IRC log of dnt on 2012-06-20

Timestamps are in UTC.

15:58:12 [RRSAgent]
RRSAgent has joined #dnt
15:58:12 [RRSAgent]
logging to
15:58:32 [npdoty]
Zakim, make logs public
15:58:32 [Zakim]
I don't understand 'make logs public', npdoty
15:58:38 [npdoty]
rrsagent, make logs public
15:58:39 [vincent]
vincent has joined #dnt
15:58:47 [rvaneijk]
rvaneijk has joined #dnt
15:58:59 [npdoty]
Internet connection info is on the whitescreen, although if you're reading this....
15:59:05 [tedleung]
tedleung has joined #dnt
15:59:13 [Joanne]
Joanne has joined #DNT
15:59:29 [ifette]
ifette has joined #dnt
15:59:35 [efelten]
efelten has joined #dnt
15:59:36 [johnsimpson]
johnsimpson has joined #dnt
16:00:23 [bryan]
bryan has joined #dnt
16:00:33 [npdoty]
<sings Happy Birthday>
16:00:49 [npdoty]
scribenick: npdoty
16:01:02 [bryan]
present+ Bryan_Sullivan
16:01:19 [npdoty]
schunter: welcome back, thanks for coming back
16:01:23 [hwest]
hwest has joined #dnt
16:01:23 [npdoty]
... happy with the progress so far
16:01:30 [vinay]
vinay has joined #dnt
16:01:43 [npdoty]
... identified two major proposals and a lot of areas of agreement
16:01:47 [npdoty]
... and a very lively discussion on the mailing list
16:02:01 [npdoty]
... in working order and we are working cooperatively on finding solutions to our challenges
16:02:11 [npdoty]
... appreciate the time you put into this group and the constructive feedback
16:02:17 [npdoty]
16:02:29 [npdoty]
... still have some work to do
16:03:15 [tlr]
tlr has joined #dnt
16:03:25 [ifette_]
ifette_ has joined #dnt
16:03:38 [adrianba]
adrianba has joined #dnt
16:03:44 [Chris_IAB]
Chris_IAB has joined #dnt
16:03:49 [justin]
justin has joined #dnt
16:03:53 [npdoty]
... don't need to debate the wordsmithing, but figure out what pieces we can or can't live with
16:03:56 [tlr]
zakim, who is on the phone?
16:03:56 [Zakim]
sorry, tlr, I don't know what conference this is
16:04:06 [tlr]
zakim, this will be TRACK
16:04:06 [Zakim]
ok, tlr, I see T&S_Track(dnt)12:00PM already started
16:04:11 [npdoty]
... not to aim for perfect solution, but what are the key points that I cannot live with and focusing on getting agreement with these points
16:04:13 [tlr]
zakim, who is on the phone?
16:04:13 [Zakim]
On the phone I see +1.813.366.aaaa
16:04:29 [hefferjr]
i can't hear anything, but 813.366 is hefferjr
16:04:29 [tlr]
is the caller on IRC?
16:04:39 [tlr]
zakim, aaaa is hefferjr
16:04:39 [Zakim]
+hefferjr; got it
16:04:50 [npdoty]
schunter: feel free to make little groups over coffee to work out issues, which can be even more efficient
16:04:52 [Zakim]
16:05:04 [dsinger]
zakim, [apple] has dsinger
16:05:04 [Zakim]
+dsinger; got it
16:05:11 [npdoty]
... agenda review and looking for scribes
16:05:24 [npdoty]
... 1. Welcome and Goals
16:05:29 [Zakim]
16:06:04 [npdoty]
... finding solutions
16:06:11 [npdoty]
tl: introduce yourselves and note the observers
16:06:41 [npdoty]
schunter: +1, go through introductions around the room after this session
16:06:42 [Zakim]
16:06:52 [jmayer]
jmayer has joined #dnt
16:07:05 [dwainberg]
dwainberg has joined #dnt
16:07:08 [npdoty]
hefferjr, I think we don't have Zakim hooked up to the room yet, will follow up
16:07:31 [hefferjr]
16:07:36 [hefferjr]
i just heard "hello"
16:07:58 [npdoty]
dsinger, hefferjr, I'm not sure we have Zakim hooked up to the room yet, please stand by
16:09:23 [Chris_IAB]
I would scribe, but I am only an "observer"
16:10:00 [james]
james has joined #dnt
16:10:29 [asoltani]
16:10:34 [cspiezle]
cspiezle has joined #dnt
16:10:51 [tl]
Chris_IAB: That's the best place to scribe from!
16:11:13 [meme]
meme has joined #dnt
16:11:14 [npdoty]
scribe volunteers: dwainberg, justin, rigo, Ian, AmyC, jason
16:11:34 [Chris_IAB]
yeah, I'm not in accord with that...
16:11:47 [Chris_IAB]
if I'm only an observer, I'd like to observe :)
16:11:54 [dwainberg]
is there a cheat sheet on the web with the scribing syntax
16:11:55 [dwainberg]
16:12:09 [suegl]
suegl has joined #dnt
16:12:16 [tl]
Chris_IAB, Scribing is a great opportunity to follow the conversation very closely!
16:12:18 [egrant]
egrant has joined #dnt
16:12:19 [jchester2]
jchester2 has joined #dnt
16:12:25 [dwainberg]
16:12:26 [npdoty]
Ionel, please q up here in IRC so that we know to unmute the phone
16:12:28 [sidstamm]
sidstamm has joined #dnt
16:12:39 [dwainberg]
Jon Mayer ...
16:12:44 [dwainberg]
... Justin Brookman,
16:12:49 [dwainberg]
... Vinay G
16:12:55 [dwainberg]
Brooks Dobbs....
16:13:00 [dwainberg]
(sorry, I'm missing some)
16:13:02 [robsherman]
…Rob Sherman
16:13:03 [dwainberg]
Mike Zaneis
16:13:11 [dwainberg]
Thomas R
16:13:14 [dwainberg]
16:13:22 [npdoty]
scribenick: dwainberg
16:13:23 [Chris_IAB]
sorry, who is "tl"?
16:13:39 [Chris_IAB]
you have a non-transparent IRC name
16:13:49 [sidstamm]
Chris_IAB, tl is tom lowenthal
16:14:35 [npdoty]
scribing notes:
16:14:44 [npdoty]
and docs on Zakim:
16:14:57 [dwainberg]
16:14:57 [npdoty]
<applause for our hosts>
16:15:10 [amyc]
amyc has joined #dnt
16:16:08 [npdoty]
I'll share the full attendee list since we won't get everyone's details in this go-round
16:16:16 [Chris_IAB]
thanks, have used IRC since the 1980's in college... funded largely by advertising revenue, UI's for IM were improved, and I moved on ;)
16:16:31 [vincent]
vincent has joined #dnt
16:16:40 [Chris_IAB]
but I get that this is free, so I'm getting the rust out!
16:16:40 [npdoty]
scribenick: dwainberg
16:17:01 [tl]
Chris_IAB: All the IM networks look pretty much the same to me, I use Pidgin...
16:17:01 [dwainberg]
aleecia: thanking companies that provided support
16:17:21 [rigo]
rigo has joined #dnt
16:17:29 [npdoty]
huge thanks to Microsoft for hosting, and to Yahoo, Facebook and Google for financial support
16:17:32 [dwainberg]
... [reviewing the agenda]
16:17:49 [alex]
alex has joined #dnt
16:17:52 [dwainberg]
... Mission of the TPWG is to improve user privacy .... (from the charter)
16:18:02 [dwainberg]
... we need something that works for users and that can be adopted by biz
16:18:21 [keerat]
keerat has joined #dnt
16:18:36 [dwainberg]
... [reviewing dates]
16:18:41 [dwainberg]
.... dates are aspirational
16:19:03 [dwainberg]
... we were looking for a last call doc in June, we'll see if it happens, even if we don't, we need to publish something out of this meeting
16:19:25 [dwainberg]
... WG issue freeze
16:19:31 [hefferjr]
16:19:47 [BrianH]
BrianH has joined #dnt
16:20:03 [Marc]
Marc has joined #dnt
16:20:13 [dwainberg]
... aleecia filled in dates assuming last call, and padded it out
16:20:40 [dwainberg]
... Getting to closed
16:21:03 [WileyS]
WileyS has joined #DNT
16:21:05 [dwainberg]
... we start with an open issue, use texts to have discussions, and get to consensus text, then closed issue
16:21:09 [JC]
JC has joined #DNT
16:21:17 [dwainberg]
... issues can be reopened based on new information
16:21:27 [dwainberg]
... w/out new info or new text the issue will remain closed
16:21:39 [dwainberg]
... we can have formal objectsion
16:21:55 [npd_test]
npd_test has joined #dnt
16:22:04 [dwainberg]
... if we have multiple texts, consensus is on the least objectionable proposal
16:22:28 [dwainberg]
... chairs will identify consensus for the least objectionable path
16:22:29 [Zakim]
16:22:43 [dwainberg]
... it is about substance, not about volume, "me too's", etc.
16:22:48 [npdoty]
16:23:27 [dwainberg]
... WileyS: there is not agreement on this process, can we set that aside as a separate issue
16:23:47 [dwainberg]
rigo: this _is_ w3c's about sustained opposition
16:23:48 [hwest]
hwest has joined #dnt
16:23:53 [npdoty]
If you're curious about w3c process:
16:24:41 [dwainberg]
tlr: [reading from the process doc] "where unanimity is not possible, ... in establishing consensus, the WG must address legit concerns of members.... it is desirable that a large majority accept...
16:24:53 [npdoty]
16:24:58 [fwagner]
fwagner has joined #dnt
16:25:05 [dwainberg]
... ignore the above (old process doc vesion)
16:25:10 [npdoty]
<ignore earlier tlr, reading out of date version>
16:25:12 [randomwalker]
randomwalker has joined #dnt
16:25:52 [Zakim]
16:25:53 [Zakim]
T&S_Track(dnt)12:00PM has ended
16:25:53 [Zakim]
Attendees were +1.813.366.aaaa, hefferjr, dsinger
16:26:01 [dwainberg]
... current version: "in some cases a group may be unable to reach consensus.... dissenters cannot stop the groups work....if chair believes group has considered dissenters views they can move on
16:26:19 [dwainberg]
... consensus ... [reading from the process doc]
16:26:36 [dwainberg]
... it is a general practice to look for the least objectionable
16:26:50 [hefferjr]
Zakim, aaaa is hefferjr
16:26:50 [Zakim]
sorry, hefferjr, I do not recognize a party named 'aaaa'
16:27:13 [dwainberg]
ian: can we highlight the process for moving a document to last call?
16:27:14 [BerinSzoka]
BerinSzoka has joined #dnt
16:27:24 [dwainberg]
tlr: upon consensus of the WG
16:27:40 [dwainberg]
aleecia: typically we do not have a vote, but last call could be a time for a vote
16:27:42 [BerinSzoka]
Here's the W3C process document that was just read from:
16:27:45 [tlr]
16:27:58 [BerinSzoka]
note the section on Consensus in particular
16:28:02 [tlr]
an additional piece that I didn't read to you: Groups should favor proposals that create the weakest objections. This is preferred over proposals that are supported by a large majority but that cause strong objections from a few people. As part of making a decision where there is dissent, the Chair is expected to be aware of which participants work for the same (or related) Member organizations and weigh their input accordingly.
16:28:08 [tlr]
16:28:17 [dwainberg]
aleecia: formal objections happen at decision points. FO authors must cite technical basis.
16:28:36 [dwainberg]
... group can resolve right there, or there is a w3 process, which can go up to Berners-Lee
16:28:54 [dwainberg]
... if one thing is reversed, there can be an entire dependency chain
16:29:03 [dwainberg]
... not unusual to have multiple formal objections
16:29:08 [dwainberg]
... questions?
16:29:17 [dwainberg]
... (none)
16:29:21 [dwainberg]
... What's new?
16:29:31 [dwainberg]
... issues about IP
16:29:54 [npdoty]
Rigo Wenning, W3C's Legal Counsel
16:29:58 [dwainberg]
rigo: is w3c's legal counsel. There were messages on the list about alleged IP issues.
16:30:16 [dwainberg]
... discussion of the issue on the mailing list has stopped
16:30:30 [dwainberg]
... w3c can create patent advisory group
16:31:11 [dwainberg]
... w/ committment to royalty free, the issue is resolved, but if can't resolve quickly, will create advisory group
16:31:24 [npdoty]
if we can resolve just by getting a W3C royalty-free licensing commitment, then we don't need to go forward
16:31:34 [dwainberg]
... formal procedure, with fixed membership, members only, no experts, no observers
16:31:47 [dwainberg]
... w/ discretion of chair invited experts can be invited to the group
16:31:59 [dwainberg]
... private meetings, but the result will be public, with suggestions to the wG
16:32:05 [npdoty]
deliberation in Member-space only, with a report to the public
16:32:31 [dwainberg]
... w3c patent policy says clearly that a standard cannot be covered by IP
16:32:40 [dwainberg]
... there will not be a spec that is encumbered with IP
16:33:04 [dwainberg]
... important not to give in to panic; we will resolve this.
16:33:27 [npdoty]
for questions, grab Rigo in a coffee break
16:33:39 [dwainberg]
aleecia: on the mailing list; currently it is world readable/writable
16:33:59 [dwainberg]
... and we're seeing problems
16:34:37 [dwainberg]
... the chairs will bar contributors who are contributing IP w/out an agreement, or who are disrupting the group
16:34:59 [dwainberg]
... problem of people contributing IP over which they have a patent
16:35:17 [dwainberg]
... we need to be careful to keep those things out
16:35:29 [vinay_]
vinay_ has joined #dnt
16:36:24 [dwainberg]
... questions?
16:36:49 [dwainberg]
justin: how does it work; anyone can join, are they required to give up their IP before they can join?
16:36:54 [jchester2]
jchester2 has joined #dnt
16:36:55 [npdoty]
16:37:34 [dwainberg]
rigo: w3c has a complex framework. Members follow w3 policy. Invited experts sign a form on an individual basis. Observers haven't signed anything, so we have to be careful.
16:37:45 [dwainberg]
... this is the chair's task to be careful about this.
16:38:04 [npdoty]
patent policy details:
16:38:33 [npdoty]
q+ tlr
16:38:36 [npdoty]
q+ WileyS
16:38:39 [dwainberg]
aleecia: this will be posted w/in the next week.
16:38:43 [npdoty]
ack tlr
16:39:02 [dwainberg]
tlr: one clarification; we have an obligation to respond to comments from the public after last call.
16:39:25 [adrianba]
16:39:36 [dwainberg]
... WRT current members, we're having issues. People are complaining about tone.
16:39:51 [npdoty]
people not reading the list because it makes them ill to read it
16:40:04 [dwainberg]
... Social competence is a key component for WG membership.
16:40:13 [dwainberg]
... We're getting to the point of having problems.
16:40:31 [dwainberg]
... Please self-moderate.
16:40:47 [npdoty]
q+ hwest
16:40:48 [dwainberg]
... Last piece; we also need a way to take public comments.
16:41:12 [dwainberg]
... Will set up a public comment list, and we will need to respond to those public comments.
16:41:18 [npdoty]
ack WileyS
16:41:30 [dwainberg]
WileyS: Is there a private list as well? What is it?
16:41:59 [dwainberg]
... Does that exist? Can someone explain its composition.
16:42:05 [hwest]
16:42:35 [dwainberg]
tl: we do have a private list. By charter it is only allowed for organization, logistics, etc. But no substantive WG content.
16:42:44 [npdoty]
16:42:58 [adrianba]
Member list archive ->
16:43:07 [dwainberg]
tlr: archive for the private list shows 7 messages from Nov 2011
16:43:29 [dwainberg]
aleecia: we have new people involved.
16:43:31 [npdoty]
(and I don't believe that the Member mailing list archive is currently visible to our Invited Experts)
16:43:43 [dwainberg]
... we're seeing exec level decision making descend on the group
16:44:18 [dwainberg]
... we're suddenly working at executive speed, and it's bogging down the process
16:44:49 [npdoty]
rrsagent, pointer?
16:44:49 [RRSAgent]
16:45:03 [dwainberg]
... Also external pressures. Press.
16:45:20 [Marc]
16:45:35 [dwainberg]
... Increased Congressional interest in the US.
16:45:51 [dwainberg]
... UK "implied consent" for cookies
16:45:56 [dwainberg]
... NL prior consent
16:46:08 [dwainberg]
... Art 29 calling out DNT as inadequate
16:47:03 [dwainberg]
... may have to send out last call for comments twice
16:47:57 [npdoty]
"we're doing something unusual and special"
16:48:28 [dwainberg]
... thanks to all for doing this work. It is important. It is important to a lot of people. The stakes are high.
16:49:47 [dwainberg]
... [talking about dinner plans]
16:50:35 [npdoty]
ack Marc
16:51:04 [tlr]
"new information"
16:51:13 [dwainberg]
marc: Process question. A decision about one section could hinge on another section that we've not discussed. How do we loop back?
16:51:27 [dwainberg]
... Troubled or concerned about how that plays out in a rational way.
16:52:03 [dwainberg]
aleecia: Mostly applies to the compliance doc. For things that have dependencies, we have put those issues together. It is much easier to do it issue by issue.
16:52:18 [dwainberg]
... for things that are interlocked, we'll just have to do them together.
16:52:28 [dwainberg]
... if you have specific things in mind, call them out.
16:53:06 [dwainberg]
... Does that answer your question?
16:53:07 [alex]
alex has joined #dnt
16:53:12 [dwainberg]
marc: I think so.
16:53:23 [dwainberg]
npdoty: This may also be "new information"
16:53:37 [npdoty]
16:53:43 [dwainberg]
aleecia: I've tended to be much more willing to go back to issues. This starts to change as we get closer to closed.
16:54:32 [dwainberg]
... Next we have editors. David is not here, so Roy will do a quick summary on TPE.
16:54:43 [npdoty]
Topic: Presentations of the Working Drafts
16:55:14 [dwainberg]
Roy F is presenting
16:56:35 [npdoty]
editors' draft of TPE:
16:56:53 [npdoty]
and compliance:
16:57:23 [dwainberg]
Heather and Justin presenting on Compliance Doc
16:57:32 [dwainberg]
hwest: not many changes made since Wash
16:57:47 [dwainberg]
justin: lots of options in the doc
16:57:54 [tl]
s/Wash/Washington DC
16:58:00 [dwainberg]
hwest: options, notes, issues are color coded in the doc
16:58:13 [dwainberg]
... things not called out are close to consensus
16:58:24 [dwainberg]
justin: major issues.
16:58:44 [dwainberg]
... 1. definition of parties and consumer expectations
16:58:45 [Chris_IAB]
Nick Doty, please note that Shane Wiley of Yahoo! just sent a formal request to add the IAB as "invited experts" to this TP Working Group; Could you please reply today? Thanks :)
16:59:07 [dwainberg]
... advocates have largely conceded on this
16:59:36 [dwainberg]
hwest: next piece is permitted uses; what can that party do for operational purposes. We've been treating those together.
16:59:50 [dwainberg]
justin: parties and unique identifier are biggest issues
17:00:36 [dwainberg]
... advocates argue there should be no unique identifier; industry argues there should be a number of permitted uses allowed using unique ID's
17:00:48 [dwainberg]
hwest: the draft at this time does not reflect recent discussions.
17:01:18 [dwainberg]
justin: not much concern anymore about 1st vs 3rd definitions
17:01:32 [dwainberg]
... some discussion of need for definition of "tracking" and "collection"
17:01:57 [dwainberg]
... Section 5 on user granted exceptions. There's some discussion on what is needed for consent.
17:02:01 [npdoty]
I'm happy to help with editing if we want to do things in real time or each evening /cc: hwest, justin
17:02:37 [dwainberg]
hwest: that sums up the big issues
17:03:00 [dwainberg]
justin: take-away -- don't look at the compliance doc right now (laughter)
17:03:47 [dwainberg]
(roy presenting on TPE)
17:03:50 [npdoty]
I haven't added that functionality (toggling non-normative text) to the live editor's draft yet, but it's ready to go
17:03:55 [aleecia]
aleecia has joined #dnt
17:03:58 [dwainberg]
roy: Defines what goes over the wire.
17:04:02 [npdoty]
17:05:02 [dwainberg]
... Status is; we have made changes since the draft in DC. Major areas of change are the tracking response proposal. We've merged Roy's and Tom's proposals into one version, but not sure if they're happy with it.
17:06:02 [dwainberg]
schunter: The point of this section of the specification is to specify how a server replies to a UA. I perceive agreement on parts, but we'll discuss later.
17:06:44 [dwainberg]
roy: (displaying diffs on the overhead)
17:06:51 [npdoty]
fielding: I think we addressed those Community Group comments, though I'm not quite sure
17:06:54 [Chris_IAB]
Sorry Nick, not trying to make your day any harder :)
17:07:02 [dwainberg]
... change; site-specific >> user-granted exceptions
17:08:03 [dwainberg]
schunter: (describing options for user-granted exceptions)
17:08:04 [npdoty]
fielding, johnsimpson, jchester2 -- we should confirm whether we've addressed the CG comments, and if we need to document that, we can do so
17:09:17 [npdoty]
haven't formally reviewed
17:09:17 [dwainberg]
fielding: (continuing to describe diffs)
17:09:31 [npdoty]
(fielding's changes on defaults and requirements for setting a preference)
17:09:40 [dwainberg]
... added issues 111. There are some new issues since the last working draft. We'll cover later.
17:10:17 [dwainberg]
... other major change is the response section, where it was two proposals, resource and header field, now it uses both, depending on context.
17:11:53 [dwainberg]
schunter: context. If you want to tell a party it's ok to track. There's user-granted in the spec, and out-of-band, where site continues to get DNT:1, but site can respond it's not honoring because it has out-of-band consent.
17:12:44 [npdoty]
section to review (per fielding):
17:13:17 [dwainberg]
fielding: Tk header field is the combination of proposals. Confirm that what you want in there is in there.
17:13:47 [dwainberg]
schunter: Roy did a great job merging proposals. But the combination is not 100% perfect. What should go into the UI? What should go into the headers?
17:14:02 [aleecia]
Checkin notes dlist is here:
17:14:10 [aleecia]
I'll send that to the dlist
17:14:23 [dwainberg]
... Roy listed attributes you might want to communicate; we have to decide which are needed. But we hope not to need all.
17:15:11 [dwainberg]
fielding: last topic; user-granted exceptions. dsinger has been working on it.
17:15:31 [dsinger]
added the exact model of what happens
17:15:40 [dsinger]
added the cancel calls
17:15:42 [dwainberg]
npdoty: Major changes are adding a method for web-wide exceptions, starting w/ Shane's text, and API for removing exceptions.
17:15:49 [dsinger]
added the web-wide exception
17:15:57 [dwainberg]
... We want feedback from other browser makers.
17:16:01 [dsinger]
added notes and issues
17:17:18 [dwainberg]
aleecia: What happens if we're not able to come to agreement?
17:17:26 [npdoty]
Topic: What does the landscape look like?
17:17:59 [justin]
npdoty, can dwainburg go for 10 minutes longer and then I will take over?
17:18:01 [dwainberg]
... What does 6 months, 12 months... look like if we do not have DNT?
17:18:13 [dwainberg]
@justin: yes
17:18:14 [justin]
17:18:21 [npdoty]
17:18:25 [johnsimpson]
@nick They were addressed orally in DC. I think those slides were supposed to be sent to us. I don't think they were.
17:19:29 [dwainberg]
jchester2: I'm sure we all feel a responsibility for global users of the internet. ... Without a standard, we will see an escalation of the demands of privacy groups across the world for regulation and greater protections.
17:19:39 [rigo]
17:19:41 [fielding]
fielding has joined #dnt
17:20:04 [dwainberg]
kimon: (responding) EU regs are about storage on the client, but DNT is not really about storage.
17:20:16 [rigo]
17:20:23 [dwainberg]
... but haven't been able to get much out of politicians as far as what they actually want to get out of it.
17:20:32 [npdoty]
kimon: EU already has a strong legal framework
17:20:49 [dwainberg]
... would like to make it interoperational with existing OBA framework.
17:20:50 [WileyS]
17:20:58 [npdoty]
ack rigo
17:21:01 [BerinSzoka]
17:21:07 [ifette]
17:21:16 [hober]
17:21:32 [dwainberg]
rigo: Had talks with a company in Japan. They are watching the outcome of US and EU.
17:21:33 [npdoty]
q+ rvaneijk
17:21:37 [npdoty]
ack WileyS
17:21:58 [dwainberg]
WileyS: If this group is unsuccessful, a DNT standard will still emerge. It does not need to be one from a w3c standard.
17:22:06 [npdoty]
ack BerinSzoka
17:22:44 [dwainberg]
BerinSzoka: Has been involved in the space for over 4 years. Lots of trade offs. Worry about this process breaking, and leading to a regulatory solution that's less able to deal with tradeoffs.
17:22:45 [npdoty]
WileyS, you were also making a point that it might not be universal, but it would still be satisfactory?
17:23:19 [tl]
q+ to point out that users will get what they want, one way or another.
17:23:34 [dwainberg]
... Examples: A DAA standard outside of this process would be politically difficult. Congressional hearing, it was made clear they wouldn't support a DNT standard that does not comply with headers.
17:24:05 [npdoty]
BerinSzoka: re: James Grimmelman testimony
17:24:18 [dwainberg]
... Also, FTC could be tasked with writing the standard.
17:24:20 [justin]
dwainberg, happy to take over once Berin is done . . .
17:24:51 [npdoty]
BerinSzoka: a standard from outside this process (from DAA) would likely be unsatisfactory to that audience
17:25:04 [fielding]
17:25:08 [dwainberg]
... Markey and Barton have been co-chairs of privacy caucus. Their letter made clear they reject a standard that does not allow DNT to be set by default. They also reject a number of other fundamental assumptions of this group.
17:25:17 [cspiezle]
17:25:38 [dwainberg]
... Very likely that if this group does not produce a workable standard, we'll see something crafted by regulators, who have little understanding of the issu.
17:25:47 [Chris_IAB]
"Barkey"... good one :)
17:26:06 [dwainberg]
... in fact this will be resolved by people on the hill.
17:26:15 [npdoty]
ack ifette
17:26:15 [dwainberg]
@justin all yours. thanks!
17:26:15 [jmayer]
17:26:20 [npdoty]
scribenick: justin
17:26:24 [tl]
17:26:27 [tl]
17:26:29 [MikeZ]
MikeZ has joined #dnt
17:26:54 [justin]
ifette: Google hopes this doesn't fail. But we started with a self-regulatory regime (DAA) that has been implemented by most third-parties, so there's a willingness to do something here.
17:27:26 [justin]
... Some we came into this process because we realized that DAA process was sub-optimal (have to go to website, cookie-based so not persistent).
17:27:29 [npdoty]
a vast majority of the third parties that I believe we're trying to target covered by DAA program -- is that right? I thought we had agreed that these issues applied well beyond behavioral advertising
17:28:02 [justin]
... But over time it's become clear that group believes that DAA not enough. And WileyS's proposal does make real concessions.
17:28:06 [Brooks]
Brooks has joined #dnt
17:28:25 [npdoty]
ifette: there are meaningful concessions, this is beyond the DAA program, not just putting DAA opt-out into the browser
17:28:50 [justin]
... Obviously, some are pushing for a prior consent before tracking, especially in Europe. I am worried about the *pandering* being done around this issue. I don't believe that the world will move to opt-in model if this group fails.
17:29:11 [justin]
... Europe's opt-in model hasn't worked. And to be fair, the DAA model hasn't worked either.
17:29:26 [rigo]
+1 to Ian
17:29:46 [Ionel]
Ionel has joined #dnt
17:29:48 [justin]
aleecia: queue is closed --- be focused!
17:30:04 [justin]
hober: If this working group fails, we'll need to look to other solutions to protect users' privacy
17:30:13 [justin]
aleecia: what does that mean?
17:30:22 [justin]
hober: It will depend. <cryptic!>
17:30:29 [justin]
aleecia: Give me some options
17:30:45 [justin]
erikn: I'll take a shot at that
17:31:05 [justin]
... We're not trying to be dodgy --- we want this to work.
17:31:12 [rnb]
rnb has joined #dnt
17:31:17 [justin]
... But we are in agreement internally that we need to do something to protect user privacy.
17:31:26 [justin]
aleecia: from a browser perspective?
17:31:42 [justin]
erikn: yes, that captures it. But we really want DNT to succeed and to be the answer.
17:31:46 [rigo]
17:31:54 [npdoty]
ack hober
17:31:54 [tlr]
ack hober
17:31:55 [tlr]
ack rvaneijk
17:31:56 [npdoty]
ack rvaneijk
17:32:20 [justin]
rvaneijk: Without DNT, there will be enforcement actions in Europe. A lot of people have put hopes on meaningful do not track.
17:32:48 [justin]
... We need to make process the next three days. There are two ends of the spectrum: do-not-collect vs do-not-target. We need to find the middle.
17:33:12 [justin]
... The statements of the Congressmen and the Chairman on the FTC (?) all push more for the do not collect approach.
17:33:16 [npdoty]
ack fielding
17:33:59 [justin]
fielding: My hope is that DNT does (?) work out. But don't push for DNT on by default.
17:34:04 [wheeler]
wheeler has joined #dnt
17:34:22 [justin]
... As a protocol editor, I don't want to go through the process of grappling with a DNT by default universe (?)
17:34:24 [efelten]
FTC and the Chairman have said that DNT should be Do Not Collect, with narrow exceptions.
17:34:42 [sidstamm]
+1 to advocating for "don't track users without consent" but not enabling DNT:1 by default
17:34:57 [tlr]
Roy: If you want DNT to be on by default, ask for that to be the default with *no* signal. Don't mess up the protocol.
17:34:57 [justin]
... DNT should express user preference which can't happen by default. There will be regulation on this if this doesn't work, but it will be focused on the default issue (?)
17:35:07 [npdoty]
fielding: for advocates, please don't go out there and ask people to turn on DNT by default, instead ask for regulation that DNT be the regulatory default because it won't need changes to the protocol, or any changes to HTTP protocol, the IETF process
17:35:29 [justin]
spiezle: We need to focus on the consumer perspective. Lacking trust is hurting our business models.
17:35:36 [npdoty]
fielding: I expect that regulation would be about tracking of HTTP requests in general, not tied to the default/DNT setting only
17:35:40 [tl]
+1 to appropriate privacy protections should be the default, but DNT should always be the user's voice.
17:35:52 [rigo]
+1 to that
17:35:58 [justin]
... We're going to see legal approaches to protect users if this doesn't work out.
17:36:03 [justin]
aleecia: Elaborate.
17:36:05 [BerinSzoka]
I've never seen any substantiation of this this consumer trust meltdown scenario that's so often bandied about as a supposedly compelling need for regulation
17:36:32 [rigo]
17:36:32 [justin]
spiezle: You'll see increased allegations of contract suits, class action suits for privacy violations. Even if they don't work out, bad PR issues.
17:36:41 [rigo]
ac cspiezle
17:36:46 [npdoty]
"even if meritless, will consume a lot of cycles"
17:36:51 [npdoty]
ack cspiezle
17:36:54 [npdoty]
ack jmayer
17:37:01 [justin]
jmayer: Want to echo the Apple answer: best answer is getting a standard.
17:37:51 [justin]
... But if this doesn't work out, the research community will be move active. They will engage much more with regulators (who right now lack expertise). Increasingly, regulaotrs have built better relationships with advocacy and research community.
17:38:17 [justin]
... Regulators will consult with research community on potential regs. Also, research will push more for ad block solutions if this fails.
17:38:33 [justin]
... And I don't want that outcome. It would be awful.
17:38:43 [justin]
WileyS: That happens today even in parallel to DNT.
17:38:53 [justin]
jmayer: It will be worse if DNT fails.
17:39:01 [BerinSzoka]
Bully for Shane for pointing out the obvious: Jonathan's threat to build the ultimate ad blocker, etc will happen regardless
17:39:24 [vincent]
WileyS, AdBlock will stop to block ads complying with dnt
17:39:33 [justin]
tl: Hope DNT works, but pro-privacy users will find a solution. DNT should not be a default, but we can make other privacy choices as a browser that don't need to be off by default.
17:39:59 [npdoty]
can we get some commitments or evidence on this point: that advocates won't need to build or advocate for countermeasures if we come up with DNT?
17:40:02 [justin]
aleecia: I'm going to put some on the spot --- what happens to your org if DNT fails. Picking on Adobe first.
17:40:46 [justin]
meme: From an engineering perspective, maybe fielding can say better. But I agre with WileyS, companies will compete on privacy. Don't think that's necessarily the best approach, because you lose the value of standardization.
17:40:51 [tl]
npdoty, If we have a strong DNT standard, we don't need to.
17:41:10 [jmayer]
The research and advocacy communities haven't begun work on technical countermeasures in earnest. I expect the pace of development would accelerate exponentially if DNT fails. Again, that would be a very bad outcome for all stakeholders.
17:41:21 [justin]
... DNT is good because users can reasonably expect the same thing. Adobe is looking at competing on privacy, tho, but it takes time. And we will listen to consumers to see what they are asking for.
17:41:39 [justin]
aleecia: who else can comment with a strong int'l presence?
17:42:08 [johnsimpson]
17:42:24 [tl]
ack tl
17:42:28 [justin]
hwest: Globally, we think a strong DNT standard that's not fragmented is incredibly value. If we don't have a standard, we'll keep working on privacy (as everyone else will say), but we'd like the reliability of one std where everyone knows what to expect (users and companies)
17:43:12 [npdoty]
q+ fielding
17:43:13 [justin]
aleecia: I am expecting someone to say (which I'm not hearing) is that without a standard, companies need to go country to country.
17:43:14 [wheeler]
wheeler has joined #dnt
17:43:15 [jeffwilson]
jeffwilson has joined #dnt
17:43:15 [npdoty]
q+ ifette
17:43:20 [tl]
Sounds like all of the browsers are saying the same thing: DNT is the best outcome, but if DNT isn't a viable option, plan B is technical privacy protections, and we'd rather not have to do that.
17:43:25 [npdoty]
ack fielding
17:44:04 [justin]
fielding: you made an assumption that having a DNT standard will release that pressure. I haven't seen DNT as a fix to cookie law --- when I talk with DPAs in Europe, it's all about YOU NEED TO OBEY THE LAW REGARDLESS OF WHAT THE STD SAYS
17:44:15 [npdoty]
q+ kimon
17:44:21 [justin]
... which is reasonable. But if DNT doesn't reach those laws, we need to deal with them anyway.
17:44:27 [npdoty]
ack ifette
17:44:41 [dsinger]
the other nightmare is that if we do this at the W3C, we can publish, listen, learn, discuss, revise, and be global; regulation is not like that, it tends to be publish and walk away.
17:44:56 [justin]
ifette: But the question is do we need to try to accord DNT to accomodate every law around the world? I don't think that's a good idea, and would be impossible. I want something that protects privacy (reasonably) and is deployable.
17:45:23 [justin]
... We'll need to country by country anyway. I take that as a given so we don't need to bog the spec down with every possible legal requirement around the world.
17:45:52 [npdoty]
ifette: if there are things we can address cheaply, great; if there are things that are common, great
17:46:12 [BerinSzoka]
17:46:17 [BerinSzoka]
(briefly, I swear)
17:46:22 [justin]
WileyS: Another outcome the press has brought up. The escalating war between publishers and browsers. We'll get to a world of apps. You access content pre-packaged in browsers. Each of those "browsers" control their own interaction with their users.
17:46:31 [justin]
... I hope we don't get to that.
17:46:47 [dsinger]
17:46:53 [Marc]
17:47:03 [npdoty]
+1 to WileyS, I think this is an important point on the dangers of back-and-forth escalation
17:47:43 [justin]
rigo: Quick report from last week's OBA roundtable in Brussels. I positioned DNT as a tool to help you with regulatory compliance. There aren't 27 Robs around the table or 50 Ed Feltens (for the 50 states). A DNT tool can make compliance a lot easier, and the regulators want that too, and is a good outcome.
17:47:44 [Wheeler33]
Wheeler33 has joined #dnt
17:47:53 [BerinSzoka]
Shane is exactly right: turning on DNT by default could fundamentally change digital media landscape. everyone hear should read and think carefully about "Opt-In Dystopias" by Betsy masiello & Nick Lundblad
17:47:59 [justin]
... We should adapt the protocol to address some regulatory concenrs.
17:48:16 [dwainberg]
17:48:27 [npdoty]
ack kimon
17:48:35 [justin]
kimon: Regulators in Brussels stated very clearly that DNT can't fix law, but you should come up with a good technical standard, and we'll take it from there.
17:48:42 [BerinSzoka]
but to add to Shane's point, that world may not only be bad in economic terms for the diversity of richness of media, but also for (a) competition and (b) privacy
17:49:13 [justin]
... Not very helpful to focus on the legal side. This should really be about users --- what will they expect and use. If we offer a simple solution, users will take it and it will work. We need to address user concerns.
17:49:32 [justin]
... signal from Brussels really is DON'T TRY TO CREATE A LEGAL INSTRUMENT.
17:50:24 [npdoty]
ack BerinSzoka
17:50:28 [justin]
BerinSzoka: Briefly, we're talking about a fundamental change in the ecosystem. You should reach Opt-in Dystopias to consider the bad results from this world. This will be bad from competition and also for privacy.
17:50:35 [susanisrael]
susanisrael has joined #dnt
17:50:58 [hwest]
If folks haven't seen the Opt-In Dystopias paper Berin is referencing, it's here:
17:51:02 [justin]
... In this world, users will have to be opting in to a LOT MORE collection of information. Is that really what privacy advocates want? (Also, less information will be available to users).
17:51:50 [npdoty]
q+ jchester2
17:51:51 [justin]
Marc: Without DNT, much of what we have that works will still be there. There was an AdAge article this weekend that says: "When 3P data goes away, power shifts to those with 1P data." I love my big members with 1P data, but real concerns on pure 3Ps who are at the table and do great things for the ecosystem.
17:51:54 [npdoty]
ack Marc
17:52:02 [tlr]
ack jchester2
17:52:06 [PG]
PG has joined #dnt
17:52:06 [jmayer]
I'd like to hear from OPA and publishers, if they're in the room.
17:52:36 [npdoty]
17:52:40 [justin]
jchester2: The ecosystem has already been changed by real time bidding. We have a huge data collection ecosystem that needs to be addressed. And DNT will help address that. And advocates have made huge concesssions. We need to get privacy off the table for users.
17:53:16 [npdoty]
+1 to Marc on the concern for shifting power by company size or by 1st/3rd, we should be cognizant of this
17:53:29 [justin]
aleecia: So let's stop repeating points. We've talked about walled gardens and paywalls. We've talked about lawsuits and trust issues. We've talked about arms races with cookie blocking. And we've talked about the problems for a lack of standardizatiton.
17:54:12 [justin]
... We've also talked about increased tracking in an opt-in world. And potential for increased regulation (possibly written by folks without good understanding of technology), And increased regulatory attention in Europe.
17:54:17 [Chris_IAB]
Ironically, Aleecia is repeating points ;)
17:54:58 [npdoty]
17:55:05 [justin]
... DNT can be a useful tool for compliance in Europe. And we've heard there will be more enforcement in Europe. Some browsers have said they'll do more if no DNT. And other outlets for DNT, possibly through DAA, FTC, or IETF.
17:55:21 [fwagner]
17:55:42 [justin]
ifette: Point of clarification. On your (just made) PPT, you say that DAA will be cookie-based only --- I think that DAA wants to go for a different mechanism if this fails.
17:55:44 [npdoty]
ack fwagner
17:56:01 [justin]
FrankWagner: If we have no DNT now, we'll have increased complexity for users.
17:56:13 [justin]
17:56:24 [justin]
aleecia: What would opt-in look like for your sites?
17:56:28 [dsinger]
I do think that the W3C publish-implement-learn-discuss-revise model is hugely better than slow-moving regulatory model (and, I hope better informed in the first place)
17:56:50 [jmayer]
17:57:05 [justin]
ifette: I asked on the mailing list for good examples of opt-in. I was told about the ICO and the FT. The ICO has no third parties, and the FT has "if you don't like cookies, close this window" and 50 are installed regardless.
17:57:16 [npdoty]
q+ Wheeler33
17:57:21 [justin]
aleecia: How do you deal with Euro std if cookies are set before choice? No one has really done this wekk yet.
17:57:40 [justin]
... Maybe DNT can offer some ease there, if regulators might be OK with that.
17:57:49 [npdoty]
ack Wheeler33
17:57:55 [npdoty]
q+ rvaneijk
17:58:13 [Simon]
Simon has joined #dnt
17:58:37 [justin]
Wheeler33: Two points. Publishers make a lot of revenue from third parties. The impact will be felt by 3Ps and the publishers.
17:59:02 [justin]
... (2) Impact on users. Not clear that users really understand difference between 1P and 3P cookies. Or understand how DNT differentiates.
17:59:10 [rigo]
17:59:30 [justin]
. . . There's a belief by users that DNT will make behavioral advertising will go away, and that's wrong. It will still be done, just through 1Ps.
17:59:47 [justin]
s/.../. . .
17:59:50 [rvaneijk]
18:00:01 [justin]
aleecia: You're making a different point. How will it be different if no DNT.
18:00:13 [justin]
Wheeler33: Without DNT, the money will flow better.
18:00:27 [justin]
aleecia: That's not clear for all the reasons we've just heard.
18:00:29 [npdoty]
q+ tl
18:00:33 [justin]
Wheeler33: That's my answer
18:00:39 [tl]
18:00:51 [justin]
... AND, not clear that if this really does work, users will be confused because they don't get 1P v 3P.
18:01:03 [BerinSzoka]
To Aleecia: I think there are actually three scenarios we need to be talking about here: (i) DNT premised on the default-off consensus of this group, (ii) DNT that is coerced to be default-on (what Wheeler is speaking to, and (iii) DNT fails--which likely leads to #2 by legislative or regulatory means
18:01:03 [Chris_IAB]
Why is the speaker not allowed to make his position without interruption by the Chair?
18:01:06 [BerinSzoka]
18:01:10 [justin]
aleecia: To be clear, we're talking about : "In a world . . . without Do Not Track"
18:01:14 [npdoty]
ack jmayer
18:01:54 [justin]
jmayer: has an interesting approach to cookie law. They drop cookies, but then delete immediately if you don't grant consent. Some regulators might be OK with that.
18:02:35 [dwainberg]
18:03:12 [justin]
... Want to address the economic issues. You're right that 1P and 3P is blurred. The economic impact --- not clear who will suffer. But we can be clear that 1Ps will *really* suffer with AdBlock because with technical solutions, all ads are blocked regardless of party status.
18:03:12 [sidstamm]
Chris_IAB, he was making a point relevant to what happens if DNT *does* exist, which is not the scenario we're discussing. The speaker was allowed to make his point relevant to the scenario after the intteruption
18:03:16 [npdoty]
ack BerinSzoka
18:04:16 [npdoty]
18:04:34 [justin]
BerinSzoka: I like Wheeler33's comments. Options are (1) DNT on when default is off, (2) this group breaks down, or (3) DNT on by default. I'm concerned about this last scenario when DNT-on is coerced by Hill or FTC which is different than contemplated by this group. This group needs to stay on track to keep DNT off by default.
18:04:36 [Chris_IAB]
sidstamm, it doesn't matter what his point was, it's that he get's to state it without interruption...
18:04:52 [justin]
aleecia: To be clear, the group isn't saying DNT off by default, it's DNT is *not set* by default.
18:04:58 [justin]
aleecia: (tiredly) anyone else on this?
18:05:10 [BerinSzoka]
I take Aleecia's point, but I don't see how it changes what I said
18:05:16 [jmayer]
A few asked for a pointer to my paper on third-party tracking (including some economic analysis). See
18:05:21 [Chris_IAB]
let's not get into a semantics war here
18:05:33 [justin]
rigo: We are all working on the assumption that no one ever changes their browser. But IAB Europe put out a very interesting poll saying that 56% of Euro users delete all their cookies once a month.
18:05:37 [dsinger]
dsinger has joined #dnt
18:05:45 [npdoty]
BerinSzoka, I think Aleecia was just clarifying; it might help us in the press to clarify that the default question is not a default to tracking, but a default to no preference
18:05:46 [justin]
But that could just be anti-virus, yes?
18:05:53 [justin]
aleecia: not really on point.
18:06:11 [Chris_IAB]
I think the gentleman was quite clear actually
18:06:24 [Brooks]
18:06:29 [asoltani]
18:06:31 [asoltani]
18:06:47 [Wheeler33]
The w3c solution MUST reflect user preference - without DNT user preference remains with the users
18:06:49 [sidstamm]
+1 to "more pressure for better cookie management tools if no DNT" from WileyS
18:06:57 [justin]
WileyS: Another option could be better cookie management tools from the browsers. Especially in Europe to deal with cookie directive.
18:07:14 [justin]
JC: Disagree with WileyS. Cookies don't work. Need to look at non-cookie options.
18:07:51 [ifette]
18:07:56 [justin]
WileyS: We're talking past each other. Rigo's point is more that you may not need DNT since people delete cookies.
18:08:01 [npdoty]
ack Brooks
18:08:06 [Wheeler33]
agree - OBA cookie targeting effectiveness drops off a cliff after 30 days
18:08:25 [WileyS]
Aleecia - Ian is in the Queue
18:08:39 [ifette]
its ok
18:08:41 [ifette]
18:08:46 [justin]
Brooks: To rigo's point, the presumption isn't that tools aren't being used, because without DNT people are finding way to express choice today.
18:08:53 [WileyS]
Nick - Ian had raised his hand and was holding the mic when Matthias took it away - could you please add him to the queue
18:09:30 [ifette]
aleecia said ashkan had the last word
18:09:33 [ifette]
it's fine
18:09:34 [justin]
asoltanti: One more observation: one of the benefits of DNT is innovations of tracking will be more accepted.
18:09:50 [Wheeler33]
if there were standards for cookie deletion after a certain time period - would we need DNT?
18:09:55 [rigo]
WileyS: that's actually not what I meant. I meant that people make a choice if we give them a tool to do that
18:10:03 [justin]
... Because there will be cross-technology express of preference, new technologies in innovation might be more accepted where DNT off on exception is granted.
18:10:32 [jmayer]
I completely agree with Ashkan's point. In other words, in a world without Do Not Track, new tracking technologies continue to result in public debacles.
18:10:34 [justin]
* aleecia notes that asoltani is a disembodied voice from the ceiling
18:11:37 [justin]
aleecia: Different people have different concerns. Some OBA companies may not want DNT at all, which is understandable from their perspective. Europe has a particular perspective that we should take into account, though recognie ifette's point that we can't accomodate all legal frameworks.
18:12:31 [justin]
... so what happens if we leave here without an agreement? This discussion continues in other forums. We'd do a better job dealing with the issues here rather than fighting on Capitol Hill for the next year and half. Not fun <laughter>
18:12:38 [justin]
... So what are our options now?
18:13:07 [npdoty]
18:13:09 [justin]
... We had 5 proposals in DC. We whittled them in DC to 2. We've whittled both closer together, but several people are unsatisfied with both.
18:13:10 [npdoty]
q- asoltani
18:13:28 [npdoty]
Topic: How can we move on?
18:13:41 [justin]
... We could write up both in standards fashion, and get comments on both and then adopt the least objectionable. That's not a great result, but that's the default of where we go to.
18:13:49 [npdoty]
aleecia: that is the default, but not an attractive option
18:14:10 [justin]
... Or we could pick one. Or we could come up with new ones. Or we could go back to other options that sound better now.
18:14:19 [justin]
... Or we could fail.
18:14:49 [justin]
... So what should we be doing?
18:15:15 [npdoty]
18:15:17 [justin]
... Looking for guidance from people who aren't proposal authors?
18:16:01 [tl]
18:16:07 [justin]
Chris_IAB: I propose that if we want a solution that includes 90+% adoption, we go with WileyS's proposal. It's realistic and based on lots of years of learning and industry experience.
18:16:09 [tl]
18:16:14 [dwainberg]
18:16:24 [npdoty]
adoption immediately, i.e. in the next couple months
18:16:30 [justin]
... It's realistically implementable by industry.
18:16:30 [tl]
18:16:39 [npdoty]
18:16:57 [tl]
18:17:28 [BerinSzoka]
Maybe we should make like the French Revolution and re-seat after lunch according to which side of the aisle we're on: Shane or Jonathan!
18:17:33 [justin]
jchester2: There is movement here, There is an understanding that things have to move. Consumers have moved a lot. On 1Ps, we've moved. On defaults, we've made concession. Or logging protocol data, we've moved. And I acknowledge that industry has moved too.
18:17:33 [npdoty]
q+ to ask about adoption timing
18:17:34 [hwest]
I think it's important to simply accept that everyone has made significant progress and concessions
18:17:45 [sidstamm]
hwest, +1
18:18:01 [robsherman]
18:18:01 [justin]
aleecia: I'm reading that as support for the idea of continuing to move toward each other.
18:18:02 [npdoty]
ack dwainberg
18:18:03 [efelten]
So let's figure out how to close the remaining gap.
18:19:06 [justin]
dwainberg: As a distant observer, the group has gotten a bit into the weeds. Rather than horsetrade, we should back up and understand the bigger picture and go from there. And we need to consider the possible unintended consequences.
18:19:17 [rigo]
18:19:24 [rigo]
ack npdoty
18:19:24 [Zakim]
npdoty, you wanted to ask about adoption timing
18:19:33 [johnsimpson]
18:19:42 [Chris_IAB]
to clarify the comment that was made after my statement, IAB was not listed as an author on Shane's proposal, but I personally support it
18:19:45 [tl]
18:19:47 [justin]
npdoty: Want to follow up on Chris_IAB's point. And the question of how fast adoption will happen. We need to consider adoption rate, and how fast we want to move. Do we want to phase some parts in?
18:20:23 [justin]
aleecia: Maybe you were suggesting that a phased proposal is the way to go. Phase 1 then Phase 2, etc if they would faciliate compromise.
18:20:30 [rigo]
18:20:33 [rigo]
ack tl
18:20:39 [jmayer]
18:20:49 [justin]
tl: Don't want phased proposal. If folks lag on implementation we have option options as browser (duh-duh-DUH)
18:20:50 [erikn]
18:20:52 [rigo]
ack jmayer
18:21:29 [Chris_IAB]
I like the "let's get out of the weeds and see the forrest statement"-- Shane's proposal will likely have 90+% industry adoption in no time. Are we here to get a "DNT win" or are we here to keep hashing something out until we ultimately kill it?
18:21:40 [justin]
jmayer: I want to second the phasing point. To the extent that comlanies are going to have to implement new tech, totally reasonable to giving cos some grace period to implement if that narrows the gap.
18:21:47 [rigo]
ack erikn
18:21:58 [rvaneijk]
18:21:59 [justin]
aleecia: This was discussed on a call and industry didn't really want that approach.
18:22:02 [hwest]
18:22:10 [Chris_IAB]
see the forest guys...
18:22:29 [justin]
erikn: What should we do next? We should focus on text. Talking in abstract not terribly helpful.
18:22:38 [justin]
+1 to erikn
18:22:47 [jmayer]
I've had more conversations with ad companies than I can remember; some really wanted phase-in, others didn't. Mixed response.
18:22:56 [justin]
erikn: Going through the points will help move us toward the center.
18:23:28 [WileyS]
18:23:34 [npdoty]
ack rvaneijk
18:23:42 [justin]
rvaneijk: The proposal I have is to focus on added value of DNT. The WileyS proposal just reflects a lot of what the DAA has already done. Starting at Do Not Target doesn't really focus on the added value of Do Not Track.
18:24:05 [justin]
... We need something extra from this process, not just existing self-reg.
18:24:38 [justin]
hwest: On phase in, phase out, we can't decide that until we know what spec means.
18:24:41 [npdoty]
ack hwest
18:24:50 [npdoty]
ack WileyS
18:25:27 [npdoty]
q+ on MUST/SHOULD, or iterations
18:25:54 [justin]
WileyS: I see the counterproposal from EFF as aspirational. I don't disagree with their aims, but will require significant cost and time to get there. We should agree on what we can do now NOW and then work on technical, standardized approach to dealing with the other aspirations in EFF/Stanford/Moz proposal.
18:26:17 [justin]
... We should immediately begin working on those issues, and one day they could become the DNT standard. But technology isn't there yet.
18:26:26 [hwest]
I don't think that's reflective of industry
18:26:37 [justin]
aleecia: So you see your proposal as Phase 1 and EFF proposal at Phase 2 but with no time limit?
18:26:38 [hwest]
In terms of phase one/two and the two proposals
18:26:50 [npdoty]
WileyS: we could, suggesting a second round of this Working Group
18:27:04 [npdoty]
<laughter> on "job security"
18:27:08 [BerinSzoka]
I'd say this is more like Job than a job
18:27:12 [justin]
WileyS: Yes, there's no planned Phase 2 for this group, but we should have one. Job security <laughter except from aleecia>
18:27:15 [rigo]
18:27:30 [justin]
aleecia: We could have two standards that come out of this group.
18:27:45 [justin]
WileyS: I strongly disagree with THAT. Would be too confusing.
18:27:49 [hwest]
18:27:53 [justin]
aleecia: How is that not what you just said?
18:28:12 [justin]
WileyS: It's not responsible to put out the EFF proposal as a standard right now.
18:28:39 [justin]
... Too many blanks to be filled in at a future data. Can't reach those aspirational goals today. Two standards might be worse than none.
18:28:52 [rigo]
q+ ifette
18:28:54 [justin]
... And eventually that proposal could supplant the interim (?) WileyS proposal.
18:29:14 [justin]
aleecia: So what you're saying is you like the direction of Jonathan's proposal, but it's not baked yet?
18:29:19 [npdoty]
supplant the original DNT, rather than "interim"
18:29:20 [justin]
WileyS: I don't think it's achievable yet?
18:29:29 [justin]
18:29:45 [justin]
npdoty: Could we bridge the proposal with MUST/SHOULD language?
18:29:51 [johnsimpson]
18:29:54 [npdoty]
ack npdoty
18:29:54 [Zakim]
npdoty, you wanted to comment on MUST/SHOULD, or iterations
18:29:58 [justin]
I don't think advocates would be comfortable with that.
18:30:00 [schunter_]
schunter_ has joined #dnt
18:30:24 [rigo]
avk ifette
18:30:30 [justin]
ifette: SHOULDs are problematic in the spec. SHOULDs may create unreasonable expectations from users and regulators. I'd like a spec with all MUSTs.
18:30:30 [npdoty]
q+ Lee
18:30:31 [hwest]
18:30:54 [npdoty]
I do recognize the concern about SHOULDs, I was only proposing it because maybe it could be an attempt at a middle ground
18:31:04 [npdoty]
... and give people a direction/confidence in a future iteration
18:31:05 [justin]
rigo: I don't think a version 1 debate will spare us from testing out the pain points of how far industry is willing to go today. Also, big issue of trust --- will industry come back to the room for a rematch?
18:31:16 [npdoty]
ack ifette
18:31:16 [justin]
... But that said, it's a valid option.
18:31:18 [npdoty]
ack rigo o
18:31:19 [justin]
ack rigo
18:31:24 [johnsimpson]
I agree with Ian. Specs should be musts. Where I suspect we disagree is what the musts should be..
18:31:32 [KevinT]
KevinT has joined #dnt
18:32:03 [WileyS]
Fair - amend proposal to "MUST" from Industry proposals and "MAY" for advocate proposal
18:32:05 [Chris_IAB]
how about we get a balanced v.1 spec out, see if it works, and go from there?
18:32:14 [Chris_IAB]
iterative work
18:32:14 [tl]
18:32:23 [Chris_IAB]
seems rather agile, actually
18:32:26 [jmayer]
18:32:26 [justin]
ifette: As far as a version 2, would be better to circle back. My reading of jmayer et al proposal is "We don't want 3Ps to have a record of your browsing activity." But industry approach is: "We charge based on impressions, and that valid business model can be done without violating privacy."
18:33:27 [justin]
... We need to find a way to charge people while protecting privacy. jmayer may point to papers, but I think more research and testing needs to be done to make sure CPM (etc) model can be done with privacy respected but without rampant click fraud, etc.
18:34:00 [justin]
aleecia: We could have two last call docs, first the WileyS approach, and second the jmayer proposal that folks will have to get to eventually (?)
18:34:05 [npdoty]
ifette: wait for a certain successful deployment of a technique, and only then standardize that as an additional version [am I capturing that right?]
18:34:06 [jmayer]
+q Arvind
18:34:10 [schunter2]
schunter2 has joined #dnt
18:34:28 [justin]
... that's in line with what you propose, to spend more time on the jmayer proposal but to implement what can be done today TODAY
18:34:44 [justin]
ifette: I want to make sure that jmayer approach is implementable before we put it in Last Call.
18:34:56 [npdoty]
q+ Alan
18:34:59 [justin]
... I can't vote yes on a LC until I know it's implementable. That's my bottom line.
18:35:00 [hwest]
Last call should not be fragmented, IMHO
18:35:14 [tlr]
18:35:19 [schunter2]
18:35:28 [Chris_IAB]
18:35:48 [sidstamm]
yes, this is susanisrael
18:35:59 [justin]
SusanIsrael: I agree with that. We should implement what we can now while commiting to work on the harder options. But it's somewhat unclear, which is why we can't put in a LC document today. But would like to have a commitment to work on another LC later.
18:36:00 [Simon]
Speaking from experience (CableLabs has put out alot of succesful specs) any spec will need revision as technology changes. Need to get something out that can be used now.
18:36:09 [tlr]
q- lee
18:36:15 [npdoty]
ack tl
18:36:17 [efelten]
18:36:18 [npdoty]
q+ jchester2
18:36:27 [tlr]
18:36:52 [BerinSzoka]
18:36:56 [hwest]
18:37:08 [justin]
tl: Let's presume the only thing we're concerned about in 3Ps having total view into browsing activities. If they can do what they want to do without that, great. But if they can't, those are illegitimate business models. (Don't want to bless short-term?)
18:37:10 [npdoty]
susanisrael, I'm curious how we could phrase those commitments
18:37:13 [rigo]
ack jmayer
18:37:57 [justin]
jmayer: This may be soundly rejected. But it may be worth it to have a very difficult conversation on PETs. It will be very technical and uncomfortable, but there are some wonderful technical people in this room who can chart a way to move the ball forward.
18:38:09 [justin]
aleecia: Yeah, we often do that, are we usually disagree. So that gives me pause.
18:38:14 [npdoty]
ack Arvind
18:38:57 [justin]
Arvind: The researchers have done all the necessary research to find privacy-protective ways to achieve your business models. But just saying "Hey, we need new research."
18:39:03 [npdoty]
are there ways to encourage iterations to move forward without waiting for a new standardization effort? could we say "best available and feasible efforts"?
18:39:04 [justin]
... isn't fair.
18:39:40 [efelten]
18:39:50 [justin]
Alan: Not saying that we need new research. Question about whether Google, Yahoo!, etc can implement. But concerned about two standards. If we have two, regulators are going to want to require Version 2 right away.
18:39:59 [npdoty]
ack Alan
18:40:13 [justin]
... Unless we bend over backward to say that Version 2 is not implementable today (which some would object to!) concern with two different standards.
18:40:13 [rigo]
ack Alan
18:40:18 [npdoty]
ack Chris_IAB
18:40:46 [efelten]
18:40:59 [justin]
Chris_IAB: Clarifying earlier statement. Want to be clear that we can't boil the ocean. Over the last two years, I've created technical spec with IAB. Any company that subscribes to agile development would say let's put out now what works, test, iterate, and then evolve the spec.
18:41:26 [justin]
... That's how it works on the industry side, and by and large, everyone has over time adopted v1, v2, v3, etc.
18:42:01 [justin]
... By boiling the ocean, you stop something from getting to consumers. Getting something workable today is a win for DNT and advocates. We'll find out from v1 if we need to do more.
18:42:15 [justin]
... If there are complaints, then we start a new working group.
18:42:29 [amyc]
amyc has joined #dnt
18:42:29 [asoltani]
18:42:41 [npdoty]
is there a clear way for us to determine exactly how many complaints are necessary to support a new iteration?
18:42:44 [npdoty]
ack jchester2
18:42:46 [ifette]
18:43:23 [justin]
jchester2: I appreciate what WileyS and ifette are saying, it just won't work to have a phased-in approach. Regulators and advocates want a reasonable standard TODAY. Industry approach as is is unacceptable. Let's get the proposals closer together and continue to evolve.
18:43:53 [justin]
... Won't be acceptable to say "let's do an OK approach and then wait ten years and fix later."
18:43:58 [rigo]
18:44:05 [justin]
<Snarky cross-talk>
18:44:10 [jmayer]
Chris_IAB, it's hard to focus on the conversation when you keep interrupting. Could you please add yourself to the queue?
18:44:45 [justin]
aleecia: Why aren't we just putting the two docs out for vetting? Because both are objectionable to a large swath of folks.
18:44:53 [BrianH]
BrianH has joined #dnt
18:45:08 [justin]
... Has anyone moved from "Can't live with" to "Can live with" on either of these proposals?
18:45:19 [Chris_IAB]
jmayer, sorry, I was following your previous examples :)
18:45:33 [justin]
... No one seems to have moved.
18:45:36 [npdoty]
"easier to live with"
18:45:40 [Chris_IAB]
but in any case, I believe the scribe got it right here, so go ahead and read up
18:45:51 [jmayer]
18:46:08 [Chris_IAB]
18:46:13 [justin]
... We are still in the world of pain. If we flip a coin, either way we lose. And we've received feedback from regulators around that world that industry proposal is not sufficient.
18:46:30 [npdoty]
I'm also in the category of not being familiar with all the details of latest proposal from Shane
18:46:32 [justin]
... And we've had feedback from jmayer standard that current proposal is not implementable.
18:47:05 [justin]
... So we fifteen minutes. No one has any bright ideas.
18:47:18 [justin]
Why not Zoidberg? (CDT proposal)
18:47:56 [npdoty]
justin, maybe we could do a comparison or merge of the CDT proposal with the latest from Shane et al. and Jonathan et al.?
18:48:13 [justin]
rigo: There are some pain points. The pain points are not as bad as some might have us believe. Seeing the differences in details will help advance us significantly
18:48:46 [npdoty]
ack BerinSzoka
18:48:52 [justin]
BerinSzoka: No cost opt-outs don't scale.
18:49:18 [sean]
sean has joined #dnt
18:49:19 [mischat]
mischat has joined #dnt
18:49:25 [justin]
... It seems to be that we are all here because we've assumed that we're assuming a certain low opt-in-to-DNT threshold.
18:49:40 [justin]
aleecia: scolding BerinSzoka for not staying on topic.
18:49:44 [npdoty]
ack hwest
18:49:51 [sean]
18:49:59 [dwainberg]
18:50:04 [robsherman]
18:50:19 [justin]
hwest: A lot of us have a problem with multiple LC docs. We very much don't want a fragmented approach, and that's what two LCs does.
18:50:44 [justin]
aleecia: Does anyone really want multiple LC docs? (No one raises hand)
18:50:45 [npdoty]
ack efelten
18:50:47 [schunter2]
ashkan: i will unmute you
18:50:48 [dwainberg]
18:51:09 [justin]
efelten: We only get ONE bite at this apple. When we get a consensus proposals, then all the forces we talked about earlier come into play.
18:51:18 [justin]
... Echoes erikn's point that we need to focus on text.
18:51:22 [npdoty]
q+ Alan
18:51:41 [justin]
... Let's talk through nuts and bolts and stop claiming "everyone want this" and "no one wants that"
18:51:53 [james]
18:51:54 [npdoty]
efelten: a focus on text
18:52:03 [justin]
asoltani: Echo idea that merging the proposals is the best way to go given the political pressure.
18:52:09 [npdoty]
ack asoltani
18:53:01 [justin]
... Maybe we should have DNT-beta --- you can respect one of two proposals. Let consumers opt for which one they want. We'll then have metrics as to what people want. It's a little bit complicated, and not necessarily the right idea, but could work as a back-up plan
18:53:03 [rigo]
+1 to ashkan, W3C can organize joint development around DNT v.2 Beta if this has sufficient support
18:53:04 [WileyS]
Wasteful suggestion - doubles implementation overhead
18:53:06 [hwest]
Let's focus on moving forward instead of the "what if it doesn't work" ideas
18:53:40 [justin]
aleecia: And of course, you might see different treatment of users, because users might see firewalls, paywall, etc. So not a survey but test of different implementations.
18:53:49 [justin]
+1 to WileyS on this point!
18:53:50 [npdoty]
18:53:56 [rvaneijk]
I rather see one DNT then forked versions.
18:54:29 [justin]
aleecia: This testing assumes that good data would actually change anyone's mind!
18:54:36 [sidstamm]
+1 hwest ... phased deployment and versioning adds confusion and implementation overhead
18:54:48 [jmayer]
18:54:54 [justin]
rigo: W3C can organize this testing.
18:54:57 [susanisrael]
18:54:59 [rvaneijk]
18:55:01 [npdoty]
ack ifette
18:55:08 [rigo]
susanisrael: you have to add a + to q
18:55:17 [susanisrael]
18:55:49 [npdoty]
I think Ashkan was talking about not getting behaviorally targeted ads, like "Do Not Target"
18:56:00 [justin]
ifette: I understand asoltani's basic point. But I don't think that anyone in this group would be willing to offer and support a "Do Not Advertise To" signal and continued to offer free content. Users need to see consequences.
18:56:05 [asoltani]
clarification: DNT:0 = unset, DNT:1 = shane's proposal , DNT:2 = eff/mozilla
18:56:44 [asoltani]
if many people send DNT:2 but sites only support DNT:1, then we need to revisit
18:56:52 [justin]
... Key point: Don't see how we can implement jmayer's approach without significant hit to revenue. Until we get to the point that we're comfortable with understanding the economic impact, you won't see implementation.
18:56:55 [npdoty]
'until we actually get to the point where people are confident on the effect (in terms of revenue) they aren't going to implement'
18:56:59 [sidstamm]
asoltani, how do users express consent for tracking (as per each proposal)? negative numbers?
18:57:30 [justin]
... The industry proposal, we understand what we think the impact is going to be. Not knowing the impact is holding back the jmayer proposal?
18:57:40 [schunter2]
18:57:45 [justin]
aleecia: So what do you propose to get industry to get data?
18:57:48 [npdoty]
ifette: need to be able to show the impact of a proposal, details on data
18:58:06 [justin]
ifette: Get a big third party to implement it and publish the results.
18:58:15 [BerinSzoka]
Well said, Ian. When I said that "No Cost Opt-Outs Don't Scale," this is precisely what I was talking about: not just the default question but also the question of users making choices that don't reflect real-world tradeoffs inherent in exercising DNT
18:58:59 [asoltani]
sid: settings needs to have 4 states. unset, allow tracking, opt-out of targeting, opt-out of collection
18:59:17 [justin]
... jmayer keeps saying that client-side scales. Google has bought companies who had this business model AND IT DIDN'T SCALE. We've really tried. So this is why I'm skeptical. I understand aleecia's desire to move forward, but we have no data points to say how jmayer model will work.
18:59:29 [adrianba]
18:59:46 [justin]
aleecia: But none of this has seen proven data point that this will work.
18:59:56 [rigo]
I think W3C can offer a framework and platform to test out stuff, organize research, help with acquiring funding for advanced development and test things out
19:00:00 [sidstamm]
asoltani, thanks
19:00:03 [justin]
... we're low on time. If you have a new point, then you can talk.
19:00:24 [susanisrael]
19:00:27 [hwest]
+1 - this will be an iterative process if it's going to succeed
19:00:40 [justin]
Alan: Not sure we only have one bite at the apple. We may be able to finesse this to allow iterative approach that satisfies everyone.
19:01:07 [rigo]
kind of stable + unstable approach and moving
19:01:46 [justin]
tlr: Timing is slipping --- need to figure out what to do about charter.
19:01:47 [susanisrael]
my +1 was to the idea that this will be an iterative process. That was my point rather than the fact that only one proposal is acceptable. Let's work through text, do what we can agree on, and agree to keep iterating
19:02:24 [justin]
... Current working assumption is that at some point we'll announce an extension of the charter without a change to the scope of the charter.
19:02:36 [jmayer]
Thanks for taking great notes justin!
19:02:37 [justin]
... If there are changes to the scope that people think are important or desirable, come talk to me.
19:02:41 [justin]
... Enjoy your lunch.
19:03:38 [BerinSzoka]
drinks tonight: Tracktinis for all!
19:18:15 [fwagner]
fwagner has joined #dnt
19:29:25 [randomwalker]
randomwalker has joined #dnt
19:40:09 [johnsimpson]
johnsimpson has joined #dnt
19:46:27 [dwainberg]
dwainberg has joined #dnt
19:53:54 [KevinT]
KevinT has joined #dnt
19:54:34 [Joanne]
Joanne has joined #DNT
19:55:36 [npdoty]
npdoty has joined #dnt
19:57:25 [WileyS_]
WileyS_ has joined #dnt
19:59:10 [Joanne]
Joanne has joined #DNT
20:01:34 [hwest]
hwest has joined #dnt
20:01:47 [jeffwilson]
jeffwilson has joined #dnt
20:03:42 [aleecia]
aleecia has joined #dnt
20:03:56 [aleecia]
Time to get started again...
20:04:05 [tl]
tl has joined #dnt
20:04:54 [adrianba]
adrianba has joined #dnt
20:05:45 [vincent]
vincent has joined #dnt
20:06:00 [rvaneijk]
rvaneijk has joined #dnt
20:06:18 [npdoty]
scribenick: jmayer
20:06:28 [jmayer]
aleecia: talking about user agents
20:06:37 [jmayer]
... talked before, day before microsoft announcement
20:06:40 [egrant]
egrant has joined #dnt
20:06:45 [jmayer]
... mostly about anti-virus software now
20:06:49 [amyc]
amyc has joined #dnt
20:06:53 [jmayer]
... some language in TPE, not Compliance
20:06:59 [jmayer]
... looking at a couple issues
20:07:08 [bryan]
bryan has joined #dnt
20:07:11 [alex]
alex has joined #dnt
20:07:29 [jmayer]
npdoty: new users, here's how to join irc
20:07:35 [jmayer]
20:07:35 [justin]
justin has joined #dnt
20:07:44 [npd]
npd has joined #dnt
20:07:50 [jmayer]
aleecia: thanks
20:07:53 [meme]
meme has joined #dnt
20:07:57 [jmayer]
... help available if you need it
20:08:01 [samsilberman]
samsilberman has joined #dnt
20:08:01 [jmayer]
... back to issues
20:08:13 [BerinSzoka]
BerinSzoka has joined #DNT
20:08:13 [jmayer]
... not talking about ISSUE-150
20:08:15 [efelten]
efelten has joined #dnt
20:08:25 [jmayer]
20:08:28 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
20:08:30 [jmayer]
... start there
20:08:50 [aleecia]
A given device may have multiple sources of user preferences, for example a browser could have a DNT user setting, plus an add-on or plug-in could have a DNT user setting. One DNT choice must be sent. We do not specify how conflicts are resolved.
20:09:07 [jmayer]
... decision that while there might be conflicting user choices on a device (e.g. browser + plugin/addon), leave it to those sources of preference to resolve
20:09:12 [jmayer]
... language pasted in irc
20:09:28 [jmayer]
... looking to get consensus, hear dissent
20:09:35 [jmayer]
tl: middle part should be normative
20:09:40 [bryan]
20:09:40 [jmayer]
s/be/not be/
20:09:45 [hwest]
20:09:51 [dwainberg]
20:09:52 [robsherman]
20:09:53 [npdoty]
20:09:55 [npdoty]
q+ bryan
20:09:55 [jmayer]
aleecia: move to example section?
20:09:57 [npdoty]
q+ hwest
20:09:59 [jmayer]
tl: ok
20:10:00 [susanisrael]
20:10:13 [cSpiezle]
cSpiezle has joined #dnt
20:10:24 [jmayer]
aleecia: npdoty is editing in realtime
20:10:47 [jchester2]
jchester2 has joined #dnt
20:11:09 [jmayer]
... proposal: new paragraph with former middle part, example section
20:11:17 [ifette]
20:11:22 [vinay]
vinay has joined #dnt
20:11:35 [jmayer]
dwainberg: doesn't this interact with the defaults discussion?
20:11:50 [Marc]
Marc has joined #dnt
20:12:00 [ifette]
20:12:05 [jmayer]
aleecia: yes, for example, if mozilla doesn't have DNT on by default and a plugin does, they have to reconcile
20:12:15 [jmayer]
... could imagine the same by IE
20:12:35 [jmayer]
... up to user agents to resolve conflicts
20:13:00 [jmayer]
... in other words, it're related to defaults, but a separate discussion
20:13:01 [fielding]
fielding has joined #dnt
20:13:04 [jmayer]
20:13:14 [jmayer]
20:13:20 [npdoty]
q- Chris_IAB
20:13:22 [npdoty]
q- sean
20:13:28 [npdoty]
q- Alan
20:13:32 [npdoty]
ack bryan
20:13:32 [jmayer]
<cross-talk managing queue>
20:13:39 [bryan]
Re "One DNT choice must be sent", does that mean any and all Web user agents (any Web-enabled application) must send the same value for a particular default or domain? Multiple UAs/apps in a single device would need system-level support for that. Any device that did not provide such support would be inherently non-compliant. Is that what is intended?
20:13:44 [schunter]
20:14:05 [schunter]
20:14:08 [jmayer]
bryan: asking question pasted in irc
20:14:28 [jmayer]
aleecia: how about rephrasing, you must not send more than one DNT value per request
20:14:46 [jmayer]
bryan: to be clear, we're not saying every user agent / app has to have the same setting
20:14:49 [jmayer]
aleecia: right
20:15:00 [dwainberg]
Would a program setting DNT outside the UA, e.g. injecting into the http request, be an "intermediary"?
20:15:14 [jmayer]
hwest: concerned about a different issue
20:15:20 [sean]
sean has joined #dnt
20:15:23 [jmayer]
... but related to defaults
20:15:32 [jmayer]
... if this is just about sending only one value per request, ok
20:15:32 [schunter]
20:15:40 [jmayer]
aleecia: ok, yep, seemed an easy point of consensus
20:15:43 [schunter]
ack hwsest
20:15:47 [schunter]
ack ifette
20:15:49 [erikn]
20:15:49 [trackbot]
ISSUE-150 -- DNT conflicts from multiple user agents -- raised
20:15:49 [trackbot]
20:15:49 [jmayer]
ifette: what about identifying who set the preferences?
20:15:58 [jmayer]
aleecia: that's ISSUE-143, a separate discussion
20:16:01 [schunter]
ack hwest
20:16:19 [keerat]
keerat has joined #dnt
20:16:24 [jmayer]
ifette: less fine with this if information about attribution isn't there
20:16:29 [BrianH]
BrianH has joined #dnt
20:16:39 [jmayer]
tl: don't like notion of attribution, adding lots of information to user-agent
20:16:47 [jmayer]
aleecia: again, ISSUE-143, another conversation
20:16:55 [schunter]
20:17:03 [jmayer]
aleecia: group ok with text?
20:17:08 [efelten]
efelten has joined #dnt
20:17:15 [jmayer]
20:17:22 [jmayer]
... moving on to ISSUE-149
20:17:31 [hwest]
I think the group will need to confirm that we're ok with that text once we address 143
20:17:34 [jmayer]
... roy added language about on vs. off vs. unset
20:17:48 [hober]
20:17:48 [trackbot]
ISSUE-149 -- Compliance section for user agents -- raised
20:17:48 [trackbot]
20:17:53 [jmayer]
... section 3 in tpe, determining user preference
20:18:07 [jmayer]
... comments?
20:18:11 [rigo]
scribenick: rigo
20:18:12 [schunter]
20:18:17 [rigo]
scribe: rigo
20:18:34 [adrianba]
20:18:57 [jmayer]
20:19:27 [rigo]
HeatherWest (HW): two choices may not be sufficient. Alternative to unset or only two
20:19:41 [rigo]
20:19:50 [hober]
s/HeatherWest (HW)/hwest/
20:20:02 [tl]
20:20:12 [rigo]
AM: minimum of two is currently in the spec
20:20:36 [rigo]
HW: we have an open issue on that. Not fixed yet
20:21:23 [rigo]
AM: show of hands of
20:21:36 [rigo]
Roy: this is what the choice that is offered to the user
20:22:22 [rigo]
MTS: questions: Does not allow for a german user "an" "aus"? and a tool that only send DNT:1
20:22:22 [fwagner]
fwagner has joined #dnt
20:22:53 [rigo]
... so even a tool that only sends DNT:1 must be able to be switched off
20:23:12 [tl]
20:23:28 [rigo]
npdoty: even with the current text that would require at least on and off
20:23:49 [rigo]
jmayer: does that mean that uninstall is sufficient?
20:24:32 [jmayer]
Or if the browser offers a "Disable" option, is that enough?
20:24:34 [rigo]
HW: DNT should fully implement the Specification
20:24:47 [rigo]
AM: is it sufficient to remove tool
20:24:50 [rigo]
HW: no
20:24:56 [asoltani]
what if the notice is in the privacy policy?
20:25:00 [justin]
That's not in the spec yet.
20:25:10 [asoltani]
in for example,
20:25:16 [jmayer]
I think this conversation is conflating different issues: notice, defaults, choices, ...
20:25:29 [jmayer]
20:25:38 [ifette]
20:26:02 [schunter]
ack adrianba
20:26:33 [rigo]
adrianba: 1/ lot of discussion about tools and add-ins. user agent has the collective thing that user uses, including all plugins
20:27:06 [schunter]
ack jmayer
20:27:11 [rigo]
2/ spec talks about the ua have to offer choices, but UI is out of scope.
20:28:04 [erikn]
20:28:10 [rigo]
jmayer: language proposal: instead of offer (user agent has to do something) "a user must be reasonably able to ". Any tool must be able to put the user in one of those states
20:28:12 [WileyS]
20:28:12 [adrianba]
s/UI is out of scope/offer is not defined (how choices are offered is out of scope)/
20:28:15 [rigo]
MTS liked this
20:28:18 [schunter]
ack tl
20:28:27 [justin]
hwest, can you elaborate why we should prescribe that a privacy-protective add-on must be able to send DNT:0? What's the point?
20:28:50 [hwest]
20:28:59 [rigo]
tl: dislike this. If I have my add-on to only should send DNT:1.
20:29:00 [schunter]
20:29:10 [justin]
That's totally fine.
20:29:23 [justin]
I have no problem with a DNT:0 add-on that doesn't send DNT:1
20:29:25 [schunter]
20:29:30 [BerinSzoka]
20:29:33 [schunter]
ack ifette
20:29:45 [justin]
If it's installed deceptively, I am comfortable informing the FTC about this add-on.
20:29:55 [tl]
justin +1
20:29:59 [rigo]
aleecia: would you be comfortable having an add-on that only makes DNT:0 headers?
20:30:00 [schunter]
ack ifette
20:30:02 [rigo]
tl: yes
20:30:33 [WileyS]
20:30:41 [jmayer]
20:30:42 [adrianba]
If the user can turn off an add-on in their user agent then the user agent (as a whole) offers a way of turning the signal off
20:30:45 [WileyS]
Ian made my point (individual vs. collective)
20:30:54 [hwest]
justin, it's the DNT0 plugin example - would you be ok with that? What if it's loaded without user interaction?
20:31:11 [justin]
hwest, yes I'm fine with a DNT:0 plugin.
20:31:13 [schunter]
ack erikn
20:31:18 [hwest]
20:31:24 [tl]
20:31:24 [rigo]
ifette: agree with Jonathan (laughter). User must be able to express on off or unset. If we look at individual tool than must be able to express all. If the entire environment (adrianb's point) than should be sufficient
20:31:28 [justin]
If it's loaded without user interaction, I look forward to the cy pres award funding my work for the next several years.
20:31:42 [schunter]
20:31:58 [rigo]
erikn: does DNT:0 have to be supported?
20:32:12 [rigo]
20:33:12 [schunter]
ack jmayer
20:33:13 [rigo]
AM: what requirements on what you want send, what is the minimum bar we have
20:33:33 [npdoty]
can we just delete the whole paragraph? user choice requirement is present above
20:33:49 [schunter]
ack BerinSzosa
20:33:59 [schunter]
ack BerinSkoka
20:34:16 [schunter]
ack BerinSzoka
20:34:20 [ifette]
20:34:31 [dwainberg]
20:34:35 [rigo]
hober: does a UA have to do 3 options, that is distinct from the UI question of how to present that. People are concerned about limitations on UI to must be able to express 3 states
20:34:42 [justin]
I think you skipped BerinSzoka
20:35:05 [BerinSzoka]
20:35:19 [aleecia]
20:35:19 [BerinSzoka]
I just wanted to know how this conversation intersects with negotiations between sites and users
20:35:25 [Brooks]
20:35:36 [schunter]
ack tl
20:35:40 [rigo]
tl: some UA like tor browser -> defaults on high privacy. tor - browser will not offer dnt:0. Should they be non-compliant
20:35:45 [BerinSzoka]
might sites offer plugins to turn off DNT:1, for example?
20:36:29 [justin]
This seems like a different point.
20:36:31 [rigo]
BerinSzoka: ??
20:36:36 [schunter]
ack tl
20:37:01 [dwainberg]
20:37:20 [schunter]
ack rigo
20:37:36 [Chris_IAB]
20:37:45 [rigo]
jmayer: practical impacts 1/ if we set must on DNT:0 every single implementation is non compliant
20:38:00 [rigo]
2/ there is a UI implication, you have to have a choice
20:38:18 [erikn]
(a choice that can't be a checkbox)
20:38:22 [BerinSzoka]
my question simply put: It's important to me that we don't do anything to thwart negotiations between sites and users because, as I said before, no-cost opt-outs don't scale. So my specific question is: Might sites offer plugins to users as an easy way of either turning off DNT:1 OR creating an exception for their site/network as a quid pro quo to gain access to content?
20:38:24 [justin]
I don't think anyone is saying that DNT:0 needs to be presented clearly and prominently --- just that it needs to available.
20:38:27 [rigo]
3/ same sementics could be done out of band
20:38:40 [ifette]
20:39:14 [justin]
BerinSzoka, plugins aren't how sites will do negotiation. We have separate mechansisms for allowing the negotiation you're discussing (in-band and out-of-band consent).
20:39:42 [justin]
BerinSzoka, I mean, they can require a plug-in if they want to, but there are easier ways.
20:40:02 [MikeZ]
MikeZ has joined #dnt
20:40:31 [schunter]
ack ifette
20:41:30 [rigo]
rigo: need for on off unset needed for consent. Also the ecosystem is a bundle with the 3 options
20:41:36 [dwainberg]
20:42:06 [jmayer]
20:42:11 [justin]
I would strongly object to saying that DNT:0 must be as prominently offered as DNT:1
20:42:27 [schunter]
ack Brooks
20:42:28 [rigo]
ifette: good to have concerns, but requirement is limiting to the point that a user shouldn't be forced to uninstall, symmetry of turning on and off being equally painful or easy
20:43:18 [rigo]
brooks: AVG and so on: none of those are UAs, so should we accommodate. "Able to do HTTP request".
20:43:29 [rigo]
AM: how does that affect
20:43:38 [npdoty]
Ian, is this what you're talking about? <p class="option">
20:43:39 [npdoty]
A user agent MUST make it equally easy to configure their agent to each of a minimum of {two|three} choices for a Do Not Track preference.
20:43:40 [npdoty]
20:43:43 [schunter]
ack Chris_IAB
20:43:49 [adrianba]
20:43:56 [rigo]
brooks: AVG is just changing an entry in the registry, not issuing HTTP request
20:44:36 [rigo]
aleecia: different issue that we take differently?
20:44:43 [rigo]
brooks: it is bundled
20:45:08 [jmayer]
-q later
20:45:18 [rigo]
aleecia: re-defining user agent is not next 15 min
20:46:05 [rigo]
rigo: tie it to ISSUE-151 because it also requires exception mechanism to be present
20:46:25 [npdoty]
ISSUE: what are the implications on software that changes requests but does not necessarily initiate them?
20:46:25 [trackbot]
Created ISSUE-153 - What are the implications on software that changes requests but does not necessarily initiate them? ; please complete additional details at .
20:46:31 [rigo]
AM: tools that change settings, but do not issue HTTP requests
20:46:33 [schunter]
ack adrianba
20:46:53 [dwainberg]
20:46:54 [jmayer]
20:46:56 [rigo]
adrianba: disagree that symmetry of UI is essential. We should be free to compete
20:47:32 [Chris_IAB]
who took me off the q?
20:47:34 [dwainberg]
20:47:35 [dwainberg]
20:47:39 [adrianba]
s/disagree that symmetry of UI is essential. We should be free to compete/I disagree that symmetry of UI is necessary. I think how options are offered to a user is up to the user agent. Products should be free to compete on this basis./
20:47:43 [Chris_IAB]
20:47:45 [rigo]
dwainberg: are we in issue freeze?
20:47:48 [tlr]
schunter acknowledged you a bit earlier, Chris
20:48:05 [Chris_IAB]
20:48:09 [rigo]
aleecia: only at last call
20:48:10 [Chris_IAB]
I never got to speak???
20:48:23 [tlr]
he acked you on IRC earlier. Seems he didn't follow that with a microphone.
20:48:41 [Chris_IAB]
I have been waiting patiently, with a microphone
20:48:47 [Chris_IAB]
in hand
20:48:49 [rigo]
aleecia: 1/ on off unset
20:49:08 [rigo]
2/ implicit on off by uninstall
20:49:16 [schunter]
20:49:23 [rigo]
3/ on off unset per entire system
20:49:27 [Chris_IAB]
thanks, so someone removed me from the speaker q before I could talk
20:49:51 [rigo]
aleecia: started with 2 options, nobody supported that
20:49:54 [jchester2]
jchester2 has joined #dnt
20:50:13 [schunter]
20:50:22 [bryan]
20:50:43 [tlr]
q- in
20:51:34 [JC]
20:51:34 [rigo]
so opposition between one option and three options
20:51:37 [schunter]
20:52:18 [npdoty]
adrianba, was your point that we could leave this paragraph out and leave it up to the UA?
20:52:31 [rigo]
4/ need on and off and unset and same level of effort to set on, off or unset
20:53:35 [ifette]
20:53:41 [tlr]
20:54:06 [justin]
ifette, So on the symmetry point, you think we should prescribe that upon install (or in settings), everyone would need to offer equally weighted options for "do you want to tell websites not to track me" and "alternatively, do you want to tell websites they can track you all the time"? We want to put that in the spec?
20:54:12 [schunter]
20:54:45 [rigo]
Chris_IAB: question to tl: What exactly is the problem with disabling the feature. What is the rationale not being able to set off
20:55:12 [rigo]
tl: we should not increase complexity of simple tools
20:55:33 [rigo]
... browser add on will just turn on DNT:1
20:55:48 [rigo]
20:55:51 [tlr]
20:55:51 [rigo]
ack Chris_IAB
20:55:57 [tlr]
20:55:58 [bryan]
what is being referred to as "the whole ecosystem"? if by this it's meant (as Rigo suggested) that a system-level setting MUST be provided for all user agents on the device, that is *possible* but is unlikely to be *enforceable* given the diversity of devices, UA types, and Internet software stacks.
20:55:59 [jmayer]
20:56:02 [rigo]
ack bryan
20:56:10 [aleecia]
queue closed
20:56:10 [jmayer]
20:56:21 [npdoty]
does "Keep My Opt Outs" satisfy the principle of user choice?
20:56:22 [BerinSzoka]
but here's my question: What happens when a user running the DNT:1 plugin tries to negotiate with a site to get access to content? Will the user have to remove that plugin on his own before getting access?
20:56:32 [BerinSzoka]
if so, won't that frustrate negotiation?
20:56:43 [hwest]
Nick, no, Keep My Opt Outs is a blunt tool - my understanding of this working group was to have a more effective, nuanced tool rather than a blunt object a la existing tools
20:56:50 [schunter]
20:57:04 [justin]
BerizSzoka, no
20:57:14 [BerinSzoka]
I ask in ignorance
20:57:16 [BerinSzoka]
how would this work?
20:57:41 [BerinSzoka]
would the exception negotiated by the site simply supersede the general preference set by the plugin?
20:57:50 [justin]
BerinSzoka, The industry proposal requires that UAs need to be able to handle exceptions.
20:58:19 [BerinSzoka]
ok, so to respond to Tom: the plugin wouldn't "just" set DNT:1; it would also have to allow exceptions
20:58:20 [rigo]
aleecia: bryan wants to have a setting per user agent, not per device
20:58:21 [BerinSzoka]
20:58:53 [rigo]
ifette: should not be limited to DNT:1 tools.
20:58:58 [rigo]
20:58:59 [tl]
BerinSzoka: Yes. Add-ons can break things. If I installed an add-on that disables cookies, that would likewise break things. I don't think sites should be able to ignore preferences that come from simple tools.
20:59:08 [rigo]
1/ user agent must be able to do one choice
20:59:19 [justin]
BerinSzoka, I think tl's assumption is that the browser will be able to handle the exceptions. I do not believe that the advocate proposal requires dealing with exceptions.
20:59:20 [rigo]
2/ three choices on, off, unset
20:59:20 [tl]
Also, I am not in favor of the industry proposal.
20:59:43 [rigo]
3/ 3 choices with equal effort of setting of all
20:59:43 [efelten]
efelten has joined #dnt
21:00:00 [BerinSzoka]
so, Tom, just to make sure I understand clearly: you envision plugins that would make negotiation impossible because they couldn't process exceptions? the user's only recourse would be to uninstall the plugin that "breaks things?"
21:00:14 [rigo]
tl: only signal on the wire
21:00:39 [rigo]
... should not specify user must configure. Signal means the user has made a choice if you see the signal
21:00:54 [rigo]
... nothing represents my opinion, not the first
21:01:11 [bryan]
+1 to Tom's suggestion: we should talk about expressions over the wire and not how they have to be manageable in UAs
21:01:19 [rigo]
.... would delete the sentence. Must reflect the users choice ... and no sentence on offer choice
21:02:03 [rigo]
dwainberg: where do we make that choice? OS, UA, ecosystems
21:02:14 [rigo]
aleecia: we talked about plugins, user agents
21:03:03 [rigo]
aleecia: something that can change the value of an HTTP request is one issue
21:03:11 [rigo]
dwainberg: want to get that first
21:03:17 [rigo]
aleecia: will re-open later
21:03:28 [susanisrael]
sorry if this is resolved, but to the point david is making, is it possible that different user agents could be treated differently? and have different requirements?
21:03:50 [schunter]
21:04:39 [rigo]
jmayer: question: there me be a substantive difference: around when a browser claims compliance with the spec, we want at minimum to express DNT:1
21:05:23 [rigo]
... difference is that it would be installed and does just that
21:05:54 [schunter]
21:05:59 [hwest]
I think this discussion is whether or not we want to have blunt tools or fleshed out tools
21:06:02 [rigo]
aleecia: what is threshold for sufficiency...
21:06:05 [schunter]
ian: want to speak?
21:07:24 [bryan]
I think the inability to nail down what a user agent is (e.g. in terms of the diversity of ways in which Web-enabled clients can be built and deployed), indicates that the best approach is to remain silent on this UA configuration point.
21:07:31 [rigo]
aleecia: straw poll
21:07:42 [rigo]
silence: 14 hands
21:07:57 [rigo]
ack silence
21:08:02 [rigo]
ack 14
21:08:47 [rigo]
23 for three choices
21:08:47 [tlr]
for rough magnitude, we're fine
21:08:54 [rigo]
14 for one choice
21:09:24 [rigo]
aleecia: if you can't live with one choice
21:10:00 [rigo]
7 people can not live with silence
21:11:04 [rigo]
can not live with 3 choice 16
21:11:16 [rigo]
aleecia: fairly even split
21:11:25 [justin]
And that's not even accounting for required symmetry!
21:12:19 [Chris_IAB]
21:12:40 [schunter]
21:15:00 [BerinSzoka]
"Do you prefer 2 over 3?" This is like having an argument with your ophthalmologist! "Better 2, or better 3?
21:15:07 [rigo]
aleecia: action or just copy and paste?
21:15:16 [tlr]
21:15:20 [npdoty]
21:15:22 [npdoty]
21:15:58 [schunter]
21:16:22 [npdoty]
action: aleecia to issue a call for objections on symmetry/minimum number of choices
21:16:22 [trackbot]
Created ACTION-214 - Issue a call for objections on symmetry/minimum number of choices [on Aleecia McDonald - due 2012-06-27].
21:16:33 [rigo]
Resolution: MTS and Aleecia will issue a call for objections
21:16:34 [tlr]
21:16:44 [npdoty]
q- ifette
21:16:44 [WileyS]
ack ifette
21:16:47 [ifette]
21:16:48 [npdoty]
q- Chris_IAB
21:16:52 [Chris_IAB]
21:16:58 [rigo]
21:17:32 [rigo]
aleecia: We had 8 page table and had an incredible amount of agreement
21:17:39 [ifette]
ScribeNick: ifette
21:17:51 [ifette]
Aleecia: Back in DC we had lots of tables where people had a lot of agreement, and a few disagreements
21:18:01 [ifette]
… we were going to write this up, Aleecia ended up doing this
21:18:10 [ifette]
… would like to work through this as much as possible, do some live editing
21:18:12 [npdoty]
21:18:17 [ifette]
… and get pieces we appeared to be near consensus to actual consensus
21:18:21 [ifette]
… this "should" be easy
21:18:25 [Cspiezle_]
Cspiezle_ has joined #dnt
21:18:50 [ifette]
… going to skip to Section 2, information practices for all parties
21:19:16 [justin]
21:19:18 [ifette]
… going to go through this, please scream/q+ if you want to speak against something
21:19:22 [schunter]
21:19:25 [ifette]
… additional voluntary measures (reads)
21:19:43 [ifette]
… reads 2.2 user permission and consent
21:19:52 [hwest]
21:19:56 [ifette]
q+ hwest
21:20:02 [susanisrael]
i would like to return to some of these definitions at some point as i believe they are not as precise as intended.
21:20:26 [ifette]
21:20:33 [ifette]
hwest: how granular do you want to get
21:20:37 [ifette]
aleecia: want this to be the language in spec
21:20:39 [ifette]
hwest: well then
21:21:02 [ifette]
… first sentence, consensus was closer to "a party is not bound by these requirements" as opposed to "a party may now do these things"
21:21:04 [ifette]
aleecia: ok
21:21:25 [ifette]
hwest: an out of band consent for option b (just say "an out of band consent")
21:21:33 [ifette]
… we need to be clear/consistent around "consent" vs "choice mechanism"
21:21:42 [ifette]
aleecia: "choice mechanism" will probably cause us less problems
21:21:56 [jmayer]
21:21:57 [ifette]
hwest: a party is not bound by these guidelines if a user grants an exception to that party/parties
21:22:01 [ifette]
ack hwest
21:22:19 [ifette]
tl: disagree, out of band consent may not be "please ignore my dnt signal"
21:22:23 [schunter]
21:22:28 [ifette]
hwest: fine with language "as granted by the user"
21:22:34 [ifette]
aleecia: please, IRC
21:22:43 [ifette]
… ya'll (hwest+tl) work on that
21:22:50 [schunter]
21:22:54 [ifette]
rigo: assumes permission and consent, out of band, we have two
21:22:57 [hwest]
"A party is not bound by these requirements and guidelines to the extent that a user grants an exception to that party or parties"
21:22:59 [ifette]
… for dnt:0 we have in-band consent
21:23:05 [hwest]
tl, doe that work for you?
21:23:09 [ifette]
aleecia: you're saying we have a and b but there should also be c
21:23:12 [tl]
What's the URI of the doc that npd is editing?
21:23:13 [ifette]
… i understand
21:23:24 [schunter]
21:23:25 [ifette]
… (third option for you receive dnt:0 not by an exception but because the UA is sending dnt 0)
21:23:39 [justin]
21:23:40 [ifette]
aleecia: thx
21:23:45 [ifette]
… think jmayer next
21:23:54 [schunter]
ack jmayer
21:24:00 [ifette]
jmayer: since we're discussing language, don't intend to substantively change meaning but instead clarify
21:24:08 [ifette]
… sites may override dnt preference if they receive explicit informed consnet
21:24:11 [ifette]
… seems contradictory
21:24:27 [JC]
Reception found a pair of sunglasses
21:24:33 [ifette]
… propose party may engage in info practices otherwise prohibited by this specification if a) b) c)
21:24:46 [ifette]
npdoty: can I combine with heather's sentence?
21:24:53 [ifette]
aleecia: same idea
21:25:05 [jmayer]
Here's what I just read: "A party MAY engage in information practices otherwise prohibited by this recommendation..."
21:25:20 [ifette]
XA: don't understand MUST vs SHOULD here
21:25:26 [schunter]
21:25:30 [ifette]
… when seeking an exemption, sites MUST communicate these requests clearly
21:25:37 [ifette]
21:25:55 [ifette]
fielding: MUST is a hard requirement, won't occur successfully without this
21:26:06 [ifette]
… SHOULD is MUST unless you have a good reason not to
21:26:08 [schunter]
21:26:12 [ifette]
… read RFC2119
21:26:27 [ifette]
21:26:49 [ifette]
… in SHOULD case there may be good exceptions but you don't know them a priori, for MUST you have to list the exceptions apriori
21:26:52 [tl]
Everyone should read RFC2119
21:26:55 [mischat]
mischat has joined #dnt
21:27:01 [tlr]
+1 re RFC 2119
21:27:09 [schunter]
21:27:10 [tlr]
21:27:14 [ifette]
npdoty: reads
21:27:57 [tl]
hwest, how about: When a user provides a party or parties with an exception to one or all of these requirements and guidelines, that exception overrides their DNT signal.
21:28:30 [ifette]
schunter: should be more general, through other means
21:28:35 [ChrisPedigoOPA]
21:28:36 [ifette]
aleecia: oob consent handled in other doc
21:28:36 [jmayer]
21:28:39 [justin]
As I have noted before, approval of the language around consent for UGEs needs to be dependent upon approval of the language around consent for UAs to set DNT:1 in the first place. The point is worth noting, but I don't want to interrupt the convo . . .
21:28:44 [schunter]
21:28:57 [ifette]
rigo: Matthias says this section doesn't apply, but we then don't get to meaning of dnt0
21:29:01 [ifette]
… may be tweaking necessary
21:29:09 [ifette]
… in another section we may want to define what dnt0 menas
21:29:15 [tlr]
21:29:17 [ifette]
… have to make sure this section doesn't contradict the other one
21:29:20 [ifette]
aleecia: open issue
21:29:26 [schunter]
21:29:32 [ChrisPedigoOPA]
21:29:46 [rigo]
ack jmayer
21:29:52 [schunter]
ack tmayer
21:29:57 [schunter]
ack jmayer
21:30:01 [ifette]
jmayer: party is not bound by requirements in this section - presumably there are things not just in this section that applies
21:30:07 [ifette]
… anyhow "this section" seems ambiguous
21:30:15 [ifette]
… believe intent is anything prohibited in the doc is now allowed
21:30:21 [ifette]
… haven't discussed level of specificity
21:30:26 [ifette]
aleecia: section -> document
21:30:29 [ifette]
… ?
21:30:36 [ifette]
jmayer: specificity
21:30:48 [ChrisPedigoOPA]
21:30:49 [ifette]
… "a party is not bound by"
21:30:55 [ifette]
… they are bound, just not required to do so
21:31:04 [ifette]
… document still has force, they just are not required to do certain things
21:31:06 [ifette]
aleecia: text?
21:31:11 [tlr]
21:31:28 [jmayer]
resend: "A party MAY engage in information practices otherwise prohibited by this recommendation ..."
21:31:47 [ifette]
ChrisPedigoOPA: section "MUST comply with and align with consumer protection laws…" is problematic
21:31:48 [hwest]
jmayer, that's the direction I was going for too, that looks fine
21:31:53 [ifette]
… its assumed you will comply with the law
21:31:59 [schunter]
21:32:07 [robsherman]
"applicable law"?
21:32:09 [schunter]
ack ChrisPedigoOPA
21:32:10 [ifette]
… when you say operate, rigo can correct but operate is a dicey term in the EU
21:32:19 [efelten]
+1 robsherman
21:32:23 [ifette]
aleecia: debated to death around comply with law
21:32:28 [ifette]
… not attempting to get in jurisdiction
21:32:48 [schunter]
21:33:06 [schunter]
21:33:14 [ifette]
aleecia: only looking at normative sections
21:33:17 [ifette]
… close on this
21:33:32 [jmayer]
The language now only provides exception from "...for All Parties"
21:33:36 [jmayer]
Should be broader, right?
21:33:52 [ifette]
… reads "a party may receive conflciting signals, specific overrides general, ..."
21:34:26 [schunter]
21:34:52 [ifette]
tl: stuff about what should go in the status resource should go in the TPE
21:34:58 [ifette]
aleecia: which sentence
21:34:58 [jmayer]
21:35:08 [ifette]
tl: if a party chooses to track based upon… must indicate … supply a link
21:35:17 [schunter]
21:35:23 [ifette]
aleecia: if a party chooses to track based on prior consent, their response must be as defiend in the TPE etc.
21:35:29 [tlr]
+1, don't put normative language about protocol into this spec.
21:35:29 [ifette]
… just point to the TPE, take out the middle sentence
21:35:38 [tlr]
21:35:40 [ifette]
jmayer: might be two separate issues
21:35:41 [tlr]
ack jm
21:35:54 [ifette]
… prior consent in mode of you give consent at some point, come back
21:35:56 [dwainberg]
21:36:10 [ifette]
… some might interpret as "prior consent from before you even turn on DNT"
21:36:17 [ifette]
… and even after you turn on DNT subsequently
21:36:20 [schunter]
21:36:23 [ifette]
… not sure if we have agreement there
21:36:32 [rigo]
21:36:32 [ifette]
… suggest reframe from prior consent to "consent when DNT is on"
21:36:43 [ifette]
aleecia: would add a note here, not to the point of talking about decisions prior to DNT being on
21:36:45 [ifette]
… more complex
21:36:53 [ifette]
… we not spend a whole lot of time here now, note that it's open issue
21:36:55 [schunter]
ack jmayer
21:36:57 [rigo]
21:37:04 [ifette]
… this is issue xyz still to be addressed
21:37:25 [schunter]
21:37:25 [ifette]
aleecia: final statement in section, oob choice mechanism must satisfy following...
21:37:27 [hwest]
21:37:32 [schunter]
ack dwainberg
21:37:34 [jmayer]
21:37:37 [susanisrael]
21:38:05 [ifette]
dwainberg: party can get permission to do whatever they want, up to that party and regulators etc to determine if they got appropriate permission
21:38:27 [ifette]
aleecia: general principle that the more granular choice is the one that controls, not the more global one
21:38:49 [ifette]
schunter: if i have a well known uri which says my whole site doesnt do any tracking, and then i have headers that conflict, headers are more specific and take precedence
21:39:03 [ifette]
dwainberg: confusion between technical specificity/generality vs
21:39:06 [npdoty]
21:39:12 [ifette]
rigo: the technology actually conveys the semantics
21:39:26 [ifette]
… specific statement by the user
21:39:35 [jmayer]
npdoty, are you still workshopping the "A party is not bound..." sentence?
21:39:37 [ifette]
… equally applies that a specific always overrides general
21:39:38 [susanisrael]
request for clarification re: prior consent. We tabled this issue, rather than dismissing the possibility of prior consent, correct?
21:39:50 [jmayer]
I think both hwest and I were looking for clarifications there.
21:39:55 [npdoty]
jmayer, do you have alternatives?
21:39:55 [randomwalker]
randomwalker has joined #dnt
21:40:03 [ifette]
dwainberg: if a party puts up a big consent thing "we want you to consent to do everything"
21:40:11 [ifette]
… that overrides any little granular settings
21:40:13 [ifette]
rigo: other way round
21:40:17 [jmayer]
resend x2: "A party MAY engage in information practices otherwise prohibited by this recommendation ...""
21:40:30 [ifette]
aleecia: you're talking about which types of things you might consnet to rather than which parties
21:40:33 [npdoty]
"DNT: 1" does not tell you the scope of my permission, does it?
21:40:46 [ifette]
aleecia: written in a way that this might not be clear, that's important
21:40:50 [jmayer]
maybe "engage in" -> "conduct"
21:40:51 [npdoty]
jmayer, hwest, please duke that out and get back to me
21:40:51 [ifette]
… need it to be understandable
21:40:59 [ifette]
… specifics about specific parties
21:41:04 [hwest]
I actually have a comment on the next piece :)
21:41:11 [ifette]
… if you are sending a DNT signal to the entire world, that is global, you can have something specific about a given party
21:41:16 [jmayer]
hwest, are you good with that language?
21:41:18 [hwest]
But can duke out this piece too
21:41:19 [ifette]
… that thing specific to the given party trumps the generalized signal
21:41:30 [ifette]
npdoty: fact you received dnt1 doesn't imply it's general to whole world
21:41:37 [ifette]
tl: only applies to this network interaction
21:41:38 [schunter]
21:41:52 [npdoty]
21:42:03 [ifette]
aleecia: dont have to worry about specific vs general, just say OOB trumps DNT signal
21:42:12 [ifette]
schunter: principle is ok but need to spell out instances
21:42:23 [ifette]
… OOB trumps signal, response header trumps well known URI, etc
21:42:24 [jmayer]
hwest, [14:31] <hwest> jmayer, that's the direction I was going for too, that looks fine
21:42:26 [ifette]
… spell it out
21:42:35 [hwest]
Yes, that still works, jmayer
21:42:40 [ifette]
aleecia: try for that now
21:42:42 [jmayer]
Ok. Nick, please swap it in.
21:42:51 [hwest]
But I like the out of band consent trumps general anything language
21:43:13 [jmayer]
That seems to be the consensus view.
21:43:20 [schunter]
21:43:26 [ifette]
tl: if i have a bunch of settings on a site, that i dont use regularly but they have widgets all over, nd i get a new browser and i turn on dnt1
21:43:33 [ifette]
… but i haven't gone back to that site to modify the preferences
21:43:40 [ifette]
… think its ok because im setting dnt1
21:43:41 [ifette]
21:43:52 [ifette]
q+ to say if you didnt go back to that site you didn't go log into that site
21:44:11 [schunter]
21:44:16 [ifette]
hwest: comment on next piece
21:44:17 [jmayer]
21:44:32 [JC]
21:44:33 [ifette]
susanisrael: quick clarification, earlier we dismissed idea of prior consent
21:44:36 [ifette]
… not asking to talk about now
21:44:36 [npdoty]
ack susanisrael
21:44:38 [tlr]
ack susan
21:44:42 [ifette]
… but think we tabled issue of prior consent
21:44:48 [ifette]
… that might remain valid despite a later setting
21:44:52 [ifette]
… as opposed to dismissing it
21:44:55 [ifette]
… clarify here
21:45:05 [schunter]
21:45:08 [npdoty]
jmayer, no private messages here
21:45:16 [jmayer]
message was that heather agreed
21:45:41 [schunter]
21:46:06 [jmayer]
was trying to not clutter the room
21:46:20 [ifette]
tl: question is if i've gone and opted into xyz or only opted into a couple of things, THEN i turn on dnt1
21:46:25 [ifette]
… and they have added more features since then
21:46:29 [ifette]
… their state about me is incomplete
21:46:41 [ifette]
… would they then assume that the DNT applies only to the things that i've already picked, vs newly added things
21:46:49 [JC]
Too complex
21:46:49 [ifette]
… or am I opted into things that werent previously options
21:47:03 [schunter]
21:47:09 [schunter]
ack ifette
21:47:09 [Zakim]
ifette, you wanted to say if you didnt go back to that site you didn't go log into that site
21:47:37 [schunter]
21:47:41 [ifette]
ifette: you are talking about prior consent, i will hold my comments until then
21:48:23 [ifette]
npdoty: OOB may override an expressed DNT signal, suggesting as replacement for specific overrides general
21:48:27 [schunter]
21:48:40 [ifette]
hwest: can we enumerate "an oob may override a DNT:1 and the other option we put in"
21:48:43 [ifette]
tl: think perfect
21:48:49 [ifette]
fielding: confused
21:48:54 [ifette]
… OOB overrides DNT signal period
21:48:56 [ifette]
… it overrides
21:49:08 [jmayer]
21:49:18 [rigo]
+1 to Roy
21:49:23 [schunter]
21:49:24 [ifette]
fielding: feel MAY is problematic
21:49:27 [ifette]
aleecia: also feel MAY problematic
21:49:31 [ifette]
… anyone want to fight for MAY?
21:49:35 [ifette]
jmayer: segue
21:49:48 [ifette]
… as we did before, get rid of "override" and say "you MAY do things inconsistent with elsewhere"
21:49:57 [schunter]
21:49:59 [ifette]
hwest: "or you are no longer bound by this signal"
21:50:05 [schunter]
ack jmayer
21:50:14 [schunter]
ack hwest
21:50:18 [ifette]
hwest: instead of re-granting permission, say "the requirements in this spec no longer apply" written nicely
21:50:20 [ifette]
jmayer: same fix from above
21:50:25 [ifette]
hwest: similar, yes
21:50:30 [ifette]
fielding: opposite of what i just said
21:50:40 [aleecia]
21:50:41 [ifette]
… reason to say OOB overrides DNT is so that a user who has set DNT:1 globally
21:50:55 [ifette]
… has a means of still consenting to the one website they have an interest in having tracking enabled
21:51:00 [ifette]
… if you make taht optional, user can't use OOB to do thayt
21:51:08 [ifette]
jmayer: consent is not "and you must track me down"
21:51:13 [rigo]
21:51:20 [ifette]
tlr: guess wondering where we are
21:51:31 [ifette]
… editors may be in a position to rpoduce a strawman
21:51:34 [ifette]
aleecia: trying to do that
21:51:42 [ifette]
tlr: at a point where discussion is editorial
21:51:55 [ifette]
tlr: let editors do another pass for later review
21:52:07 [ifette]
21:52:09 [schunter]
21:52:24 [ifette]
ack ifette
21:52:32 [schunter]
21:52:36 [ifette]
aleecia: basically happy with this, modulo roy's point
21:52:43 [ifette]
… if we move forward, hwest in queue for next section
21:52:56 [ifette]
hwest: generally when we talk about policy, we dont talk about an ordinary user, we talk about a reasonable user
21:52:59 [ifette]
… is that change OK?
21:53:04 [ifette]
aleecia: fine
21:53:09 [ifette]
hwest: anything else on OOB?
21:53:22 [ifette]
aleecia: great, reasonable user must understand
21:53:28 [ifette]
aleecia: skipping next non-normative section
21:53:30 [ifette]
… moving on
21:53:46 [ifette]
q+ hwest
21:53:51 [hwest]
I do not believe that we had consensus on 2.3 Unidentifiable Data
21:54:08 [ifette]
aleecia: skipped over unidentifiable as we haven't yet gotten consensus here
21:54:11 [ifette]
… will talk about later
21:54:24 [ifette]
… moving to additional requirements based on party status
21:54:34 [ifette]
… pulled out to have informatin practices for first party
21:54:39 [ifette]
… at bottom
21:54:53 [ifette]
… think we can agree on "1st party must not share with 3rd party that 3rd party is prohibited from collecting itself"
21:55:00 [ifette]
… reads
21:55:32 [ifette]
ChrisPedigoOPA: can also cover offline data
21:55:32 [aleecia]
21:55:36 [hwest]
21:55:37 [rigo]
21:55:40 [jmayer]
While I would prefer some bright-line rules around out-of-band consent, like the EFF/Mozilla/Stanford proposal, I'm willing to compromise on the "reasonable user" approach.
21:55:42 [ifette]
tl: disagree with "if it covers offline that's a problem"
21:55:44 [robsherman]
21:55:46 [schunter]
21:55:50 [ifette]
ChrisPedigoOPA: host of case law about offline data
21:56:05 [amyc]
21:56:05 [dwainberg]
21:56:30 [ifette]
ChrisPedigoOPA: going back 200 years, publishers have collected information off line about their customers, much case law here, this is out of scope
21:56:33 [ifette]
aleecia: great, next?
21:56:37 [jchester2]
21:56:46 [james]
out of scope
21:56:48 [schunter]
21:56:54 [schunter]
ack rigo
21:56:59 [ifette]
rigo: have trouble with "receive"
21:57:13 [ifette]
… creates a lot of issues we shouldnt have, what we mean here is collect not receive
21:57:21 [ifette]
aleecia: receive -> collect
21:57:26 [jmayer]
21:57:30 [schunter]
ack robshermann
21:57:36 [schunter]
ack robsherman
21:57:51 [ifette]
robsherman: may be overreading, in which case need clarity, but DNT signal is supposed to be scoped to an interaction, here 1st party must not receive/collect data about a user
21:58:01 [ifette]
… broader than "an http request"
21:58:07 [schunter]
21:58:08 [ifette]
… other users e.g. can post info about you on facebook
21:58:14 [ifette]
… "I'm with Aleecia at MSFT"
21:58:23 [ifette]
… that's not intended to be in scope of this document, e.g. "Nick can't post about her"
21:58:30 [ifette]
… this sentence might imply that
21:58:54 [ifette]
… in my example npdoty is another party. FB cannot receive info from npdoty if aleecia has dnt on
21:59:03 [ifette]
WileyS: our definition of third party excludes users
21:59:23 [ifette]
robsherman: don't think this is intended company is never intended to receive info, e.g. billing relationship
21:59:27 [ifette]
aleecia: billing is outsourcing
21:59:29 [Brooks]
21:59:33 [ifette]
… if you can give me problematic example please do
21:59:37 [adrianba]
21:59:49 [ifette]
amyc: general observation, don't think we've defined "share" etc
22:00:01 [robsherman]
Can someone point me to the definition of "outsource relationship"?
22:00:05 [ifette]
… if we haven't defined key words, we may place obligations on publishers to montior all third parties
22:00:06 [susanisrael]
+1 to need to clarify definitions
22:00:11 [ifette]
… look at each verb we use
22:00:15 [tl]
22:00:16 [schunter]
ack amyc
22:00:20 [schunter]
ack dwainberg
22:00:31 [ifette]
dwainberg: how do first parties know what third parties are prohibited from receiving
22:00:35 [ifette]
aleecia: from the spec
22:00:40 [ifette]
dwainberg: any third party may have consent
22:00:41 [susanisrael]
22:00:42 [ifette]
… api or OOB
22:00:46 [ifette]
… first party needs to know
22:00:49 [ifette]
tl: ask third party
22:00:50 [npdoty]
A <a>party</a> <dfn title="share">shares</dfn> data if the party enables another party to collect the data.
22:00:55 [ifette]
dwainberg: shouldkn't it be up to third party
22:01:05 [ifette]
… if third party gets info they dont have consent to receive, their job to comply witht he spec
22:01:08 [ifette]
aleecia: coming up on 15h
22:01:10 [ifette]
… 30m break
22:01:23 [ifette]
… piece that came out that we have not taken on as a group is, so far we've been saying "no sharing in and out"
22:01:25 [schunter]
22:01:28 [ifette]
… hearing from chris that's problematic
22:01:30 [schunter]
22:01:34 [ifette]
… barely skimmed the surface
22:01:37 [schunter]
22:01:37 [ifette]
… should capture as a new issue
22:01:40 [ifette]
… more time on this
22:01:44 [schunter]
22:01:48 [schunter]
22:02:30 [jmayer]
I thought we had agreement on this principle a long time ago.
22:02:42 [ifette]
ChrisPedigoOPA: have agreed first parties won't share data with third parties
22:02:47 [jmayer]
We're technology agnostic—first parties can't give third parties data they can't collect themselves.
22:02:47 [schunter]
22:02:51 [ifette]
… question about bringing in other data to a first party still up for debate
22:02:58 [ifette]
… problem with offline data being covered under this standard
22:03:07 [ifette]
… requiring that a first party can't get data from a third party isn't an issue here
22:03:18 [ifette]
… third parties can't collect the data anyways except for specific conditions
22:03:22 [ifette]
aleecia: not sure if that is the case
22:04:08 [aleecia]
22:04:10 [tl]
22:04:13 [jmayer]
22:04:19 [ifette]
ISSUE: Are First parties allowed to use data (either offline or online) from third parties
22:04:19 [trackbot]
Created ISSUE-154 - Are First parties allowed to use data (either offline or online) from third parties ; please complete additional details at .
22:04:21 [rigo]
ack jchester2
22:04:26 [rigo]
ack jchester
22:04:37 [efelten_]
efelten_ has joined #dnt
22:04:53 [ifette]
22:04:59 [ifette]
Brooks: to go back to definition of issue
22:05:06 [schunter]
22:05:06 [ifette]
… sharing is a defined term and we're almost contradicting it here
22:05:09 [ifette]
… "cause to receive"
22:05:11 [ifette]
… that is the problem
22:05:17 [ifette]
… if i'm cnn and i put a mazda ad on my site
22:05:36 [ifette]
… brooks drives a mazda, has a mazda cookie, have caused mazda to receive info it shouldnt have
22:05:44 [ifette]
… i dont know what the third party has/knows/doesn't have/know
22:05:45 [aleecia]
22:05:50 [rigo]
ack Brooks
22:06:04 [rigo]
ack susanisrael
22:06:29 [ifette]
susanisrael: want to understand the purpose, stepping back from language, to say "we dont want to create a loophole where someone turns on DNT to prevent third parties from collecting data and first parties facilitiate this by overriding DNT and using their privilege to feed that data to third parties"
22:06:50 [ifette]
… if i understand that, then whenever we return, that's the core purpose of this? may help us get to the righ tlanguage
22:07:05 [ifette]
aleecia: may not have agreement on even what that core purpose is
22:07:11 [ifette]
… break, 3:30 return
22:07:21 [susanisrael]
by "this" i meant this sentence not the whole spec
22:08:42 [susanisrael]
was seeking clarification as a basis for addressing the language
22:18:42 [johnsimpson]
johnsimpson has joined #dnt
22:31:37 [vinay]
vinay has joined #dnt
22:34:42 [Joanne]
Joanne has joined #DNT
22:35:15 [KevinT]
KevinT has joined #dnt
22:35:27 [dwainberg]
dwainberg has joined #dnt
22:35:32 [hwest]
hwest has joined #dnt
22:35:38 [fwagner]
fwagner has joined #dnt
22:38:54 [randomwalker]
randomwalker has joined #dnt
22:39:23 [justin]
justin has joined #dnt
22:39:32 [vincent]
vincent has joined #dnt
22:40:50 [alex]
alex has joined #dnt
22:41:00 [amyc]
amyc has joined #dnt
22:41:21 [amyc]
Aleecia: starting session on proposal
22:41:37 [amyc]
... asking for scribe for final session, will be Nick
22:41:42 [npdoty]
(npdoty to scribe final session)
22:41:45 [amyc]
... Shane will present his proposal
22:42:01 [amyc]
Shane: not just my proposal, cosigned by multiple parties
22:42:12 [npdoty]
Topic: Presentation of industry proposal
22:42:16 [susanisrael]
susanisrael has joined #dnt
22:42:29 [efelten]
efelten has joined #dnt
22:42:42 [npdoty]
npdoty has left #dnt
22:42:48 [amyc]
... objective in intro, goal is DNT that will advance user choice beyond existing options and be implemented by significant portion of ecosystem
22:42:50 [npdoty]
npdoty has joined #dnt
22:42:55 [amyc]
... part 1 is parties
22:43:11 [amyc]
... similar to advocate proposal, affiliates with easy discoverability
22:43:26 [amyc]
... commonly owned and controlled, similar to DAA
22:43:42 [amyc]
... affiliate list link to be provided within one click
22:43:52 [amyc]
... of page
22:44:00 [schunter]
22:44:11 [rigo]
q+ to say that we should have the list in a machine readable format as defined by TPE
22:44:15 [amyc]
... meaningful interaction, common ground here too
22:44:32 [npdoty]
rigo, how about machine readable as one option? or a SHOULD?
22:44:34 [amyc]
... owner or operator of site, or widget interaction
22:44:58 [amyc]
... service providers is new text, although discussed before
22:45:24 [amyc]
... also considered first party if performing services on behalf of first party
22:45:26 [npdoty]
what does it mean to include permitted uses if you're a first party, which has all uses?
22:45:33 [samsilberman]
samsilberman has joined #dnt
22:45:45 [amyc]
... third party is everyone other than first, service provider or user
22:46:03 [amyc]
... cobranding may make 2 or more first parties
22:46:33 [amyc]
... Rules that first party can go about business as normal, can't pass data to 3rd parties
22:47:09 [amyc]
... data must be segregated, third party must not aggregate together data from first party sites
22:47:26 [amyc]
... no profiling, open to defining profile definition to be proposed
22:47:46 [amyc]
... third party cannot leverage profile to change user experience, when DNT is on
22:48:13 [amyc]
... party (first or third) cannot share data with another party when DNT:1, unless service provider
22:48:34 [npdoty]
does that get us in to the same question about combining offline data?
22:48:51 [amyc]
... outside DNT context, but wanted to note that data collected or received may be combined with first party data, DNT does not cover offline data
22:49:25 [amyc]
TL: if I am a first party, I can look at generally available data to combine with my own data?
22:49:50 [amyc]
Shane: Yes, because public info or gathered with prior consent so OK to combine
22:50:03 [npdoty]
but 3rd parties can't combine your data with offline data
22:50:24 [amyc]
... party may choose to purge, but not required to do so, just can't use
22:50:44 [Chapell]
Chapell has joined #DNT
22:50:44 [justin]
22:50:53 [amyc]
... permitted uses apply, user granted exceptions override
22:51:09 [amyc]
... Permitted uses more limited, express and detailed
22:51:35 [npdoty]
doesn't freq capping alter the user's online experience?
22:51:40 [amyc]
... For all uses, the following will apply, includes no profiling, no altering of experience
22:51:51 [amyc]
Efelten: what is profiling?
22:52:18 [amyc]
Shane: assembly of data across multiple sites gathered to predict user interest
22:52:22 [npdoty]
wileys: profiling 'assembling data about a user across multiple sites and then using it to alter a user's experience'
22:52:32 [amyc]
efelten: processing or gathering?
22:52:42 [amyc]
Shane: making assessments based on data
22:52:53 [amyc]
... will work on succint definition
22:53:21 [amyc]
... if you do not have collection purpose for specific permitted use, then colleciton is not permitted
22:53:30 [npdoty]
wileys: if you don't have a specific permitted use, then collection is prohibited
22:53:38 [amyc]
jeffchester: is this first party or third party
22:53:49 [amyc]
wileys: this is third party
22:54:06 [rigo]
22:54:06 [amyc]
... rules mostly apply to third parties
22:54:13 [rigo]
ack ri
22:54:13 [Zakim]
rigo, you wanted to say that we should have the list in a machine readable format as defined by TPE
22:54:28 [amyc]
... to claim permitted use, you must provide retention period(s)
22:54:41 [amyc]
... reasonable technical and org safeguards
22:54:52 [amyc]
... can suggest that more is better
22:55:17 [amyc]
... public purpose, such as emergency protection and IP, is covered
22:55:32 [amyc]
sean: wanted to clarify response to Jeff?
22:56:05 [amyc]
wileys: allow first party use within first party context ok, third party use of data outside of first party experience is not OK
22:56:29 [amyc]
... but could use third party data to alter first party experience
22:56:40 [amyc]
jeffchester: concerned about tracking
22:57:08 [amyc]
Rigo: but first party can write this back into third party profile?
22:57:20 [amyc]
JC: asks Rigo to clarify?
22:57:38 [amyc]
wileys: may need visuals
22:57:59 [amyc]
... security permitted use, includes fraud, detection and defense
22:58:31 [amyc]
...don't want to have DNT used for antisecurity purposes
22:59:13 [amyc]
... next area is financial purpose, billing and audit compliance, requires uniqueness for user interactions
22:59:18 [efelten]
"This is necessary for ..." should be non-normative, right?
22:59:30 [amyc]
... need to retain proof or receipt for what was billed for
22:59:51 [amyc]
... list of billing scenarios
23:00:47 [amyc]
jeffchester: what is time limitation? IAB writes standard contracts for timing. what are best practices for timing for billing and frequency caps?
23:00:53 [rigo]
23:01:10 [amyc]
wileys: also have legal obligations for billing, state and securities and contractual
23:01:27 [amyc]
... don't know exact timeframe
23:01:39 [amyc]
jeffchester: what is typical timeframe?
23:01:47 [rvaneijk]
23:01:57 [amyc]
wileys: think three years or more, will check with IAB
23:02:26 [npdoty]
does Financial Purposes include whether a person of a particular historical profile has seen this ad?
23:02:29 [amyc]
... frequency capping, simply a counter, may be used across multiple dimensions of ad experience
23:02:47 [amyc]
ifette: can frequency cap be shared with other third parties?
23:03:01 [amyc]
wileys: uncontemplated in this proposal
23:03:29 [amyc]
Rigo: how identifiable?
23:03:36 [johnsimpson]
johnsimpson has left #dnt
23:03:41 [amyc]
wileys: unique cookie, anonymous
23:03:48 [npdoty]
23:03:50 [johnsimpson]
johnsimpson has joined #dnt
23:04:07 [amyc]
Rigo: pseudonymous, and attached to page on which ad was seen, isn't this profile?
23:04:19 [npdoty]
frequency capping does alter the user's experience based on their browsing history?
23:04:32 [amyc]
wileys: expressly call this out as permitted use, wanted to be clear
23:04:50 [amyc]
jeffchester: how does creative versioning or sequencing affect?
23:05:08 [amyc]
wileys: this is form of OBA, would cease based on DNT
23:05:08 [aleecia]
of note: frequency capping data can be used to uniquely identify users, as per recent research
23:05:10 [npdoty]
wileys: "creative versioning" and "sequencing" isn't part of this permitted use
23:05:17 [justin]
I thought we had reached agreement in Brussels that sequencing was going to be considered tracking.
23:05:27 [justin]
And it sounds like we're still in agreement.
23:05:32 [fwagner]
23:05:56 [amyc]
wileys: debugging, scoped for repairing site errors
23:06:13 [amyc]
... replicate user experience to fix site
23:06:34 [amyc]
Roy: with user consent?
23:06:51 [amyc]
wileys: not intended to require user consent
23:07:20 [amyc]
... but in 1 to 1 interaction, may be consent based on user complaint
23:07:41 [amyc]
... last is aggregate reporting using unlinkable data
23:07:54 [amyc]
... outside scope of DNT
23:08:09 [amyc]
... is a time period to collect data before aggregating
23:08:12 [fielding]
fielding has joined #dnt
23:08:18 [amyc]
... related to grace period discussion
23:08:39 [amyc]
... some examples of aggregate reporting
23:08:51 [amyc]
... went from 8 to 5, and 5th is out of scope
23:09:01 [amyc]
TL: any prohibited collection?
23:09:06 [npdoty]
does someone have a diff on the 8 vs. the 5? would that help anyone?
23:09:13 [amyc]
wileys: if no permitted use, then collection prohibited
23:09:13 [justin]
Combining multiple permitted uses into a newly named permitted use is not a reduction in permitted uses.
23:09:41 [amyc]
TL: wants to see differential between currently collected data and what would be permitted here
23:10:02 [amyc]
jeffchester: does retargeting or modeling apply to market research?
23:10:16 [jmayer]
23:10:21 [amyc]
wileys: not profiling or targeting to individual
23:10:40 [amyc]
... can explain more offline, modeling is different than market research
23:11:06 [amyc]
JohnSimpson: third party could track on one first party site, as long as segregated
23:11:18 [tl]
WileyS: [responding to tl] This is mostly about use, not collection.
23:11:22 [amyc]
... but if site has 60 affiliates, a third party could track across all of that
23:11:41 [amyc]
wileys: a service provider, because the 3rd party could only provide back to first party
23:12:14 [npdoty]
to follow up on that, users will continue to see behaviorally targeted ads, provided by a 3rd party, just based on your history on that site and affiliate site?
23:12:17 [amyc]
brooks: question about fraud
23:12:19 [vincent]
q+ to say that frequency capping does alter online experiences derived from multi-site activity
23:12:42 [amyc]
efelten: limits on retention?
23:12:53 [amyc]
wileys: must disclose
23:13:02 [amyc]
efelten: could keep for 100 years?
23:13:23 [amyc]
wileys: yes, but will face scrutiny of regulators
23:13:40 [amyc]
johnsimpson: could an ad network be a service provider?
23:14:09 [amyc]
wileys: depends on business model, could provide this service as service provider if segregate data, limit view only to that first party
23:14:21 [amyc]
Rigo: do you have independent rights?
23:14:30 [amyc]
wileys: not as service provider
23:14:42 [amyc]
... new area of explicit user choice
23:14:51 [amyc]
... will skip non normative text
23:15:07 [amyc]
... heard input from industry and browser vendors
23:15:25 [amyc]
.. reading nonnormative text
23:16:01 [amyc]
TL: when a party does not comply with DNT signal from uA because they think not compliant, are they complying with DNT signal?
23:16:11 [amyc]
wileys: lets go through rule set
23:16:17 [schunter]
23:16:22 [amyc]
... explicit and informed consent
23:16:31 [amyc]
.. must also have link and explanatory text
23:16:44 [amyc]
... any UA claiming compliance must have exceptions
23:17:01 [amyc]
... server may respond that UA is noncompliant if they believe noncompliant
23:17:18 [amyc]
... server must relay this info to user
23:17:27 [rigo]
23:17:35 [amyc]
... servers must defend why they reach decision
23:17:58 [tl]
23:18:03 [amyc]
... but can't reject all DNT signals as noncompliant and still claim compliant as a server
23:18:13 [schunter]
23:18:15 [schunter]
23:18:18 [rigo]
ack rvaneijk
23:18:37 [rigo]
q+ rvanijk
23:18:41 [rvaneijk]
23:18:44 [aleecia]
ack jmayer
23:18:45 [rigo]
ack jmayer
23:18:53 [schunter]
23:18:54 [amyc]
jmayer: want to understand scope of product improvement permitted uses
23:19:04 [amyc]
... and market research
23:19:16 [npdoty]
q- rvanijk
23:19:18 [rigo]
ack rvanijk
23:19:19 [Marc]
Marc has joined #dnt
23:19:22 [vincent]
q- later
23:19:26 [amyc]
wileys: now saying that can use aggregate data, not individual data
23:19:41 [amyc]
jmayer: goal is what?
23:19:45 [fwagner]
23:19:56 [amyc]
wileys: you can use aggregate data for multiple uses
23:20:14 [amyc]
jmayer: can collect individual data to aggregate data
23:20:39 [amyc]
... is there a time limit as to when aggregation must occur?
23:20:43 [aleecia]
23:20:50 [rigo]
ack tl
23:21:21 [amyc]
tl: in 4(c), if I only get requests from IE, but no other browser, am I compliant?
23:21:33 [amyc]
wileys: not realistic question
23:21:58 [amyc]
tl: what if you only think one obscure browser is compliant, and everyone else is not, what happens?
23:22:05 [vincent]
23:22:20 [amyc]
wileys: if server expresses what they are doing, OK
23:22:51 [rigo]
23:22:57 [amyc]
... appropriately responding to what you believe to be invalid UA
23:23:23 [amyc]
Thomas: for error response, have you considered granularity request
23:23:35 [amyc]
... per request, rather than per software
23:24:22 [amyc]
wileys: think you are making distinction between protocol discussion and compliance discussion [not sure I got this]
23:24:46 [aleecia]
23:24:52 [amyc]
npdoty: does choice have to be separate as well as explicit and informed?
23:25:01 [amyc]
wileys: open on this point personally
23:25:15 [amyc]
aleecia: let's go quickly through rest of section
23:25:19 [justin]
"Separate" for UGEs was rejected in DC, FWIW.
23:25:41 [amyc]
wileys: unlinkable outside of scope, included definition
23:25:45 [npdoty]
this sounds like the FTC report suggestion on unlinkability (in terms of downstream contracts)
23:26:26 [amyc]
Roy: many data sets are unlinkable by nature and do not need to be de identified; add "or"
23:26:44 [amyc]
aleecia: what suggestions do you have for Shane?
23:26:44 [rigo]
q+ to talk about list of affiliates
23:27:05 [johnsimpson]
23:27:11 [aleecia]
ack schunter
23:27:51 [amyc]
schunter: what is purpose of UA section? site can decide how to service user
23:28:51 [amyc]
wileys: this would be the same as interpreting as DNT1, and I disagree with that. User should be offered opportunity to have another browser
23:28:58 [aleecia]
ack rvaneijk
23:29:16 [schunter]
23:29:19 [schunter]
23:29:46 [amyc]
rvaneijk: AdChoices has more transparency, added value in closing section
23:30:01 [schunter]
23:30:11 [amyc]
... did you think about road to compliance? this is DAA plus proposal.
23:30:29 [amyc]
... EU legal compliance
23:30:54 [justin]
23:30:54 [amyc]
wileys: don't want to have eprivacy debate here. will be adding proportionality text
23:31:24 [amyc]
... notes that implementing regs and interpretation still developing. Could use technical infrastructure.
23:31:47 [aleecia]
ack rigo
23:31:47 [Zakim]
rigo, you wanted to talk about list of affiliates
23:31:49 [amyc]
rvaneijk: extra homework very important
23:32:03 [jchester2]
23:32:12 [amyc]
rigo: on affiliates, must be one click away on each page to affiliate page
23:32:27 [aleecia]
we can do one more question after Jeff
23:32:32 [aleecia]
Then close the queue
23:32:32 [amyc]
... can't this be machine readable?
23:32:36 [adrianba]
23:32:51 [aleecia]
Last question to Adrian, then
23:33:10 [amyc]
wileys: already in TPE spec, has optional location for domain list, now this is human readable approach
23:33:10 [meme]
23:33:29 [amyc]
... must have human readable, machine readable is optional
23:33:41 [aleecia]
MeMe, I'll ask you to take your question to Shane on break
23:33:49 [amyc]
Rigo: hard retention periods necessary, especially if number of years
23:33:50 [npdoty]
+1 on must have human readable discoverability on affiliates, may have machine readable option
23:33:53 [aleecia]
(sending results to IRC would be great)
23:34:10 [aleecia]
ack meme
23:34:13 [meme]
23:34:19 [aleecia]
23:34:29 [amyc]
... bargaining position different
23:34:40 [schunter]
23:34:41 [aleecia]
ack justin
23:34:52 [meme]
no worries aleecia
23:35:04 [amyc]
justin: if browser puts link and prechecked link on first page, is that express informed consent and who decides?
23:35:09 [aleecia]
queue is closed; Jonathan please be ready to walk through your proposal at the end
23:35:13 [schunter]
23:35:18 [amyc]
wileys: each server must decide, and defend that decision
23:35:21 [rigo]
23:35:35 [amyc]
justin: should have a site that lists of software they don't like?
23:35:37 [rigo]
q+ fielding
23:35:50 [amyc]
... fractures DNT experience
23:36:21 [amyc]
... if someone sending fraudulent signal, then legal action appropriate, not fracturing DNT
23:36:39 [npdoty]
justin: why not go after, take a cause of action, against a vendor who turns on DNT:1 without the user's permission
23:36:49 [rvaneijk]
For the minutes: Shane stated that the current proposal will be updated on proportionality/subsidiarity for the operational uses:
23:36:52 [aleecia]
MeMe, perhaps add your question on IRC now if you'd like?
23:37:03 [aleecia]
23:37:09 [amyc]
wileys: want mass implementation of standard, need balance, already have large number of third partis that they would not implement DNT with that standard
23:37:24 [amyc]
justin: why not sue Microsoft
23:37:35 [npdoty]
ack jchester
23:37:40 [tlr]
aleecia: stop it, both!
23:37:49 [aleecia]
Roy, we've closed the queue after Adrian
23:38:10 [aleecia]
We have much more to discuss, I know, but need to move to the final session of the day.
23:38:10 [amyc]
jeffchester: interested in following up, rob has identified critical question about structuring permitted uses
23:38:10 [rvaneijk]
... without the reservation 'where appropriate'.
23:38:11 [schunter]
23:38:24 [aleecia]
You might put your question in IRC, and please find Shane on break
23:38:27 [randomwalker]
randomwalker has joined #dnt
23:38:27 [fielding]
23:38:28 [aleecia]
ack fielding
23:38:32 [aleecia]
thanks / sorry
23:38:43 [aleecia]
23:38:52 [amyc]
rvaneijk: put up link in IRC
23:39:18 [amyc]
... how to accomplish goal in different ways that could be less intrusive, balance against user privacy
23:39:25 [WileyS]
WileyS has joined #DNT
23:39:37 [npdoty]
ack adrianba
23:39:48 [meme]
Section F in definitions should except out Service Providers I believe
23:40:09 [amyc]
adrianba: proposal says that UA must relay server responses to users to ensure transparency, what if there are dozen 3rd parties on single page
23:40:10 [dwainberg]
I can't wait to see a bunch of long tail bloggers sue MS.
23:40:15 [dwainberg]
It will make a great movie.
23:40:27 [amyc]
... understand that UI out of scope, how would that work?
23:40:28 [tlr]
can we please stop discussion about who might sue whom?
23:40:44 [tlr]
that's not a useful way to get this discussion to *any* reasonable place.
23:40:45 [rvaneijk]
For the minutes: Shane stated that the current proposal will be updated on proportionality/subsidiarity for the operational uses without the reservation 'where appropriate'.:
23:40:45 [tlr]
23:40:57 [amyc]
wileys: so many innovative user interfaces, perhaps iconic representation of DNT compliance
23:41:22 [justin]
tlr, I am looking for an alternative to every single third party making unilateral determinations of what is compliant.
23:41:53 [amyc]
aleecia: thanks, we will spend more time reviewing
23:41:55 [npdoty]
adrianba, is your suggestion that the user agent MAY relay the server's response, not MUST ?
23:42:01 [justin]
tlr, I don't see why liability risk doesn't solve the problem.
23:42:06 [tlr]
justin, that's fine. Say "there's a legal environment for that". Don't say "you could sue $COMPANY" while filling in a real name.
23:42:58 [justin]
tlr, My apologies.
23:42:59 [adrianba]
npdoty, I'm okay if a UA wants to display something - I don't think the spec needs to say that - I disagree with a MUST
23:43:09 [npdoty]
scribenick: npdoty
23:43:36 [npdoty]
Topic: Proposal from Jonathan and advocates
23:43:45 [npdoty]
jmayer: with pde at EFF and tl at Mozilla
23:43:59 [npdoty]
... huge thank you to everyone who talked to us, reflects loads of conversations with anyone we could get our hands on
23:44:00 [Chapell]
Justin - any suit of the magnitude you are suggesting would (among other things) stall the implementation of DNT for years
23:44:07 [npdoty]
... including people who really didn't agree
23:44:30 [npdoty]
... on github under my account, if you want to look at details
23:44:34 [Chapell]
my apologies for making that point more emotionally than I'd like - as its not productive
23:44:44 [npdoty]
... but for now want to look at high level direction
23:45:02 [npdoty]
... motivate, what we tried to: what seemed to us like a really fair compromise
23:45:08 [tl]
Proposal Github:
23:45:24 [npdoty]
... looked at advocates, publishers, advertisers, social networks, adequately balanced all interests
23:45:38 [rvaneijk]
23:45:39 [justin]
Chapell, I am not recommending such a suit. I had just posited several times in the mailing list whether making the standard more clear on requiring consent would discourage browsers from sending without consent.
23:45:49 [npdoty]
... so no one will say this is what I wanted, but hoping that it might be in the direction of what we might live with
23:45:57 [efelten]
efelten has joined #dnt
23:46:20 [npdoty]
... 1) parties
23:46:27 [npdoty]
23:47:10 [npdoty]
jmayer: in DC we proposed a definition based on user expectations, here's an example based on Microsoft web sites
23:47:31 [fielding]
My comments are at
23:47:54 [npdoty]
... for user expectations you'd have to look at a number of factors including domain names, branding, consumer awareness
23:48:08 [npdoty]
JC: does the word "Microsoft" appear in the footer of every one of those pages?
23:48:51 [npdoty]
jmayer: there may be, and I think given the logos and user understanding, these would all be the same party
23:49:01 [npdoty]
... now the test is corporate affiliation
23:49:29 [npdoty]
... if they're all under a single corporate umbrella, then you're done
23:49:54 [npdoty]
... although we don't prefer this outcome as individuals, we think as a compromise it's a good direction given a lot of pushback in this direction
23:50:25 [npdoty]
... distinction between Passive and Active
23:51:01 [npdoty]
... Passive is the stuff that is sent just by virtue of having a communication (ip address, user agent, referer, etc.)
23:51:20 [npdoty]
seanharvey: what do you mean by "supercookie"?
23:51:29 [npdoty]
jmayer: any stateful technology in a browser
23:51:36 [dwainberg]
23:52:11 [npdoty]
seanharvey: some alternate local storage mechanism (html5 localStorage, LSOs)
23:52:14 [rigo]
23:52:27 [fielding]
23:52:44 [npdoty]
WileyS: what do you mean by "fingerprinting"? it seems like the Passive elements on your list accumulated over time would be fingerprinting
23:53:28 [npdoty]
tl: active fingerprinting would be querying lists, an active step (like fonts installed available to Flash)... the best fingerprints (without sticking an identifier on the user) include active steps
23:54:08 [npdoty]
WileyS: maybe you should define or make a distinction between different types of fingerprinting
23:54:51 [npdoty]
jmayer: happy to have that discussion, but think there are certainly some bright lines for what is "Active"
23:54:59 [WileyS]
Note to AdTruth - you've now been but in the same bucket as anyone who uses cookies. :-)
23:55:31 [npdoty]
... passive information can be collected without any limit, kept in the near term with no limit but must be unlinkable in the long term
23:55:55 [npdoty]
... but for active collection, you must use something unlinkable, something low-entropy
23:55:59 [amyc]
long term is 2 weeks+?
23:56:27 [johnsimpson]
23:56:33 [npdoty]
ifette: does this apply both to 1st and 3rd?
23:56:37 [npdoty]
jmayer: just 3rd parties.
23:57:11 [npdoty]
sharvey: can you quickly define "near-term" and "long-term"? and how firm are those timelines?
23:57:42 [npdoty]
jmayer: beyond "near-term" for us is 14 days
23:57:56 [npdoty]
... not something like months
23:58:08 [npdoty]
<chuckling and/or chortling from certain members of the audience>
23:58:18 [npdoty]
jmayer: there are some exceptions
23:58:32 [npdoty]
... particularly security/fraud -- all bets are off and we won't second guess
23:59:26 [npdoty]
... what if personal information is embedded without your knowledge, etc., but if you actually know about a certain data, they should remove it for DNT users
23:59:37 [robsherman]
23:59:49 [npdoty]
dwainberg: I thought there were some limitations on security/fraud prevention