16:00:33 [Joanne]
Joanne has joined #DNT
16:00:44 [aleecia]
zakim, aaee is johnsimpson
16:00:44 [Zakim]
+johnsimpson; got it
16:00:51 [BrendanIAB]
If 310 is not me, I expect the 212 is me if I'm not identified.
16:01:05 [BrendanIAB]
Provided that's a SkypeOut possible number.
16:01:06 [hwest]
The P33 may be me, I'm not sure
16:01:06 [WileyS]
WileyS has joined #DNT
16:01:07 [aleecia]
zakim, who is on the call
16:01:07 [Zakim]
I don't understand 'who is on the call', aleecia
16:01:09 [Zakim]
16:01:26 [rigo]
zakim, aadd is BrendanIAB
16:01:26 [Zakim]
+BrendanIAB; got it
16:01:36 [suegl]
suegl has joined #dnt
16:01:37 [vinay]
vinay has joined #dnt
16:01:50 [Zakim]
16:01:52 [Zakim]
16:01:52 [Zakim]
16:02:08 [Zakim]
16:02:09 [hwest]
I can scribe
16:02:16 [rigo]
zakim, ??P33 is hwest
16:02:16 [Zakim]
+hwest; got it
16:02:22 [aleecia]
scribe, hwest
16:02:23 [rigo]
16:02:24 [aleecia]
16:02:33 [rigo]
scribe: hwest
16:02:38 [Zakim]
+ +1.202.642.aaff
16:02:46 [hwest]
Aleecia: any comments on last week's minutes? No comments on the mailing list. Hearing no comments. Accepted.
16:02:49 [dsriedel]
dsriedel has joined #dnt
16:02:54 [robsherman]
robsherman has joined #dnt
16:02:56 [rigo]
zakim, who is here?
16:02:56 [Zakim]
On the phone I see eberkower, aleecia, edfelten (muted), Rigo, ninjamarnau, KevinT, [Microsoft], rvaneijk, [Mozilla], ifette, jchester2, hwest, BrendanIAB, johnsimpson, Joanne,
16:03:00 [Zakim]
... vinay, alissa, wilson, WileyS, +1.202.642.aaff
16:03:00 [Zakim]
[Mozilla] has tl
16:03:00 [Zakim]
On IRC I see robsherman, dsriedel, vinay, suegl, WileyS, Joanne, degusta, efelten, BrendanIAB, jchester2, hwest, ninjamarnau, KevinT, rigo, ifette, Zakim, RRSAgent, tl, rvaneijk,
16:03:03 [Zakim]
... N, aleecia, schunter, tlr, mamund, mischat, trackbot, hober, wseltzer, pde
16:03:07 [hwest]
Aleecia: Review of overdue action items
16:03:10 [aleecia]
16:03:15 [Zakim]
+ +49.721.913.74.aagg
16:03:18 [fielding]
fielding has joined #dnt
16:03:31 [hwest]
Aleecia: Justin draft text on URL shorteners
16:03:32 [dsinger]
dsinger has joined #dnt
16:03:36 [dsriedel]
zakim, aagg is dsriedel
16:03:36 [Zakim]
+dsriedel; got it
16:03:37 [hwest]
Justin: Just got sent to the list
16:03:41 [dsriedel]
zakim, mute me
16:03:42 [Zakim]
dsriedel should now be muted
16:03:44 [Zakim]
16:03:47 [ifette]
16:03:48 [WileyS]
No update from Peter on that proposed text :-(
16:03:49 [aclearwater]
aclearwater has joined #dnt
16:03:49 [Zakim]
16:04:07 [Zakim]
16:04:08 [dsinger]
zakim, [apple] has dsinger
16:04:18 [hwest]
Aleecia: pde not on the call, Shane may simply send to the list
16:04:19 [Zakim]
+dsinger; got it
16:04:21 [Zakim]
+ +1.415.627.aahh
16:04:22 [pde]
WileyS: sorry, I didn't manage to get to it before another bout of travel
16:04:34 [hwest]
WileyS: Would want to get review from pde, tl, or jmayer
16:04:35 [Zakim]
+ +1.678.580.aaii
16:04:35 [dsinger]
zakim, who is on the phone?
16:04:37 [Zakim]
16:04:38 [suegl]
zakim, [Microsoft] is suegl
16:04:41 [laurengelman]
laurengelman has joined #dnt
16:04:41 [aleecia]
peter, time frame?
16:04:49 [Zakim]
On the phone I see eberkower, aleecia, edfelten (muted), Rigo, ninjamarnau, KevinT, [Microsoft], rvaneijk, [Mozilla], ifette, jchester2, hwest, BrendanIAB, johnsimpson, Joanne,
16:04:55 [Zakim]
... vinay, alissa, wilson, WileyS, +1.202.642.aaff, dsriedel (muted), robsherman, fielding, [Apple], +1.415.627.aahh, +1.678.580.aaii, aclearwater
16:04:55 [pde]
aleecia: before the F2F
16:04:57 [Zakim]
[Apple] has dsinger
16:04:59 [Zakim]
[Mozilla] has tl
16:05:01 [rigo]
there is the Hansen/Pfitzmann definition of unlinkability in the IETF
16:05:01 [Zakim]
+suegl; got it
16:05:06 [hwest]
tl: I'll help on that one
16:05:13 [WileyS]
16:05:20 [pde]
I should be back from travel for a few days
16:05:23 [Zakim]
16:05:37 [Chris]
Chris has joined #dnt
16:05:49 [hwest]
Aleecia: Action-201 and Action-200 on ifette
16:05:52 [rvaneijk]
16:05:53 [Zakim]
16:06:01 [Chris_PedigoOPA]
Chris_PedigoOPA has joined #dnt
16:06:18 [hwest]
ifette: Busy/holding off given the developments last week
16:06:24 [ifette]
ACTION-200 due 2012-06-13
16:06:24 [trackbot]
ACTION-200 Write text for ISSUE-84 due 2012-06-01 due date now 2012-06-13
16:06:25 [jmayer]
jmayer has joined #dnt
16:06:35 [ifette]
ACTION-201 due 2012-06-13
16:06:35 [trackbot]
ACTION-201 Write text for ISSUE-112, due 2015-06-01 due date now 2012-06-13
16:06:39 [Chris_IAB]
Chris_IAB has joined #dnt
16:06:44 [hwest]
Aleecia: Action-205, creating new issues for UAs, decided that there was no point in creating new issues, will work through some of them on this call, will leave that open
16:06:47 [justin]
justin has joined #dnt
16:06:53 [Chris_IAB]
Chris Mejia of the IAB/DAA joining via Skype in 2-minutes
16:07:05 [WileyS]
16:07:07 [dsinger]
zakim, who is making noise?
16:07:13 [JC]
JC has joined #DNT
16:07:17 [Zakim]
dsinger, listening for 10 seconds I heard sound from the following: aleecia (5%), johnsimpson (4%)
16:07:27 [hwest]
Aleecia: Rigo has Action-203 (ISSUE-140) and Action-269 (ISSUE-61)
16:07:28 [aleecia]
16:07:42 [WileyS]
16:07:50 [Zakim]
16:07:51 [hwest]
Rigo: Working on transitive exceptions that keeps ad chain working, needs another week
16:07:57 [Zakim]
16:07:57 [WileyS]
16:08:12 [ifette]
ACTION-203 due 2012-06-13
16:08:12 [trackbot]
ACTION-203 Propose text (with help from Shane) about transitivity model due date now 2012-06-13
16:08:13 [kj]
kj has joined #dnt
16:08:23 [Zakim]
16:08:42 [Zakim]
16:08:49 [ifette]
it can be very hard to switch to a single privacy policy for a large company… ;-)
16:08:58 [Anna_DigAnalytics]
Anna_DigAnalytics has joined #dnt
16:09:07 [hwest]
Rigo: I think I'm dong with Action-169
16:09:12 [bilcorry]
bilcorry has joined #dnt
16:09:20 [Zakim]
16:09:23 [hwest]
Aleecia: Action-170, hwest
16:09:33 [hefferjr]
hefferjr has joined #dnt
16:09:39 [Zakim]
16:09:42 [tedleung1]
tedleung1 has joined #dnt
16:09:44 [hwest]
hwest: I've similarly had a very busy week given developments, no progress
16:09:45 [Zakim]
16:09:49 [ifette]
ACTION-170 due 2012-06-13
16:09:49 [trackbot]
ACTION-170 Provide an alternative approach to well-known URI for resources that are used in both first-party and third-party contexts without changing the resource URI due date now 2012-06-13
16:10:05 [ifette]
zakim, who is making noise?
16:10:09 [bilcorry]
Zakim, mute me
16:10:09 [Zakim]
bilcorry should now be muted
16:10:16 [Zakim]
ifette, listening for 10 seconds I heard sound from the following: +1.678.580.aaii (25%), aleecia (16%)
16:10:23 [aleecia]
zakim, who is on the call?
16:10:23 [Zakim]
On the phone I see eberkower, aleecia, edfelten (muted), Rigo, ninjamarnau, KevinT, suegl, rvaneijk, [Mozilla], ifette, jchester2, hwest, BrendanIAB, johnsimpson, Joanne, vinay,
16:10:26 [hwest]
Aleecia: Now checking unidentified callers
16:10:27 [Zakim]
... alissa, wilson, WileyS, +1.202.642.aaff, dsriedel (muted), robsherman, fielding, [Apple], +1.415.627.aahh, +1.678.580.aaii, aclearwater, jmayer, ??P63, ??P67, [Microsoft],
16:10:27 [Zakim]
... Chris_PedigoOPA, Anna_Long, hefferjw, tedleung, bilcorry (muted)
16:10:27 [Zakim]
[Apple] has dsinger
16:10:27 [Zakim]
[Mozilla] has tl
16:10:38 [rigo]
#61 mutes you on the bridge
16:10:40 [Zakim]
16:10:49 [laurengelman]
Lauren gelman is 415-627-8512
16:10:54 [aleecia]
zakim, aaff is berin
16:10:54 [Zakim]
+berin; got it
16:10:55 [vincent]
vincent has joined #dnt
16:11:05 [justin]
zakim, aahh is laurengelman
16:11:05 [Zakim]
+laurengelman; got it
16:11:15 [Zakim]
16:11:38 [aleecia]
unmute edfelten
16:12:04 [rigo]
zakim, aahh is LaurenGelman
16:12:04 [Zakim]
sorry, rigo, I do not recognize a party named 'aahh'
16:12:04 [aleecia]
aahh is laurenGelman
16:12:17 [fielding]
it was already done by justin
16:12:19 [rigo]
zakim, who is here?
16:12:19 [Zakim]
On the phone I see eberkower, aleecia, edfelten (muted), Rigo, ninjamarnau, KevinT, suegl, rvaneijk, [Mozilla], ifette, jchester2, hwest, BrendanIAB, johnsimpson (muted), Joanne,
16:12:22 [Zakim]
... vinay, alissa, wilson, WileyS, berin, dsriedel (muted), robsherman, fielding, [Apple], laurengelman, +1.678.580.aaii, aclearwater, jmayer, ??P63, ??P67, [Microsoft],
16:12:24 [efelten]
efelten has joined #dnt
16:12:24 [Zakim]
... Chris_PedigoOPA, hefferjw, tedleung, bilcorry (muted), Anna_Long
16:12:26 [Zakim]
[Apple] has dsinger
16:12:28 [Zakim]
[Mozilla] has tl
16:12:32 [Zakim]
On IRC I see vincent, tedleung1, hefferjr, bilcorry, Anna_DigAnalytics, kj, JC, justin, Chris_IAB, Chris_PedigoOPA, laurengelman, aclearwater, dsinger, fielding, robsherman,
16:12:34 [aleecia]
zakim, aaii is brokes
16:12:37 [Zakim]
... dsriedel, vinay, suegl, WileyS, Joanne, degusta, BrendanIAB, jchester2, hwest, ninjamarnau, KevinT, rigo, ifette, Zakim, RRSAgent, tl, rvaneijk, N, aleecia, schunter, tlr,
16:12:41 [Zakim]
... mamund, mischat, trackbot, hober, wseltzer, pde
16:12:43 [Zakim]
+brokes; got it
16:12:50 [hwest]
Zakim, aaii is Brooks
16:12:50 [Zakim]
sorry, hwest, I do not recognize a party named 'aaii'
16:12:57 [Chris_IAB]
Chris Mejia of IAB/DAA on Skype
16:13:01 [rigo]
zakim, brokes is really Brooks
16:13:01 [Zakim]
+Brooks; got it
16:13:02 [Chris_IAB]
no way to know the number
16:13:05 [Zakim]
+ +1.215.767.aajj
16:13:22 [Zakim]
16:13:25 [rigo]
zakim, aajj is Susan
16:13:25 [Zakim]
+Susan; got it
16:13:26 [Zakim]
16:13:47 [vincent]
Chris_IAB, press #41 it'll add you to the question line
16:13:56 [dsinger]
zakim, who is on the phone?
16:13:56 [Zakim]
On the phone I see eberkower, aleecia, edfelten (muted), Rigo, ninjamarnau, KevinT, suegl, rvaneijk, [Mozilla], ifette, jchester2, hwest, BrendanIAB, johnsimpson (muted), Joanne,
16:14:00 [Zakim]
... vinay, alissa, wilson, WileyS, berin, dsriedel (muted), robsherman, fielding, [Apple], laurengelman, Brooks, aclearwater, jmayer, ??P67, [Microsoft], Chris_PedigoOPA, hefferjw,
16:14:00 [Zakim]
... tedleung, bilcorry (muted), Anna_Long, Susan, vincent_
16:14:00 [Zakim]
[Apple] has dsinger
16:14:00 [Zakim]
[Mozilla] has tl
16:14:15 [efelten]
Zakim, edfelten is really efelten
16:14:15 [Zakim]
+efelten; got it
16:14:21 [tl]
What dark magic is IAN suggesting!
16:14:27 [aleecia]
16:14:29 [aleecia]
it's smart
16:14:37 [hwest]
Uhoh, looks like I claimed the wrong line
16:14:37 [susanisrael]
susanisrael has joined #dnt
16:14:52 [ifette]
zakim, 555 is iab
16:14:52 [Zakim]
sorry, ifette, I do not recognize a party named '555'
16:14:54 [justin]
This seems more like a card trick than deep magic.
16:14:59 [efelten]
Zakim Susan is really susanisrael
16:15:06 [Chris_IAB]
good idea
16:15:11 [ifette]
justin, according to that was supposed to work
16:15:21 [dsinger]
zakim, Susan is really susanisrael
16:15:21 [Zakim]
+susanisrael; got it
16:15:23 [sidstamm]
sidstamm has joined #dnt
16:15:25 [tl]
Apparently, Zakim has more features that is dreamed in my philosophy.
16:15:33 [susanisrael]
Thanks ed, yes, susan Israel is on a 215 phond number
16:15:34 [rigo]
it has!
16:15:37 [jeffwilson]
jeffwilson has joined #dnt
16:15:38 [ifette]
zakim, who's on the phone?
16:15:38 [Zakim]
On the phone I see eberkower, aleecia, efelten (muted), Rigo, ninjamarnau, KevinT, suegl, rvaneijk, [Mozilla], ifette, jchester2, hwest, BrendanIAB, johnsimpson (muted), Joanne,
16:15:41 [aleecia]
16:15:42 [Zakim]
... vinay, alissa, wilson, WileyS, berin, dsriedel (muted), robsherman, fielding, [Apple], laurengelman, Brooks, aclearwater, jmayer, ??P67, [Microsoft], Chris_PedigoOPA, hefferjw,
16:15:42 [Zakim]
... tedleung, bilcorry (muted), Anna_Long, susanisrael, vincent_
16:15:42 [Zakim]
[Apple] has dsinger
16:15:42 [Zakim]
[Mozilla] has tl
16:15:42 [hwest]
Aleecia: Reminder on the face to face, if you haven't registered, please do so
16:15:46 [ifette]
zakim, p67 is iab
16:15:46 [Zakim]
sorry, ifette, I do not recognize a party named 'p67'
16:15:51 [ifette]
zakim, ??P67 is iab
16:15:51 [Zakim]
+iab; got it
16:15:59 [hwest]
Aleecia: Send people who want to be observers there as well, registration closes next week
16:16:13 [hwest]
Aleecia: You can look for the agenda late today
16:16:42 [hwest]
Aleecia: Moving on to the reason that we're all on the call today... we will continue to discuss the idea of compliance for user agents, which we talekd about last week.
16:16:43 [tl]
16:16:48 [JC]
Please register for F2F by next Wednesday!!!
16:17:11 [hwest]
... we have had an interesting moment, MS has announced that IE will have DNT on by default. Many of us were surprised and dismayed, though that's not a universal.
16:17:33 [hwest]
... please don't beat up on Amy and JC, if you have frustrations with MS I understand, but don't take it out on them.
16:17:57 [hwest]
... Last week suggested a section in the compliance doc for user agent compliace. At this point, seems clear that would be a good thing to add.
16:18:09 [rigo]
q+ to add a requirement that a UA must be able to handle an exception request
16:18:10 [hwest]
... Other piece is what we would require of UAs to be compliant in terms of default options in particular.
16:18:15 [erikn]
erikn has joined #dnt
16:18:24 [hwest]
... A user agent can be a browser, plugin, mobile, apps, etc.
16:18:27 [Zakim]
16:18:34 [dsinger]
(They also announced that conformance for them was 'do not target', which is also not conformant)
16:18:46 [rigo]
16:18:47 [hwest]
... Could be looking at signals for cable on TV, for example. Not talking about just a few web browsers, looking at the univers of UAs.
16:18:53 [Zakim]
+ +49.625.799.9.aakk
16:19:05 [schunter]
Zakim, aakk is schunter
16:19:07 [Zakim]
+schunter; got it
16:19:13 [erikn]
zakim, Apple.a has erikn
16:19:13 [Zakim]
+erikn; got it
16:19:18 [hwest]
... I believe that on the call we had a good consensus that UAs could not speak for users, and should not choose a DNT-1 or DNT-0
16:19:22 [Zakim]
16:19:45 [Zakim]
+ +1.917.318.aall
16:19:52 [hwest]
Aleecia: Do we have anyone else that disagrees that UAs may not send a header 1 or 0 unless the user has made a proactive choice for privacy
16:19:56 [Zakim]
16:19:59 [rvaneijk]
Aleecia, please put question in IRC
16:20:08 [rigo]
16:20:09 [dsinger]
16:20:10 [WileyS]
16:20:11 [tl]
16:20:29 [aleecia]
ack tl
16:20:32 [hwest]
q+ jmayer
16:20:43 [aleecia]
(thank you heather)
16:20:50 [hwest]
tl: While most mainstream browsers a choice means a tickybox or slider, there will be apps that using the software at all is a privacy choice
16:20:51 [dsinger]
16:20:54 [rvaneijk]
16:21:15 [hwest]
... like the Tor bundle or PrivacyBrowser
16:21:29 [susanisrael]
16:21:33 [bilcorry]
Does it go other way, downloading a sharing app that sets DNT:0 is ok?
16:21:34 [aleecia]
ack rigo
16:21:34 [Zakim]
rigo, you wanted to add a requirement that a UA must be able to handle an exception request
16:21:36 [hwest]
Aleecia: Last week we left with some confusion over AVG, we should have a more specific threshold so that it's easier to interpret
16:21:49 [tl]
s/PrivacyBrowser/the hypothetical "PrivacyBrowser" that we keep using as a placeholder
16:22:09 [hwest]
Rigo: Fundamental disagreement with this paradigm, creates more trouble than we can handle. If service sees only DNT signal and can't tell where it's from, then there's confusion
16:22:13 [Zakim]
16:22:16 [ifette]
16:22:25 [sidstamm]
Zakim, Mozilla.a has sidstamm
16:22:25 [Zakim]
+sidstamm; got it
16:22:30 [hwest]
... if UA can't handle exception mechanism, then can't claim compliance with DNT
16:22:49 [BerinSzoka]
BerinSzoka has joined #dnt
16:22:58 [tl]
+q to say that even if a UA's UI is non-compliant, a web service is non-compliant if they ignore that signal
16:23:04 [hwest]
... It also solved void DNT signals, so that signals the server suspects havne't made a valid choice can use the exception mechanism to ask
16:23:12 [hwest]
... This allows a server to do due diligence
16:23:38 [hwest]
... The ability to see is what comes down the pipe, for the server
16:24:10 [hwest]
Aleecia: We're at a different point in the conversation, suggest that you create a new issue on the notion that a UA must be able to accept an exception request
16:24:58 [hwest]
... just to add a bit more to what Rigo says, the idea is that a UA that sends DNT-1 should be able to accept a claim of out of band exception, should be more than just a DNT-1 beacon
16:25:20 [hwest]
... Just looking at the idea of setting a default of DNT-1 or DNT-0 in the absence of communication around a privacy preference from the user
16:25:22 [aleecia]
ack WileyS
16:25:30 [rvaneijk]
16:25:56 [hwest]
WileyS: Agree with tl, have had the same conversation from the other side, on out of band consent. It is an informed and express decision by the user to grant the out of band consent, so we would basically be placing that rule in the opposite direction.
16:25:58 [rvaneijk]
Just as we have out-of-band consent we should leave room for out-of-band setting of the DNT value.
16:26:06 [amyc]
amyc has joined #dnt
16:26:29 [hwest]
... in either case, if someone is downloading a tool that is obviously meant to be used across multiple websites, then it might be deemed to fulfill the consent requirement
16:26:50 [fielding]
16:27:06 [fielding]
absolutely not -- that would make all resources non-cacheable
16:27:13 [hwest]
... we should add a response in the response header to tell the user that in general the server supports DNT, but that will not honor the signal because the UA may not be compliant
16:27:22 [rvaneijk]
16:27:24 [jchester2]
16:27:31 [justin]
This is a later question, WileyS
16:27:32 [hwest]
... once you add the user transparency element in the conversation, can support the perspective of no default
16:27:37 [fielding]
there will be no custom responses just because of DNT
16:27:39 [hwest]
Aleecia: We are working on one small piece here
16:27:48 [jchester2]
16:27:58 [hwest]
... All I'm looking for is any person that does not think we are at a consensus on this, we will come back to other points
16:28:02 [WileyS]
16:28:07 [jchester2]
16:28:10 [aleecia]
ack jmayer
16:28:11 [fielding]
16:28:14 [hwest]
... UAs should not send 1 or 0 by default unless the user has made a choice
16:28:53 [hwest]
jmayer: Explanation for why I think defaults should be allowed, and why it makes sense that they won't be allowed, happy to explain but will wait to see if it's immediately relevant.
16:28:54 [aleecia]
ack dsinger
16:29:04 [ifette]
16:29:48 [hwest]
DSinger: Don't want to see the balance here go off, want to avoid an arms race of disbelief on both sides
16:29:59 [aleecia]
q+ johnsimpson
16:30:13 [aleecia]
ack susanisrael
16:30:19 [ifette]
Aleecia phone people can use 41# to add to queue
16:30:32 [hwest]
susanisrael: Agree, not questioning consensus, looking for clarification on the definition of UA that includes cable TV
16:30:33 [ifette]
(or 40# to drop from queue)
16:30:52 [hwest]
... would appear to extend scope beyond online, wanted some clarification on how that was included in the UA definition
16:31:21 [hwest]
Aleecia: We don't have a consensus view on that, but there is interest in DNT working there. We have mobile included in the scope, may go beyond that as well.
16:31:28 [hwest]
... may be other contexts as well that should have a DNT solution.
16:31:34 [ifette]
isn't this covered by the traditional definition of 'user agent' ?
16:31:34 [fielding]
hmm, pretty sure we have a consensus decsision on that -- all user agents
16:31:47 [fielding]
16:31:55 [hwest]
SusanIsrael: Trying to seek clarification on whether this effort is considered applicable to those other spaces now, or whether those are questions that will be taken up separately
16:32:06 [hwest]
Aleecia: The question will be taken up separately, there is not a consensus there.
16:32:32 [hwest]
... applicable to web and apps, but may be more. Not just looking at just the major browsers, but apps and plugins etc too.
16:32:33 [aleecia]
16:32:38 [aleecia]
ack tl
16:32:38 [Zakim]
tl, you wanted to say that even if a UA's UI is non-compliant, a web service is non-compliant if they ignore that signal
16:32:52 [aleecia]
ack johnsimpson
16:33:54 [hwest]
JohnSimpson: Want to echo the point that this was the consensus, that there has to be definite user choice as it applies to broad purpose browsers. The consensus is appropriate as long as the spec relies on user expectation as the basis for defining parties.
16:34:18 [hwest]
... if we start to get away it seems to me that the fundamental underpinning of default user choice loses some steam.
16:34:22 [aleecia]
PROPOSED: there must be user choice, which can include choosing a privacy-protecting setting (e.g. slider) or the UA itself (e.g privateBrowser)
16:34:51 [rvaneijk]
16:34:54 [dsinger]
can we check whether Roy's text reflects the consensus?
16:34:56 [hwest]
Aleecia: I am not hearing any dissent on this point
16:35:03 [aleecia]
ack rvaneijk
16:35:04 [suegl]
16:35:20 [hwest]
rvaneijk: I also would like to [..] possibility of a user interacting with a startup flow, if so, then I would be happy
16:35:28 [hwest]
Aleecia: That seems to fulfill a user choice
16:35:37 [hwest]
... would be good for nonnormative text
16:35:39 [aleecia]
ack suegl
16:35:41 [fielding]
yes, that would be making a choice, assuming they don't leave the answer blank
16:35:42 [jmayer]
jmayer has joined #dnt
16:35:50 [rigo]
RvE: would possible to have choice as part of startup or install interaction
16:36:03 [rigo]
hwest, I added the "install" part
16:36:23 [dsinger]
zakim, who is making nosie?
16:36:23 [Zakim]
I don't understand your question, dsinger.
16:36:28 [rigo]
zakim, who is making noise?
16:36:30 [hwest]
suegl: Asks for clarification of the small piece we're talking about here
16:36:38 [jmayer]
I strongly disagree that this was a consensus view.
16:36:38 [Zakim]
rigo, listening for 10 seconds I heard sound from the following: johnsimpson (14%)
16:36:45 [BerinSzoka]
16:36:49 [jmayer]
But I'm willing to compromise.
16:36:52 [hwest]
Aleecia: I think that jmayer is the only one that is not in consensus here
16:36:54 [rigo]
zakim, mute johnsimpson
16:36:54 [Zakim]
johnsimpson should now be muted
16:36:54 [ifette]
zakim, mute johnsimpson
16:36:55 [Zakim]
johnsimpson should now be muted
16:37:09 [hwest]
?: We do think that DNT is something you could have a default setting on
16:37:19 [ifette]
16:37:24 [hwest]
(Who is talking?)
16:37:37 [ifette]
16:37:37 [amyc]
Sue Glueck, Microsoft
16:37:47 [hwest]
suegl: We do think that DNT is something you could have a default setting on
16:37:59 [hwest]
Aleecia: Yes, that's what MS just implemented
16:37:59 [aleecia]
ack BerinSzoka
16:38:30 [fielding]
I am quite certain that a browser installed and enabled by an operating system installation does not reflect a user's choice for any privacy preference.
16:38:31 [hwest]
BerinSzoka: It seems like, from this conversation, that resolving this issue requires bringing some of the UI design into scope
16:38:37 [hwest]
Aleecia: No, that's out of scope by charter
16:38:53 [hwest]
BerinSzoka: How do you propose to do what you suggest without bringing UI into scope?
16:39:00 [dsinger]
perhaps Roy's text in paragraph 4 at can help explain?
16:39:07 [jmayer]
UI is not in scope. Defaults are. Different issues.
16:39:08 [hwest]
Aleecia: All I'm saying is that a UA should not choose without asking the user.
16:39:12 [rigo]
roy, would your mind change if there is an interaction as Rob suggested?
16:39:15 [ifette]
16:39:20 [brooks]
brooks has joined #dnt
16:39:36 [hwest]
... does it make sense to think more about how to do that? Yes, that would be a great thing to take up outside this group.
16:39:45 [hwest]
... Mozilla is interested in talking through that.
16:39:58 [aleecia]
ack ifette
16:40:08 [fielding]
Rigo, not if it was asked when installing the operating system. If it was asked on first use by a real user, yes.
16:40:19 [hwest]
ifette: I hate to disagree, because I feel like we were so close. I generally agree with what you posted in IRC in principle, but what you just said, I do disagree with
16:40:32 [hwest]
... that somehow we're saying that PrivacyBrowser can set DNT by default, but IE cannot
16:40:47 [rigo]
ah, my fault that I assumed that OS installation had human interaction
16:40:50 [ninjamarnau]
I think a DNT:0 default has a significantly higher impact on a user's rights than a DNT:1 default. So maybe we need a gradation.
16:41:01 [hwest]
... need to be clear how to define a UA that is privacy-specific
16:41:05 [BerinSzoka]
thanks, Ian. That's precisely the question I was getting at
16:41:11 [hwest]
... would be ok with adding some of the UI stuff to the scope of the charter
16:41:21 [fielding]
16:41:24 [rigo]
ninja, DNT;1 has significantly higher impact on the economy than DNT;0 :)
16:41:30 [hwest]
Aleecia: I do think we need something that is easier to decide for cases like AVG
16:41:38 [hwest]
... I think we can tighten that up without talking UI
16:41:57 [laurengelman]
there might be different specs for what makes PrivacyBrowser
16:42:02 [jmayer]
To be clear: good policy compels a choice architecture of DNT by default. This decision has the crass intent and effect of reducing the number of DNT users.
16:42:07 [Chris_IAB]
I also disagree with Aleecia
16:42:21 [hwest]
Aleecia: We have two disagreements - suegl and jmayer. Otherwise, no one else seems to be disagreeing with the overall notion
16:42:26 [BerinSzoka]
isn't there a difference between setting UI requirements and having some agreement as to broad standards for choice? the former may be out of scope but the latter IS what we're talking about in recognizing that some UAs may validly turn on DNT:1 by default
16:42:41 [jchester2]
16:42:44 [hwest]
Have we defined UI anywhere in this process?
16:42:54 [jmayer]
Well, I disagree that there was consensus. I am willing to agree to the current proposal, with the understanding that it is part of a set of compromises.
16:43:12 [hwest]
Chris_IAB: We should talk about scope before we decide this based on the scope
16:43:14 [rigo]
zakim, unmute johnsimpson
16:43:14 [Zakim]
johnsimpson should no longer be muted
16:43:23 [dsinger]
16:43:33 [rigo]
zakim, mute johnsimpson
16:43:33 [Zakim]
johnsimpson should now be muted
16:43:38 [hwest]
Aleecia: I do believe that we are on consensus for that high level point
16:43:38 [bilcorry]
I disagree that DNT can be set via installer, splash screen, etc. The user should have to use UI to set their choice.
16:43:51 [aleecia]
ack fielding
16:43:59 [tl]
bilcorry: In what way is an installer not a UI?
16:44:12 [WileyS]
JMayer - Disagree on "packaging" this with other compromises. This was always the consensus outside of your agreement.
16:44:12 [bilcorry]
To change the setting, does the user run the installer again?
16:44:21 [hwest]
fielding: Sending DNT-1 by default doesn't actually improve privacy. In order to improve privacy, need to comply with DNT standard. Anything that dissuades compliance with DNT standard harms privacy.
16:44:24 [aleecia]
ack jchester
16:44:25 [rvaneijk]
@billcorry, sorry, but setting via installer IS a UI flow
16:44:33 [ninjamarnau]
rigo, as long as I am working for a DPA and not for the IAB I am a little biased ^_^
16:44:48 [tl]
bilcorry: The ability to set a preference in an installer does not preclude having the choice available in the setting dialog.
16:44:53 [bilcorry]
User will not know how to change the setting if done via installer, setup wizard, etc.
16:44:53 [hwest]
jchester2: Want to say that I support the compromise saying that the default is not in fact setting DNT, but with the hope of resolving this with a package that protects privacy.
16:45:20 [hwest]
... in the absence of adopting a final package, giving up a consumer right ot have DNT1 as a default should be there. I support this in the context of the compromise.
16:45:49 [adrianba]
adrianba has joined #dnt
16:46:05 [tl]
bilcorry: Users won't know to change the setting if it's *not* in the installer either.
16:46:12 [jmayer]
It's as if millions of web users's
16:46:12 [hwest]
Aleecia: As chair, I am calling this a consensus. Roy did a good job of starting the text, I will take an action to flesh that text out. It will belong in the compliance doc, we will post it to the mailing list to discuss.
16:46:18 [rvaneijk]
@rigo, will address that at the OBA roundtable next week..
16:46:24 [rigo]
16:46:35 [bilcorry]
I'm concerned the installer can sway a choice then make changing it very hard by burying the setting
16:46:44 [Zakim]
+ +1.202.555.aamm
16:46:48 [ifette]
ACTION: aleecia to come up with further text to get the consensus declared in this call around DNT and whether it can be set by default (no) in the spec
16:46:48 [trackbot]
Created ACTION-210 - Come up with further text to get the consensus declared in this call around DNT and whether it can be set by default (no) in the spec [on Aleecia McDonald - due 2012-06-13].
16:46:48 [hwest]
... would like to pick up an important part here. What does it look like for a user to make a decision for privacy, with the concrete example of AVG.
16:46:50 [adrianba]
zakim, aamm is me
16:46:50 [Zakim]
+adrianba; got it
16:46:54 [jmayer]
Erm, smartphone and Star Wars reference fail.
16:46:55 [ifette]
16:47:00 [adrianba]
rrsagent, pointer
16:47:00 [RRSAgent]
16:47:04 [rvaneijk]
@billcorry, I do see your point, but think it is a weak argument.
16:47:09 [justin]
bilcorry, You're going to outlaw nudges?
16:47:16 [hwest]
... is being an AVG user sufficient to be consent? What general guidance can we give here?
16:47:19 [rigo]
bilcorry, it is not only by changing the preference, if the UA has to be able to handle the exception mechanism
16:47:33 [tl]
bilcorry: ...and this is why UI is not on the table.
16:47:40 [dsinger]
thinks we are looking for something that has a 'primary purpose' of *privacy*?
16:47:41 [aleecia]
16:47:44 [jmayer]
16:47:47 [aleecia]
ack ifette
16:47:49 [tl]
16:47:51 [vincent]
bilcorry, Chrome provide some opttions during install/download that you can reverse through the settings (it's quite well documented)
16:48:24 [justin]
It is hard to have this conversation at a conceptual level without specific text.
16:48:36 [hwest]
ifette: As a preface, I think what's important is that people understand what their UA is doing, and I'm very concerned that someone sees a one line bullet item on privacyBrowser that doesn't actually result in an informed user. We need UAs to be clear about what DNT does, and the UA that wants to set that needs to accurately reflect what the spec is
16:48:49 [hwest]
... needs to be more than 'don't track me on the internet', needs to be more nuanced
16:48:54 [dsinger]
to ifette: this is an issue for the 'check-box' in ordinary browsers as well; how do you phrase what it does?
16:49:14 [hwest]
... happy to take an action on how to say this, but generally, the UA has to inform the user about what the spec actually does so the user can make an informed decision.
16:49:17 [rvaneijk]
@ifette, come on, that is UA stuff and out of scope.
16:49:22 [dsinger]
16:49:31 [Chris_IAB]
agree, slider is not sufficient
16:49:32 [rigo]
+1 to Rob
16:49:32 [hwest]
Aleecia: so a slider would be out of scope?
16:49:41 [Chris_IAB]
too vague
16:49:43 [hwest]
ifette: It hink this needs to be an explicit, unbundled setting.
16:49:44 [jmayer]
jmayer has joined #dnt
16:49:45 [aleecia]
16:49:48 [aleecia]
ack jmayer
16:49:53 [bilcorry]
I agree, aggregate setting (sliders) should be disallowed
16:50:21 [rigo]
do you want to send DNT;1? - Yes!
16:50:21 [justin]
16:50:32 [vincent]
ifette: I think that something like the chrome checkbox for "usage statistic and crahs report" with a "learn more" link would be ok
16:50:37 [aleecia]
what is with DNT;1? we're doing DNT:1, with a colon :-)
16:50:44 [hwest]
jmayer: It will be rare to have extensions that do only this. Likely to be part of a larger package. Going to take a lot of what already goes on if we ask to call out DNT explicitly for users.
16:50:48 [rigo]
not sufficient: Do you really want to send DNT;1 - Yes!
16:50:48 [ifette]
16:50:49 [aleecia]
16:50:53 [aleecia]
ack tl
16:51:08 [ifette]
16:51:16 [rigo]
not sufficient: Do you really really really want to send DNT;1 - Dam it!
16:51:21 [rigo]
ok, I send DNT;0
16:51:26 [Zakim]
- +1.917.318.aall
16:51:29 [laurengelman]
16:51:40 [hwest]
tl: I disagree with ifette. Most features don't explicitly explain what they do. We create software by having small, simple signals that correspond to complex functionality. Slider should be sufficient.
16:51:42 [Zakim]
+ +1.917.318.aann
16:51:49 [hwest]
... if it has to be unbundled, impossible to implement
16:51:51 [aleecia]
ack dsinger
16:52:27 [hwest]
dsinger: agree with ifette in the difficulty in explaining, disagree that it has anything to do with defaults
16:52:28 [aleecia]
ack justin
16:52:35 [rigo]
+1 to dsinger
16:53:04 [aleecia]
ack ifette
16:53:05 [hwest]
justin: Agree with tl and dsinger. When we talked about exceptions, we had explicit exception language and we didn't want to be overly prescriptive. If we don't want to be prescriptive for exceptions shouldn't be in DNT either.
16:53:44 [rigo]
16:53:50 [tl]
16:53:54 [jmayer]
16:53:57 [hwest]
ifette: Ironic that tl, from Mozilla, tells me that it's too hard to unbundle, since they offer lots of options. Also, notion of bundling, it's a very fine line - don't mean to disallow all bundling, but if a 'protect my privacy' tickybox is offered, of course they tick it - but unclear what they're doing
16:53:57 [adrianba]
16:54:35 [hwest]
... general concern that it's unclear what you are or aren't getting. Objection is more over the lack of explicit explanation of what's going on. Goal is to make it clear what they are and aren't getting from DNT.
16:54:49 [aleecia]
ack tl
16:55:14 [ifette]
even without about:config you still have waaay more options tom
16:55:15 [aleecia]
ack rigo
16:55:16 [hwest]
tl: I think it's disingenuous to refer to about:config as a meaningful set of settings.
16:55:25 [laurengelman]
think about a mobile interface. You're lucky if you get one check box on privacy. There is no way to provide an unbundled notice on mobile screen, for any functionality. DNT is not any more special than anything else that is bundled.
16:55:30 [Zakim]
16:56:14 [jmayer]
jmayer has joined #dnt
16:56:18 [hwest]
Rigo: FIrst of all this all explains why we have said that we do not want to interfere with the UI, because that's where the innovation is coming. Don't want to preclude that innovation. If we make it harder to express consent by requiring full explanation, then you make the point in the US market that you fall back to DNT unset default, and then still can track. But then destroy AU, JP, EU as an easy mechanism to acquire rights to track or do things.
16:56:32 [hwest]
... if it's hard to obtain consent, then it will be hard in EU to use DNT in any meaningful way.
16:56:47 [hwest]
... Rob is actually arguing for simpler exhanges than ifette is
16:56:48 [aleecia]
ack jmayer
16:57:12 [hwest]
jmayer: I want to emphasize that we have a real level of generality problem. No one is going to argue that users who enable DNT should understand everything in the spec. So we have to figure out where the bar is.
16:57:31 [hwest]
... it doesn't seem to me particularly challenging to make a general statement about this being for third party web tracking. Still hard to give to users.
16:57:41 [hwest]
... Going to be really hard.
16:57:43 [aleecia]
ack adrianba
16:58:00 [Chris_IAB]
If it's difficult to explain, then it's not simple-- and I thought this was supposed to be simple?
16:58:37 [vincent]
laurengelman, I guess we could set the DNT setting through the mobile os setting interfaces (I don't thik we're considering this now)
16:58:50 [hwest]
adrianba: jmayer said my first point, that you should not have to understand the DNT spec. But a point about UI, the trend is to reduce the amount of UI that users are presented with. In IE, we used to prompt users before they submit a form, we asked them if they really wanted to switch to https. Users didn't awnt all these questions, they wanted the browser to make the choice for good defaults. That's what we're trying to do.
16:59:11 [Chris_IAB]
the reality is, this IS a complex choice (with extensive ramifications) and thus it may not be possible to simplify that choice.
16:59:15 [hwest]
Aleecia: Suggest a few action items for text on this, something that they can understand without spending a year of their life on this. We will take multiple texts, evaluate them.
16:59:37 [rigo]
Chris, but the choice is living, can change at any moment in time
16:59:48 [hwest]
... ifette will take an action, tl will respond in particular to the text.
16:59:56 [hwest]
... But we need more than one proposal.
17:00:10 [laurengelman]
i'm just saying, everything in tech is bundled.
17:00:22 [Chris_IAB]
Rigo, not sure I understand your comment?
17:00:40 [rigo]
q+ to have my fundamental different approach
17:00:48 [aleecia]
ack rigo
17:01:04 [aleecia]
Ian are you still up for an action here?
17:01:05 [Zakim]
rigo, you wanted to have my fundamental different approach
17:01:15 [justin]
Agree with dsinger: I disagreed with ifette's first explanation, less so with his second
17:01:16 [tlr]
tlr has joined #dnt
17:01:29 [hwest]
Rigo: I have a fundamentally different approach to the entire problem. This comes from fundamentally different approach. Should take into account horizon of the user that receives feedback from the service.
17:01:40 [justin]
I'll offer to write something less prescriptive if no one else wants to.
17:01:46 [ifette]
justin, hopefully i can come up with a third that you disagree with even less :)
17:01:48 [aleecia]
thank you, Justin
17:02:37 [Zakim]
17:03:05 [Chris_IAB]
with respect to other UI, and keeping UI simple, this should only apply to simple concepts-- the problem here is, as identified by Jonathan, is that this is NOT a simple concept.
17:03:17 [hwest]
Aleecia: At this point have heard offers from ifette and justin to write up proposed text within the next week.
17:03:23 [Zakim]
17:03:42 [efelten]
efelten has joined #dnt
17:04:17 [hwest]
Aleecia: Lets talk about something we may not finish in 25 minutes. What happens when a UA does not comply with what we have for a specification?
17:04:17 [ifette]
17:04:30 [Chris_IAB]
and the effect of the choice, will likely not be transparent to the user-- this is a bad day for users. I can't believe that any consumer advocate would agree that this is a good outcome.
17:04:45 [hwest]
... if we publish tomorrow, then MS would not be in compliance. But from standards perspective, what, if anything do we say about noncompliance on the UA side?
17:04:46 [fielding]
17:04:49 [dsinger]
17:04:51 [ninjamarnau]
17:05:00 [aleecia]
ack ifette
17:05:02 [tl]
17:05:34 [jchester2]
17:05:57 [hwest]
ifette: Want to point out that there is a lot of second guessing online - server may say that it will give an image but actually gives JS, so browsers do guess at server compliance. Server also guesses compliance in Chrome, for example special site for IE. Server also guesses HTML5 compliance, etc.
17:05:57 [jmayer]
Ian, you're welcome to second-guess the user's preference - by asking.
17:06:19 [hwest]
Aleecia: Are there specs that have them built in, or is that just what happens in practice to keep things from breaking?
17:06:25 [dsinger]
(html5 has sniffing written in, yes)
17:06:31 [hwest]
ifette: The examples I'm setting are just the UA making things work, not actually part of the spec.
17:06:38 [rvaneijk]
Ian, circumventing DNT will not look good in the EU..
17:06:47 [rigo]
ifette, and how can we help the second guessing. How can we make it so that we come closer to what is intended and not having to create a thing that we know we have to patch and work around
17:06:54 [hwest]
... would be clearer if there was a way for the UA/server to say 'I'm second guessing you'
17:07:05 [hwest]
Aleecia: Maybe we put in non normative text, but that's my opinion.
17:07:07 [aleecia]
ack fielding
17:07:15 [aleecia]
(thank you, Heather)
17:07:29 [hwest]
fielding: Talking about compliance is not a 0/1 issue in reality. It's about what they claim to do and what they actually do.
17:07:45 [hwest]
... if browser claims compliance but it's broken, then server has to deal with that.
17:07:53 [jmayer]
17:07:54 [aleecia]
17:07:58 [hwest]
... Such a wide stretch, not sure that it can be expressed int he spec at all.
17:08:03 [aleecia]
ack dsinger
17:08:03 [Chris_IAB]
bad UI = user inputs something based on an intent, output is unknown or does not comply with the intent (thus getting intent clear, is critical)
17:08:20 [Zakim]
17:08:43 [hwest]
dsinger: Big difference between protocol errors and second guessing what you mean by what you send. Would lead us into an arms race, should be silent on it in the spec.
17:08:59 [hwest]
... should limit this to in-protocol behavior.
17:09:04 [aleecia]
ack ninjamarnau
17:09:07 [justin]
I have said all this (repeatedly) on the mailing list, but agree with dsinger's points
17:09:12 [Zakim]
17:09:14 [ifette]
q+ to say you're going to have this second guessing anyways. Would you rather have the user believe that the server accepted the request, or know that the server rejected the request
17:09:15 [vincent_]
vincent_ has joined #dnt
17:09:33 [rigo]
but you could test whether a UA can handle an exception is easy and testable on the wire
17:09:48 [WileyS]
17:09:51 [hwest]
ninja: Agree with dsinger that spec should stay silent on this. Disregarding valid DNT signal should be dealt with by authorities, FTC, DPAs.
17:09:54 [aleecia]
ack tl
17:10:01 [Chris_IAB]
David, what you outline here is indeed a fundamental flaw with this whole thing, which then begs the question, why are we doing it in the first place (if it can't be done well)? That to me, is irresponsible. We should get it right, or not do it.
17:10:03 [hwest]
But that's the thing, ninja, it's not valid
17:10:07 [dsinger]
to ifette: oh, I absolutely agree that the server, to be compliant, has to indicate what it is doing.
17:10:29 [Zakim]
17:10:35 [hwest]
tl: Second guessing whether the signal was what you meant to send would be problematic. Shouldn't be white/blacklisting UAs, makes it difficult to implement.
17:10:37 [fielding]
if a server claims only "we support DNT, but not for MSIE 10.0 because it has a broken setting", then it is making a true statement. FTC enforces when you make a false statement. Note that in the EU, no DNT signal reverts to the applicable laws.
17:10:42 [Zakim]
17:10:42 [justin]
According to whom, hwest? :)
17:10:46 [Zakim]
17:10:52 [hwest]
... any server second guessing of the signal is problematic
17:11:00 [hwest]
If no colon, it's me talking, justin
17:11:07 [WileyS]
Tom - then its on the Server at that point. I was thinking more of a black-list approach.
17:11:10 [aleecia]
17:11:16 [aleecia]
17:11:19 [tl]
17:11:29 [aleecia]
ack jchester
17:11:31 [rigo]
ack jchester
17:11:38 [hwest]
jchester: I agree with what's been said with the last few. It should be unacceptable to make sure that if in fact a browser signal's DNT-on is ignored.
17:11:39 [hwest]
17:11:48 [justin]
hwest, Yes, I was just responding to your point about who decides it's valid. But don't mean to interfere with your excellent scribing . . .
17:11:52 [ifette]
no one requires a site to implement DNT
17:11:53 [hwest]
jchester: cannot have server undermining privacy protection.
17:11:56 [aleecia]
ack jmayer
17:11:56 [WileyS]
That's fine - at least the user is clearly told the server is not honoring the signal from that particular UA
17:11:58 [Zakim]
17:12:01 [dsinger]
q+ to talk about second-guessing servers
17:12:23 [rigo]
exactly Shane, your response header is clear and solve it IMHO
17:12:40 [dsinger]
17:13:02 [WileyS]
Jonathan is pushing for the pure opt-in world
17:13:06 [Chris_IAB]
why don't we ASK then up front, Jonathan?
17:13:11 [Chris_IAB]
in the UI?
17:13:12 [hwest]
jmayer: I wanted to make sure to be explicit about what happens by saying you have to respect a DNT header even if it's not explicit user preference. IE UA has good reason to believe it's not a user expression. There are some users who will tweak the settings, too. So maybe the server just asks in popup, widget, etc. If user doesn't confirm, then you have an exception.
17:13:17 [jchester2]
DNT will be the norm expected by consumers around the world. NGOs and DPA will help make that happen
17:13:22 [aleecia]
ack ifette
17:13:23 [Zakim]
ifette, you wanted to say you're going to have this second guessing anyways. Would you rather have the user believe that the server accepted the request, or know that the server
17:13:23 [Zakim]
... rejected the request
17:14:07 [justin]
Can we second-guess by making the browsers aver compliance with the standard?
17:14:09 [susanisrael]
susanisrael dropping from irc but remaining on call
17:14:24 [hwest]
ifette: Lots of people saying that second guessing would be a bad road to go down. I don't think second guessing is a rosy proposition, but second guessing will happen one way or another. There will be people who do not think it is an informed user choice. If you beleieve second guessing will happen, then how should we make that happen? If it's default on, the user may think that the request is honored and they are misled, or the site should be able to say that th
17:14:28 [BerinSzoka]
Jeff: as usual, our disagreement comes down to a fundamental disagreement about goals. You see the goal as "maximization of privacy." I see many competing values, including the principle of user choice and the idea that no-cost opt-outs don't scale, so forcing DNT adoption above a certain minimum threshold is going to have consequences that are bad for the entire ecosystem, and may well force reengineering of the ecosystem in ways that are actually bad for
17:14:44 [hwest]
... nothing requiring site to honor DNT, site can just say 'nope, not compliant'.
17:14:45 [jmayer]
jmayer has joined #dnt
17:15:09 [BerinSzoka]
See Opt-in Dystopias by Nicklas Lundblad and Betsy Masiello:
17:15:13 [hwest]
... creating some sort of agreement where user expresses a preference, and the server either does or doesn't agree to use that preference
17:15:22 [jmayer]
Ian, if a site claims compliance with the DNT spec, it is legally bound to do what we decide on this issue.
17:15:46 [jchester2]
The site can't mislead a consumer when they receive a signal. Advertisers will want sites who are classified as "safe" to honor DNT. We will also seek regulatory and congressional action to make sure a consumer's request is honored.
17:15:50 [aleecia]
ack WileyS
17:16:21 [hwest]
WileyS: A little bit more extremist: if we claim in our PP that we are compliant, we need an opportunity to say that we won't honor bad actor signals.
17:16:25 [jmayer]
17:16:34 [rigo]
sending back "not that browser" is very evil. "not honor DNT" is fine. But only from browser sniffing is evil. Because browser sniffing is evil!
17:16:37 [hwest]
... transparent that we received DNT1 and will not be honoring. Alternative is just not supporting DNT.
17:16:40 [Zakim]
17:16:41 [dsinger]
if we write anything about bad actor UAs, then we must write something about bad actor servers!!
17:17:02 [aleecia]
ack tl
17:17:04 [jmayer]
Um, there is *nothing* transparent to users about an "I don't agree" response on the wire.
17:17:06 [tl1]
tl1 has joined #dnt
17:17:07 [hwest]
... providing a clear signal to the consumer with exactly what the practices are is the right middle position.
17:17:07 [ninjamarnau]
ifette, though I support the server giving an explicit ACK or NACK answer, I do not want the server to be allowed by the spec to disregard=change (as in DNT;1 to DNT;unset) a valid signal
17:17:14 [tl]
17:17:27 [hwest]
tl: In the situation where you think that there are some UAs that have misleading UIs, what stops you from putting that in your privacy policy?
17:17:33 [fielding]
The bad actor response can be more easily and effectively made in the tracking status resource and in custom content presented to the user than in a header field that almost no user will ever see.
17:17:34 [jchester2]
Not supporting DNT is not a sustainable position for the industry, politically. It's time to accept this.
17:17:39 [BerinSzoka]
Jonathan: I agree that companies should be held to their promises to respect DNT but as a legal matter, it's important to remember that the FTC's Deception Policy Statement requires not only deception but materiality. in other words, I don't think the FTC would win if a server ignored a DNT header that didn't actually represent user choice
17:17:42 [Zakim]
17:17:48 [hwest]
WileyS: Sure, we could. Just suggesting that having it in the response is better for the transaction.
17:17:57 [Zakim]
17:17:59 [BerinSzoka]
from the policy statement: "the representation, omission, or practice must be a "material" one. The basic question is whether the act or practice is likely to affect the consumer's conduct or decision with regard to a product or service"
17:18:20 [ifette]
17:18:30 [aleecia]
regrets+ sidstamm
17:18:40 [Zakim]
17:18:42 [hwest]
tl: The response header is really important, and covering the gamut of responses is important, but we want to be clear that when we receive DNT1 and think that UA is not playing fair, that at that point you're not complying with the spec. Neither of you are.
17:18:42 [BerinSzoka]
in other words, insisting on user choice here is actually critical to ensuring the FTC can enforce corporate promises to respect DNT. remove that, and you undermine the very legal enforceability of DNT. that's a disaster from a privacy advocacy perspective
17:18:49 [ifette]
tl, you're only not in compliance if we don't give you a way to express that
17:18:52 [rigo]
but then send back NACK tl
17:18:54 [aleecia]
ack hwest
17:19:00 [Zakim]
17:19:03 [robsherman]
17:19:16 [ifette]
hwest: tom, what you just said is not true, there needs to be a place in the spec for you to NACK it
17:19:31 [ifette]
… we should distinguish between well-formed (DNT:1) and compliance ('is it playing by the rules')
17:19:35 [ifette]
… we are conflating the two
17:19:38 [ifette]
… may be able to separate things out
17:19:44 [aleecia]
ack jmayer
17:19:47 [tl1]
17:20:23 [hwest]
robsherman: Two points. You may know whether the UA is compliant but you may not know what the user's preference actually is.
17:20:41 [robsherman]
hwest, I think that was Jonathan, not me.
17:20:48 [rvaneijk]
17:20:50 [hwest]
... further disentangle too, noncompliant user agents and user preference should be separate.
17:20:52 [ifette]
jmayer, right, so you don't know what the user's explicit preference was, so you should have a way to say 'sorry i can't figure out your explicit preference so FYI I'm ignoring your request'
17:21:18 [fielding]
17:21:33 [aleecia]
ack robsherman
17:21:37 [aleecia]
17:21:45 [hwest]
jmayer: this is one of those examples of substance without a remedy. We see example of that playing out over the last week. To the extent that you start ignoring their DNT headers, you have no remedy.
17:21:50 [hwest]
Sorry robsherman, getting behind, clearly!
17:22:02 [rigo]
and the other way around!
17:22:03 [justin]
ifette, But there's no mechanism for the user to persistently reply, "hey, I actually mean that" when a third party unilaterally decides it doesn't like a UI.
17:22:03 [BerinSzoka]
So, Jonathan and Jeff, do you really want to set up a DNT that the FTC cannot clearly require companies to respect?
17:22:26 [rigo]
send NACK :)
17:22:30 [ifette]
justin, a user could be visiting a site that doesn't support DNT for _any_ user agent
17:22:35 [hwest]
robsherman: needs to be obvious that header is different than user preference, server may be able to do something expressly inconsistent with the spec. Better to put server in a place where they can handle that within the spec than to put them out of compliance.
17:22:38 [aleecia]
ack tl
17:22:43 [fielding]
17:22:43 [ifette]
justin, and there would be no way for the user to say "Hey, I actually mean that" in that case either
17:22:49 [ifette]
DNT is an expression of your preference
17:23:12 [hwest]
tl: We've been talking about compliance a lot. Two notions of compliance. Global compliance, ie, PP statement. But as we've been discussing, DNT is a here-and-now signal.
17:23:16 [ifette]
the site then has to decide whether to accept that expression of your preference or not. It shouldn't lie to you about what it's doing, but it's under no obligation -- you don't get to dictate terms ;-)
17:23:17 [vincent_]
ifette, two questions: 1) would not ask for an exception be ok to be sure that the user actually does not want to be tracked
17:23:31 [justin]
ifette, Sure, but we're trying to find a way for DNT-complaint third parties to respect user preference to send DNT signals.
17:23:31 [hwest]
... if we have compliance include the option of 'we're not going to do that thing' then an assertion of being in compliance is not that useful.
17:23:36 [ifette]
vincent, we have said that to ask for an exception there must be a user gesture, you can't just fire off javascript
17:23:40 [rigo]
+1 to tl
17:23:40 [fielding]
17:23:57 [hwest]
... if we're going to be making promises about compliance, it needs to be in compliance all the time.
17:23:58 [justin]
ifette, And actually, there would be a way to do that for third parties that do no compliance at all. That's a TPL :(
17:24:02 [ifette]
vincent, so you can't just cheaply fire it off. ALso, the API is asynchronous so you have no guarantee of an immediate reply
17:24:06 [aleecia]
ack aleecia
17:24:16 [rigo]
it can not be global compliance announcement IMHO
17:24:26 [WileyS]
T1, Disagree - compliance means responding to the header and users then have an option on what to do from that point.
17:24:28 [rvaneijk]
if I (hypothetically) would like to install an addon called 'keep-my-DNT-1', I should be able to do so.
17:24:31 [rigo]
nack aleecia :)
17:24:48 [vincent_]
2) you said that chrome may have to spoof IE user agent to bypass second guessing at some point, how would the server know that the browser is actually chrome and resect dnt?
17:24:52 [hwest]
Aleecia: These are my views, not as the chair. Summarizing from the mailing list, not hearing that there should be a requirement for all incoming signals to be adhered to. Hearing a question of whether you may drop UA noncompliance or not mention it at all.
17:25:04 [ifette]
vincent, it wouldnt
17:25:10 [ifette]
vincent, but at least the user wouldn't be decieved
17:25:24 [WileyS]
rvaneijk - agreed - and it would be difficult for any Server to argue not honoring the signal from UA 'keep-my-DNT-1'.
17:25:27 [hwest]
... what I think for why not to take this on. Whether it is ok to drop a signal from noncompliant UA will vary from region to region. Not convinced that there is one answer for this that works in all places.
17:25:38 [rigo]
rvaneijk, only if it would be able to handle exceptions
17:26:01 [hwest]
... Regardless of what the spec says, that doesnt' change the legality. THere has been that point that you can't distinguish whether UA or user turned it on, puts companies in a difficult position.
17:26:37 [ifette]
sad but true that we can't distinguish plugins
17:26:38 [hwest]
... we're going to have multiple browsers, all sending a signal, so if we have something that is not a compliant UA, we don't know that. [Note: getting confused scribing, so please hop in?]
17:26:44 [bilcorry]
Should prohibit one UA setting the DNT for another UA
17:26:59 [hwest]
... As soon as we get to some sub-part of the browser, we no longer know who is sending the signal. Also, UA string spoofing.
17:27:05 [ifette]
aleecia: if it's a plugin sending the signal, you have no way to distinguish between the plugin or the UA having set the signal
17:27:18 [hwest]
Aleecia: Leaving UA-setting-for-UA out of spec
17:27:22 [aleecia]
ack fielding
17:27:54 [hwest]
fielding: HTTP editor hat, HTTP does not deal with anarchy. The group comes up with what it should do, and if the UA sends an invalid field/sematics, then that's an error.
17:27:57 [jmayer]
jmayer has joined #dnt
17:28:11 [hwest]
... in the past, when the UA or proxies have sent invalid header fields, then Apache has blocked them.
17:28:27 [hwest]
... Apache wants to keep HTTP protocol free and standardized for the Internet.
17:29:05 [tl1]
17:29:12 [hwest]
... So while I appreciate the opinions of what a particular company can do, if MS has a default DNT1 and the WG decides that we require browsers not send a default, then Apache will quickly patch to delete the header from IE UAs.
17:29:23 [aleecia]
ack tl1
17:29:28 [aleecia]
ack tl
17:29:31 [rigo]
and all this because we can't send NACK?
17:29:43 [hwest]
tl: So if I'm an app developer and think it's ok to have some extra headers, can't use Apache?
17:29:46 [justin]
fielding, How does the standard deal with the "anarchy" of a rogue third-party to send a false response header that it has out-of-band consent?
17:29:51 [WileyS]
In Issue 143 we're still requesting the DNT Header Request come paired with the name of the "Setter" - this should cover one UA activating DNT on another UA
17:30:02 [hwest]
fielding: Can change implementation, could move header to another field, doesn't happen by default.
17:30:07 [aleecia]
that conflicts with the decision last week, Shane
17:30:08 [Zakim]
17:30:16 [jchester2]
Responsible companies that want goor PR and relationships with the largest advertisers will have to respect the signal from IE.
17:30:22 [WileyS]
Disagree - we didn't close on 143 last week Aleecia
17:30:28 [justin]
Third-parties can falsely assert out-of-band compliance under the standard today.
17:30:28 [hwest]
... if it's necessary then we'll make it impossible to read it entirely. What an individual developer wants is less important than the internet remaining free.
17:30:37 [jmayer]
I think Roy's prediction here is totally wrong.
17:30:39 [justin]
That does not mean the standard is broken.
17:30:59 [hwest]
Aleecia: We will talk more in Seattle. But we have consensus that MS is not in compliance with the spec as it would be published today. We will be getting proposals on AVG, and on AU text.
17:31:00 [fielding]
justin, the standard does not. Apache does.
17:31:23 [Zakim]
17:31:25 [justin]
fielding, And what will Apache do for rogue out-of-band consenters? Feel free to move to mailing list.
17:31:28 [rigo]
HTML5 tagsoup, what is Apache doing about it? :))
17:31:36 [hwest]
Aleecia: Adjourned!
17:31:40 [Zakim]
17:31:45 [Zakim]
17:31:50 [justin]
Valiant job, hwest
17:31:54 [Zakim]
- +1.917.318.aann
17:31:57 [Zakim]
17:31:58 [Zakim]
17:32:00 [aleecia]
heather, thank you so much for scribing
17:32:01 [Zakim]
17:32:03 [Zakim]
17:32:04 [Zakim]
17:32:07 [Zakim]
17:32:08 [Zakim]
17:32:10 [Zakim]
17:32:13 [Zakim]
17:32:13 [aleecia]
this was a wild one to capture and you were awesome
17:32:14 [Zakim]
17:32:16 [Zakim]
17:32:19 [Zakim]
17:32:20 [Zakim]
17:32:22 [Zakim]
17:32:25 [Zakim]
17:32:26 [Zakim]
17:32:28 [Zakim]
17:32:31 [Zakim]
17:32:33 [Zakim]
17:32:34 [Zakim]
17:32:36 [Zakim]
17:32:38 [Zakim]
17:32:40 [Zakim]
17:32:43 [Zakim]
17:32:46 [Zakim]
17:32:48 [Zakim]
17:32:50 [Zakim]
17:32:53 [Zakim]
17:32:57 [Zakim]
17:33:44 [aleecia]
rrsagent, make logs public
17:34:02 [Zakim]
17:34:14 [robsherman]
robsherman has left #dnt
17:34:19 [aleecia]
RRSAgent, set logs world-visible
17:34:31 [aleecia]
RRSAgent, make minutes
17:34:31 [RRSAgent]
I have made the request to generate aleecia
17:34:38 [aleecia]
RRSAgent, end call
17:34:38 [RRSAgent]
I'm logging. I don't understand 'end call', aleecia. Try /msg RRSAgent help
17:36:27 [Zakim]
17:40:16 [KevinT1]
KevinT1 has joined #dnt
17:43:14 [tedleung1]
tedleung1 has left #dnt
17:43:56 [Zakim]
17:46:27 [adrianba]
adrianba has left #dnt
17:46:44 [degusta]
degusta has joined #dnt
17:48:56 [Zakim]
disconnecting the lone participant, jchester2, in T&S_Track(dnt)12:00PM
17:48:58 [Zakim]
T&S_Track(dnt)12:00PM has ended
17:48:58 [Zakim]
Attendees were eberkower, aleecia, +1.202.660.aaaa, +1.212.210.aabb, Rigo, ninjamarnau, KevinT, rvaneijk, +1.202.386.aacc, jchester2, ifette, +1.212.565.aadd, +1.310.292.aaee, tl,
17:48:58 [Zakim]
... johnsimpson, Joanne, BrendanIAB, vinay, alissa, wilson, WileyS, hwest, +1.202.642.aaff, +49.721.913.74.aagg, dsriedel, robsherman, fielding, dsinger, +1.415.627.aahh,
17:48:59 [Zakim]
... +1.678.580.aaii, aclearwater, suegl, jmayer, [Microsoft], Chris_PedigoOPA, Anna_Long, hefferjw, tedleung, bilcorry, berin, laurengelman, Brooks, +1.215.767.aajj, vincent_,
17:49:02 [Zakim]
... efelten, susanisrael, iab, [Apple], +49.625.799.9.aakk, schunter, erikn, +1.917.318.aall, [Mozilla], sidstamm, +1.202.555.aamm, adrianba, +1.917.318.aann
17:50:18 [mischat]
mischat has joined #dnt
17:56:11 [tlr]
tlr has joined #dnt
18:12:10 [tlr]
tlr has joined #dnt
18:36:25 [fielding]
fielding has joined #dnt