IRC log of dnt on 2012-07-25

Timestamps are in UTC.

15:23:08 [RRSAgent]
RRSAgent has joined #dnt
15:23:08 [RRSAgent]
logging to
15:23:35 [aleecia]
Zakim, this will be dnt
15:23:35 [Zakim]
ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 37 minutes
15:23:46 [aleecia]
chair: aleecia
15:23:59 [aleecia]
regrets+ EdFelten
15:24:13 [aleecia]
rrsagent, make logs public
15:24:17 [npdoty]
npdoty has joined #dnt
15:24:21 [aleecia]
15:24:29 [aleecia]
zakim, clear agenda
15:24:29 [Zakim]
agenda cleared
15:25:21 [aleecia]
agenda+ Selection of scribe
15:25:35 [aleecia]
agenda+ Quick check that callers are identified
15:25:47 [aleecia]
agenda+ Review of overdue action items:
15:26:04 [aleecia]
agenda+ Reminder: express your preferences for f2f timing:
15:26:17 [aleecia]
agenda+ Foreshadowing: Coming this week, call for objections on symmetry / minimum number of choices proposals.
15:26:28 [aleecia]
agenda+ Discussion of Tracking Selection List document
15:26:45 [aleecia]
agenda+ Discussion of whether we should take up issue-154
15:26:58 [aleecia]
agenda+ Issue-150 (DNT conflicts from multiple user agents)
15:27:15 [aleecia]
agenda+ Issue-151 (User Agent Requirement: Be able to handle an exception request)
15:27:32 [aleecia]
agenda+ Issue-153 (What are the implications on software that changes requests but does not necessarily initiate them?)
15:27:43 [aleecia]
agenda+ Announce next meeting & adjourn
15:46:47 [npdoty]
Zakim, code?
15:46:47 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200, npdoty
15:48:49 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:48:55 [Zakim]
15:50:47 [rvaneijk]
rvaneijk has joined #dnt
15:51:57 [Zakim]
15:52:11 [aleecia]
15:52:29 [Zakim]
+ +1.646.654.aaaa
15:52:40 [aleecia]
Thank you for muting.
15:52:41 [eberkower]
eberkower has joined #dnt
15:52:50 [Zakim]
- +1.646.654.aaaa
15:53:21 [Zakim]
+ +1.646.654.aabb
15:53:41 [eberkower]
646 654 aaaa = eberkower
15:53:48 [npdoty]
Zakim, aabb is eberkower
15:53:49 [Zakim]
+eberkower; got it
15:53:55 [eberkower]
ok great
15:53:56 [eberkower]
15:55:20 [James]
James has joined #dnt
15:58:19 [Joanne]
Joanne has joined #DNT
15:58:31 [jeffwilson]
jeffwilson has joined #dnt
15:58:43 [ifette]
ifette has joined #dnt
15:58:44 [robsherman]
robsherman has joined #dnt
15:58:53 [Zakim]
+ +1.202.370.aacc
15:58:54 [sidstamm]
sidstamm has joined #dnt
15:58:58 [robsherman]
zakim, aacc is robsherman
15:58:59 [Zakim]
+robsherman; got it
15:59:22 [jchester2]
jchester2 has joined #dnt
15:59:34 [AnnaLong]
AnnaLong has joined #dnt
15:59:36 [Lia]
Lia has joined #dnt
15:59:40 [Zakim]
15:59:45 [npdoty]
regrets+ susanisrael
15:59:47 [ifette]
Zakim, google has ifette
15:59:47 [Zakim]
+ifette; got it
15:59:49 [Zakim]
15:59:54 [Zakim]
15:59:55 [Zakim]
16:00:00 [sidstamm]
Zakim, Mozilla has sidstamm
16:00:01 [Zakim]
+sidstamm; got it
16:00:04 [ifette]
tlr, is it bad that I instinctively typed 97294 as the conference code?
16:00:06 [Zakim]
16:00:12 [Zakim]
16:00:13 [vinay]
vinay has joined #dnt
16:00:19 [aleecia]
I doubt he's reading :-)
16:00:19 [Zakim]
+ +1.678.580.aadd
16:00:21 [Zakim]
+ +1.202.695.aaee
16:00:22 [Zakim]
16:00:28 [ifette]
aleecia, you should remember that one though :)
16:00:30 [tlr]
ifette, arrrrrrrrrrrrrrrrgh
16:00:35 [jmayer]
jmayer has joined #dnt
16:00:41 [dwainberg]
dwainberg has joined #dnt
16:00:48 [adrianba]
adrianba has joined #dnt
16:00:59 [Zakim]
16:01:05 [alex]
alex has joined #dnt
16:01:13 [Zakim]
16:01:18 [justin]
justin has joined #dnt
16:01:37 [ifette]
or did you escape WSC?
16:01:41 [Zakim]
16:01:41 [aleecia]
I did
16:01:44 [WileyS]
WileyS has joined #dnt
16:01:45 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
16:01:47 [dsinger]
dsinger has joined #dnt
16:01:49 [ifette]
oh man, missing out :)
16:01:50 [Zakim]
16:02:08 [WileyS]
Regrets - will only be on via IRC today (in a Board meeting and won't be able to join via phone)
16:02:09 [Zakim]
16:02:12 [Zakim]
16:02:18 [aleecia]
Noted, thanks Shane
16:02:20 [dsinger]
zakim, [apple] has dsinger
16:02:20 [Zakim]
+dsinger; got it
16:02:27 [Zakim]
+ +1.202.403.aaff
16:02:30 [ifette]
Regrets, need to leave 1/2hr early
16:02:36 [npdoty]
regrets+ WileyS
16:02:47 [Lia]
Zakim, aaee is me
16:02:47 [Zakim]
+Lia; got it
16:02:48 [ChrisPedigoOPA]
Zakim, aaff is ChrisPedigoOPA
16:02:48 [Zakim]
+ChrisPedigoOPA; got it
16:03:00 [Zakim]
16:03:02 [dsriedel]
dsriedel has joined #dnt
16:03:12 [Zakim]
+ +49.721.91.aagg
16:03:18 [Zakim]
16:03:23 [npdoty]
scribenick: Joanne
16:03:24 [JC]
JC has joined #DNT
16:03:25 [Chris_IAB]
Chris_IAB has joined #dnt
16:03:28 [dsriedel]
zakim, aagg is me
16:03:28 [Zakim]
+dsriedel; got it
16:03:30 [aleecia]
16:03:31 [Chris_IAB]
just joined via Skype
16:03:32 [dsriedel]
zakim, mute me
16:03:41 [npdoty]
Zakim, ??P55 is Chris_IAB
16:03:48 [Zakim]
dsriedel should now be muted
16:03:53 [Zakim]
+Chris_IAB; got it
16:03:53 [aleecia]
16:03:54 [Zakim]
16:03:54 [robsherman1]
robsherman1 has joined #dnt
16:04:02 [Joanne]
Aleecia: looking at overdue action items
16:04:04 [justin]
npdoty, Yes.
16:04:07 [aleecia]
16:04:07 [trackbot]
ACTION-216 -- Brooks Dobbs to draft tentative agreement on financial reporting breakout discussion -- due 2012-06-28 -- OPEN
16:04:07 [trackbot]
16:04:13 [fielding]
fielding has joined #dnt
16:04:13 [npdoty]
Zakim, alissa is actually justin
16:04:13 [Zakim]
I don't understand 'alissa is actually justin', npdoty
16:04:14 [Zakim]
+ +1.813.366.aahh
16:04:18 [BrendanIAB]
BrendanIAB has joined #dnt
16:04:20 [npdoty]
Zakim, alissa is really justin
16:04:20 [Zakim]
+justin; got it
16:04:22 [Joanne]
...Action 216 for Brooks
16:04:35 [hwest]
hwest has joined #dnt
16:04:37 [Joanne]
Brooks: went to mailing list
16:04:39 [Zakim]
16:04:49 [Zakim]
16:04:56 [Joanne]
Aleecia: willl edit action item
16:05:00 [Zakim]
16:05:03 [Joanne]
...edit break session
16:05:11 [Zakim]
+ +1.206.658.aaii
16:05:14 [Zakim]
16:05:21 [Joanne]
Brooks: tainted recap of break session good starting point for discussion
16:05:28 [aleecia]
16:05:28 [trackbot]
ACTION-213 -- Jonathan Mayer to draft text perhaps with roy and ifette around notion of filtering out data that is received in large amounts that should be required to be filtered out -- due 2012-07-15 -- OPEN
16:05:28 [trackbot]
16:05:30 [Zakim]
16:05:34 [BrendanIAB]
Zakim, ??P64 is probably BrendanIAB
16:05:34 [Zakim]
+BrendanIAB?; got it
16:05:36 [Joanne]
Aleccia: jmayer with action 213
16:05:39 [npdoty]
jmayer, are you on the call?
16:05:40 [adrianba]
zakim, [Microsoft.a] is me
16:05:40 [Zakim]
+adrianba; got it
16:05:43 [jmayer]
sent language to the list
16:06:00 [Zakim]
+ +1.508.655.aajj
16:06:01 [Joanne]
....sent langauge to the list. can close that
16:06:36 [Brooks]
Brooks has joined #dnt
16:06:37 [damiano]
damiano has joined #dnt
16:06:42 [henryg]
henryg has joined #dnt
16:06:46 [tedleung]
tedleung has joined #dnt
16:06:57 [Joanne]
action 214 against Aleecia. Nick has done his part. Aleecia to go back to F2F meetings. stays open and completed by enod of week
16:06:57 [trackbot]
Sorry, couldn't find user - 214
16:07:02 [johnsimpson]
johnsimpson has joined #dnt
16:07:10 [Zakim]
+ +1.206.369.aakk
16:07:22 [tedleung]
zakim, aakk is tedleung
16:07:22 [Zakim]
+tedleung; got it
16:07:31 [Joanne]
....Rigo to send photos. Leave action 215(?) open
16:07:40 [npdoty]
jmayer's language for 213 is here:
16:07:40 [Zakim]
16:07:50 [Joanne] one Heather
16:07:53 [Zakim]
16:07:54 [npdoty]
(we had a small confusion over action numbers)
16:07:56 [suegl]
suegl has joined #dnt
16:07:58 [Zakim]
16:08:02 [Joanne]
Hwest: in porgeress request another week
16:08:13 [Joanne]
Aleecia: remind me what that is
16:08:17 [npdoty]
16:08:20 [npdoty]
Zakim, who is on the phone?
16:08:20 [Zakim]
On the phone I see npdoty, aleecia, eberkower, robsherman, [Google], Joanne, [Mozilla], jeffwilson, jchester2, +1.678.580.aadd, AnnaLong, vinay, jmayer, justin, dwainberg, [Apple],
16:08:21 [aleecia]
zakim, who is on the call?
16:08:21 [ifette]
zakim, who is on the phone?
16:08:23 [Joanne]
...identify callers
16:08:24 [Zakim]
... ChrisPedigoOPA, alex, dsriedel (muted), Chris_IAB, [Microsoft], +1.813.366.aahh, tl, hwest, fielding, +1.206.658.aaii, BrendanIAB?, adrianba, +1.508.655.aajj, tedleung,
16:08:24 [Zakim]
... johnsimpson, rvaneijk
16:08:24 [Zakim]
[Google] has ifette
16:08:24 [Zakim]
[Apple] has dsinger
16:08:24 [Zakim]
[Mozilla] has sidstamm
16:08:25 [Zakim]
On the phone I see npdoty, aleecia, eberkower, robsherman, [Google], Joanne, [Mozilla], jeffwilson, jchester2, +1.678.580.aadd, AnnaLong, vinay, jmayer, justin, dwainberg, [Apple],
16:08:29 [Zakim]
... ChrisPedigoOPA, alex, dsriedel (muted), Chris_IAB, [Microsoft], +1.813.366.aahh, tl, hwest, fielding, +1.206.658.aaii, BrendanIAB?, adrianba, +1.508.655.aajj, tedleung,
16:08:31 [Zakim]
... johnsimpson, rvaneijk
16:08:34 [Zakim]
[Google] has ifette
16:08:35 [Zakim]
[Apple] has dsinger
16:08:38 [Zakim]
[Mozilla] has sidstamm
16:08:40 [Zakim]
On the phone I see npdoty, aleecia, eberkower, robsherman, [Google], Joanne, [Mozilla], jeffwilson, jchester2, +1.678.580.aadd, AnnaLong, vinay, jmayer, justin, dwainberg, [Apple],
16:08:43 [Zakim]
... ChrisPedigoOPA, alex, dsriedel (muted), Chris_IAB, [Microsoft], +1.813.366.aahh, tl, hwest, fielding, +1.206.658.aaii, BrendanIAB?, adrianba, +1.508.655.aajj, tedleung,
16:08:46 [Zakim]
... johnsimpson, rvaneijk
16:08:47 [Zakim]
[Google] has ifette
16:08:49 [Zakim]
[Apple] has dsinger
16:08:53 [Zakim]
[Mozilla] has sidstamm
16:08:53 [Zakim]
16:08:54 [npdoty]
Zakim, aadd is brooks
16:08:55 [Zakim]
+brooks; got it
16:08:59 [Brooks]
Brooks is 678 580 2683
16:09:03 [npdoty]
Zakim, aahh is Nielsen
16:09:03 [Zakim]
+Nielsen; got it
16:09:30 [npdoty]
Zakim, aaii is amyc
16:09:30 [Zakim]
+amyc; got it
16:09:35 [Zakim]
16:09:37 [suegl]
zakim, [Microsoft] has suegl
16:09:37 [Zakim]
+suegl; got it
16:09:41 [Joanne]
Nick - I will need to jump off the call at 10. Can you take over scribing at that time?
16:09:46 [npdoty]
Zakim, aajj is Henry_CBS
16:09:46 [Zakim]
+Henry_CBS; got it
16:10:16 [aleecia]
16:10:40 [Joanne]
Aleecia: reminder to do doodle poll for F2F dates
16:10:45 [npdoty]
f2f timing doodle:
16:10:55 [Joanne]
...there are no good times, looking for least painful choices
16:11:14 [Joanne]
...need to resolve quickly and get decision to group by next week
16:11:35 [npdoty]
Zakim, who is making noise?
16:11:35 [Joanne]
...quick note on call for symetry and choice proposals.
16:11:35 [ifette]
zakim, who is making noise?
16:11:47 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: Nielsen (4%)
16:11:56 [Zakim]
ifette, listening for 10 seconds I heard sound from the following: Nielsen (10%)
16:12:02 [Joanne]
...look for text on text on mailing list by end of this week
16:12:20 [Zakim]
16:12:24 [Zakim]
16:12:27 [Joanne]
...looking for proposal with least amount of strong objections
16:12:31 [cOlsen]
cOlsen has joined #dnt
16:12:32 [pedermagee]
pedermagee has joined #dnt
16:12:40 [Joanne] about state of tracking selection list doc
16:12:53 [damiano]
damiano has joined #dnt
16:12:57 [Zakim]
16:13:06 [Joanne]
...after Belgium small worked on this doc and did some work but has tapered off
16:13:19 [Zakim]
+ +1.202.326.aall
16:13:23 [Joanne]
...there is a little additional work to do and a few remaining issues
16:13:51 [vincent]
vincent has joined #dnt
16:14:19 [Joanne]
...andy one of the ditoprs is willing to continue do work on it. not a lot of interest and will continue for a fgew months. will publish as a note not recommendation in about 2 months
16:14:29 [npdoty]
16:14:35 [Zakim]
16:14:38 [Joanne]
...should look at doc at this time. Objections?
16:14:42 [jmayer]
16:14:46 [Joanne]
...ok, mo
16:14:47 [npdoty]
16:14:49 [aleecia]
ack jmayer
16:15:02 [vincent]
zakim Cyril_Concolato is actually vincent
16:15:13 [Joanne]
jmayer: what are the implications on th recharter process
16:15:15 [Zakim]
16:15:29 [vincent]
zakim, Cyril_Concolato is actually vincent
16:15:29 [Zakim]
I don't understand 'Cyril_Concolato is actually vincent', vincent
16:15:35 [Joanne]
Aleecia: no implications. continue to do work
16:15:41 [Chris_IAB]
out of order from the agenda, but a question for reps from the browser companies that have implemented DNT:1-- do you plan to implement the DNT:0 option, and if so, what is your timeline?
16:15:43 [npdoty]
Zakim, Cyril_Concolato is really vincent
16:15:43 [Zakim]
+vincent; got it
16:15:43 [Joanne]
...any other questions
16:16:03 [vincent]
thx npdoty, I got it wrong
16:16:04 [ifette]
16:16:04 [trackbot]
ISSUE-154 -- Are First parties allowed to use data (either offline or online) from third parties -- raised
16:16:04 [trackbot]
16:16:11 [npdoty]
Topic: Issue 154
16:16:12 [aleecia]
16:16:24 [Joanne] agenda item issue 154 placeholder to continue Belluvue discussion. implications on issue 17 as well
16:17:32 [Joanne]
...1st party had very few restrictions but not combining data from other sources. as a first impression, data append may be an issue. should we allow this for first parties. is there info on data append that warrnats discussion
16:17:35 [jchester2]
16:17:40 [ifette]
16:17:40 [trackbot]
ISSUE-17 -- Data use by 1st Party -- closed
16:17:40 [trackbot]
16:17:53 [ChrisPedigoOPA]
16:17:54 [Joanne]
...very open questions. like to understand what makes append data in that we consider this
16:17:56 [aleecia]
ack jchester2
16:18:01 [ChrisPedigoOPA]
16:18:03 [npdoty]
ack jchester
16:18:09 [aleecia]
ack jchester
16:18:38 [WileyS]
User consent for use of this data (opt-in consent) or its public nature trumps DNT
16:18:48 [fielding]
16:18:53 [Zakim]
16:19:05 [rvaneijk]
data append also privacy increases the risk on re-identification in a data set
16:19:31 [Joanne]
JChester: acquinated growth with data append. yesterday in US Congress the issue around data brokers and changing dymanics around data append. happy to provide material and feels this is something we need to discu
16:19:39 [rvaneijk]
s/increases the risk on re-identification/ privacy increases the risk on re-identification
16:19:41 [Joanne]
...this is more than about sweepstakes
16:19:48 [aleecia]
ack ChrisPedigoOPA
16:19:55 [Joanne]
Aleecia: what I am hearing is we take this up as sep issue
16:19:55 [WileyS]
Rob - depends on the nature of the data appended. If the appended data element is "suburban socialites" I don't believe this increases reverse identification
16:20:06 [tl]
16:20:31 [fielding]
I don't know what "data append" means other than the obvious storage mechanism, so someone will have to define it.
16:20:35 [Zakim]
16:20:49 [Joanne]
Allecia: we should look at all sides of the issue, not just one part. what we have discussed is not written down very well
16:21:12 [Zakim]
16:21:17 [Joanne]
...having data within a first party is fine. data from other sources is not. form this data append is not allowed
16:21:26 [jchester2]
the kind of data append done today is far more than suburan socialites. Happy to provide examples from many of the companies
16:22:09 [ifette]
zakim, who is making noise?
16:22:20 [Zakim]
ifette, listening for 10 seconds I heard sound from the following: ChrisPedigoOPA (72%)
16:22:27 [WileyS]
Jeff - if the data is restricted to 1st party use, can you explain why DNT should be applied to that limited use? I agree on its application to 3rd party reuse, but not 1st party restricted use.
16:22:30 [Joanne]
ChrisP: the coming in part is the problem and from the pubs POV we append data all the time so we can market to consumers. Offline dbs and other dbs that may be acquired. its is above board
16:22:56 [jmayer]
I would completely disagree with ChrisPedigoOPA's claim that users know about and expect offline data appending.
16:22:58 [Joanne] most cases 1st party marking is expected and does not require consent. offline data is out of scope
16:23:05 [rvaneijk]
I do not agree with the argument that because people know about appending practices it is ok to do it.
16:23:23 [Zakim]
16:23:27 [jmayer]
16:23:28 [Joanne]
Aleecia: offline data not being combined with online data has not been consdered
16:23:36 [justin]
We haven't agreed on language on first party responsibilites.
16:23:39 [justin]
At all.
16:24:00 [Joanne] and why append is somehing differnet
16:24:02 [jchester2]
append is both online and offline data
16:24:04 [Brooks]
16:24:09 [WileyS]
Justin - disagree - thought we had strong consensus on 1st party responsibilities
16:24:39 [rvaneijk]
DNT should be about sharing data as well. So sharing between 3rd party to 1st party is part of the scope
16:24:39 [Joanne]
ChrisP: offline data is different. its been used in a first party context since we saied 1st party use is fine
16:24:39 [johnsimpson]
16:24:43 [ifette]
16:24:48 [justin]
WileyS, I'm just saying the language isn't nailed down. We tried to crowdsource the language in Seattle and we failed.
16:24:50 [ifette]
can we define "append"
16:24:53 [aleecia]
ack fielding
16:24:58 [ifette]
not everyone knows what we're talking about (myself included)
16:25:11 [Joanne]
Aleecia: data collected offline from 3rd parties is different than data collected by 3rd parties online
16:25:20 [WileyS]
Justin - that's fair - but I believe we have agreement at the conceptual level
16:25:47 [jchester2]
Perhaps one of the examples we can discuss is Yahoo's new Genome product:
16:26:19 [Joanne]
Feidling: how are dfining append> any reason to use this data is to modify user exp on 1st party site. this is not tracking. need soling arrangement with co providing service
16:26:29 [jchester2]
I ask that the FTC weigh in on this discussion, please
16:26:51 [Joanne]
Aleecia: need to define what we mean by data append and discussion notion of user exp
16:26:53 [npdoty]
s/how are dfining append>/how are we defining append?/
16:26:57 [npdoty]
16:27:07 [Joanne]
...chris can you give us a def of data append
16:27:14 [justin]
WileyS, Agreed, but agreed conceptually that first parties can't ship data off to 3Ps in ways they couldn't do otherwise. I think one of the main concerns with append is data brokers getting info about queried users by the append requests.
16:27:31 [tl]
Do they want that?
16:27:48 [Joanne]
ChrisP: it is the notion that the user has interacted with the site and we want to follow up but may not have the contact info to do so
16:27:58 [justin]
WileyS, That is, a concern I have heard is not about NYT getting offline data, it's about Experian learn that is a NYT subscriber. That may be prohibited by the conceptual agreement we had on first parties.
16:28:04 [npdoty]
so a user you don't know comes to a site, you match something about that user with address information gathered offline, and then you can send them an offer in the mail?
16:28:11 [justin]
WileyS, I'm not arguing either way. Just trying to flesh out the argument.
16:28:35 [WileyS]
Justin - would need to understand what you mean by "queried users" - data append is typically a one-way process.
16:28:35 [jchester2]
We should look at IAB (US) data primer, which also discusses append
16:28:47 [aleecia]
16:28:54 [aleecia]
ack jmayer
16:29:03 [Joanne]
Aleecia: let me sum up/ Someone has an LLBean catalog visits NYtimes, NYTImes being 1st party gets data from LLBean to contact user in 1st party context. <hope I captured this>
16:29:11 [npdoty]
is what Chris described the same "data append" that WileyS/justin are discussing in IRC?
16:29:15 [amyc]
amyc has joined #dnt
16:29:18 [Zakim]
+ +1.703.438.aamm
16:29:25 [Joanne]
jmayer; 2 diff wayys
16:29:59 [jchester2]
From IAB primer, for ex: "Data Append – User data from one source is linked to a user’s profile from another source."
16:30:27 [justin]
WileyS, How can it only work one way? It's a communication. Experian has to get the request about from a first party publisher, unless it's hashed somehow.
16:30:33 [justin]
What jmayer is saying right now.
16:30:53 [Joanne]
...1st way is 2-3 diff points of consnsus. taking 3 points together - a 1st party cannot do an append since the 1st party is sharing PII to get add'l data
16:31:14 [WileyS]
Justin, one-way: from data broker to 1st party. Data broker argues they have either user consent for sharing or its public data. 1st party does NOT share user data back to data broker in the exchange.
16:31:19 [Zakim]
16:31:38 [Joanne]
...agreement 1st party should not share with 3rd party. LLBean ex. user signed up with LLBean and LLBEan shares with NYTimes who at this point is a third party
16:31:44 [ChrisPedigoOPA]
16:31:52 [aleecia]
ack ifette
16:31:52 [Joanne]
...there is a 1st party sharing with a 3rd party in this chain
16:32:07 [justin]
WileyS, How does the data broker know to send the 1st party data?
16:32:15 [jchester2]
It's clear from the congressional letter and the FTC report that few consumers in US, at least, know or have consented to the wide range data collection by the data brokers--offline or online
16:32:24 [Joanne]
ifette: agfree with what jmayer siad at the end that 1st party sharing with third party is prohibited
16:32:44 [fielding]
what I meant to say is that IF data append is being used to alter the customer experience for a first party, then we had talked about that and do not want DNT to prevent it. However, it is reasonable to limit the mechanism to same-party data and siloed outsourcing where the data-providing entity is not allowed to add to their database.
16:32:45 [Joanne]
...don't want to place restrictions on what data cos bring in
16:32:46 [jmayer]
My point: two ways of getting to no appends from points of prior consensus.
16:33:02 [Joanne]
...getting confused when we don't discuss what we are appending to
16:33:49 [WileyS]
Justin: a "match" is performed - typically in a contained environment so no data is leaked back to the data broker.
16:34:03 [Joanne]
Aleecia: situation where we have things offline where DNT does not apply. when signing up for catalog, user may not understand data may have another use
16:34:06 [jmayer]
1) Combination of a) No sharing with third parties what they can't collect themselves. b) Third party can't solicit and collect PII. c) Technology agnostic. These logically entail no appending, since the first party has to send PII to a third party to do the append.
16:34:16 [Joanne]
...catalog co does not have an online presence
16:34:19 [tedleung]
16:35:02 [johnsimpson]
16:35:09 [jmayer]
2) We have agreement that a first party should not, in general, share with third parties. With an append, there's a first party often sharing with a third party. Just have to shift perspective.
16:35:16 [Joanne]
...1st party could be a DNT o pledging to comply with DNT. if co doing data append, there is an agreement in place and know they are doing this. it is poss only 1st party has DNT implications
16:35:28 [Joanne]
ifette: agress with restatement of issue
16:35:35 [npdoty]
jmayer, but isn't it a first party (the catalog) that didn't receive a DNT header?
16:35:43 [WileyS]
jmayer, 1st party does NOT share data back to the data broker for reuse with other customers.
16:35:47 [Joanne]
...restriction should be on parties providing data to agg service
16:36:15 [justin]
WileyS, Thanks, then that would solve the problem, at least for the view of the problem as I've portrayed it.. (Of course, there are other complaints about appending, as jchester2 notes.)
16:36:21 [Simon]
Simon has joined #dnt
16:36:25 [Joanne]
Aleeica: why diff if data coming from ooffline vs online
16:36:30 [jchester2]
The third party should not be able to transmit data to first party if DNT is enabled. There's no longer real distinction between online and offline anymore. It's all integrated and done in real time increasingly.
16:36:42 [jmayer]
npdoty, depends on the hypo. In some cases, it might have DNT: 1.
16:37:04 [Joanne]
ifette: don't have context of where data came from or what the setup was. what we have knowledge about we can put restrictions on
16:37:06 [npdoty]
jmayer, so can we prohibit it only in cases where the data is collected under DNT:1?
16:37:07 [fielding]
and because DNT does not mean that first parties do not track
16:37:15 [WileyS]
Jeff, in your use case, if the "3rd party" has opt-in consent or the data is public, do you agree that DNT would not apply?
16:37:25 [jmayer]
WileyS, "for reuse with other customers," sure. If the focus is properly on data collection, that use restriction doesn't buy much.
16:37:26 [Joanne]
...don't think group has in its scope to define ewhere cos can get data
16:37:39 [jmayer]
npdoty, under my second approach, I think that's right. Not under my first approach.
16:37:45 [Zakim]
16:37:49 [Joanne]
...don't want to define coll practices for all poss. scenarios
16:38:06 [fielding]
16:38:13 [WileyS]
Jmayer, a collection model doesn't apply well to appends (nor to this entire debate) so use based restrictions are the appropriate route
16:38:20 [Joanne]
Aleecia: that is what I am trying to avoid. don't think we want offline to be part of DNT
16:38:36 [Brooks]
16:38:38 [aleecia]
ack ChrisPedigoOPA
16:38:48 [fielding]
"yourself" includes outsourced service providers that silo
16:39:11 [Joanne]
ChrisP: if 1st party can't share dta, tightens up loophole. Ifette's point right on.
16:39:20 [jchester2]
Shane, generally opt-in consent okay. But few users know that such data is shared with others in a real-time targeting environment; mixed with other data sources; and may be used in sensitive cases related to finance or health. Best way is if user says DNT, third party data should bot be used for targeting inside a first party site.
16:39:34 [Joanne]
...what DNT is about is the browser sending a signal.
16:39:46 [hwest]
16:39:47 [aleecia]
ack tedleung
16:39:48 [Joanne] extend that to the offline world is problematic
16:39:52 [WileyS]
Jeff, Disagree - opt-in consent trumps all (not DNT)
16:39:59 [jchester2]
This isn't about offline and online. It's all together now.
16:40:25 [Joanne]
tedleung: we should use agreements we already for 1st parties. does that include service providers?
16:40:36 [jchester2]
Shane. That's why FTC called for new legislation on data brokers. Because the opt-in mechanism isn't working fairly.
16:41:20 [Joanne]
...use offline contractor to let you build scrapbook. is that a service providre? would htis be allowed?
16:41:51 [WileyS]
Jeff, then let that conversation play out there rather than driving this working group to attempt cover this on top of everything else we're trying to cover (which I've argued in the past is already way too much) - we're never going to complete this spec if we keep attempting to cover every single privacy issue out there in a single pass.
16:41:57 [aleecia]
16:41:57 [Joanne]
Aleecia: as long as service provider is siloing the data and process it for Disney. there is no problem. data is not being combined with other data
16:42:08 [jmayer]
Agree with what Aleecia just said. A data aggregator would not come within the service provider exception.
16:42:23 [aleecia]
ack fielding
16:42:24 [Joanne]
...service provider is actiing as agent on yourbehalf
16:42:47 [jchester2]
Shane. I am just weighing in to help provide context for this discussion. I only want to focus on the issue at hand. No data append is DNT is enabled
16:43:20 [Joanne]
Fielding: comment for Ted, service provider would solve Ted's question. what is unclear is restrictions on what hte 1st party can do. not sure if answer to Ted is correct.
16:43:23 [WileyS]
Jeff - agreed, and I'm arguing we shouldn't try to apply DNT to data append in the 1st party context.
16:43:37 [Joanne]
Aleecia: what are we telling 1st party that they can't do?
16:43:50 [Joanne]
Fiedling: not sure what we mean by data append
16:43:53 [jchester2]
Shane. I know that and we disagree. Perhaps we need to do use case here.
16:43:56 [jmayer]
I wrote two examples on the mailing list.
16:43:59 [vinay]
What Ted is saying is a good point (that I don't know if it was summed up properly). A publisher's use of data providers may actually help the consumer experience. The publish sometimes tries to get data from the provider that could collect itself (like age range, gender, income level based on general location, etc.).
16:44:05 [johnsimpson]
Agree with Roy. Still Don't understand what data append means.
16:44:13 [WileyS]
Jmayer, I replied to your use cases.
16:44:14 [Joanne]
Aleecia: good next step is to have people provide def on what data append means and a couple of use cases
16:44:28 [vinay]
Seems like publishers should be able to get that info from providers to better the consumer experience and not have every website ask for the user's age, gender, etc.
16:44:35 [aleecia]
16:44:39 [aleecia]
ack hwest
16:44:39 [dsinger]
q+ to discuss actions which, while not prohibited, are probably imprudent; we might usefully have a note.
16:44:41 [Joanne]
...will ask someone to take action item
16:44:45 [jchester2]
The data append can harm the user experience: such as identifying them as less worthy for various financial products, etc.
16:44:53 [WileyS]
Jeff, we've agree user consent trumps DNT. We've agreed that 1st parties are out of scope. When you combine the two I don't see the logic that DNT is now somehow magically applied.
16:44:56 [aleecia]
ack dsinger
16:44:56 [Zakim]
dsinger, you wanted to discuss actions which, while not prohibited, are probably imprudent; we might usefully have a note.
16:45:03 [Joanne]
Hwest: you read my mind. its good to have examples and clear up confusion
16:45:18 [Joanne]
Dsinger: agreed and include advisory notes
16:45:28 [jmayer]
WileyS, talismanic invocation of "it's out of scope" doesn't do much.
16:45:35 [npdoty]
+1 to dsinger, might address some of the concerns we've heard here
16:46:11 [jchester2]
We should include, Aleecia, how data append does violate DNT
16:46:11 [Joanne]
Aleecia: can one or meore people to write a crisp def of data append and expalin how it can be implement w/o violatiing DNt for 1st party
16:46:21 [Joanne]
ChrisP: happy to help
16:46:22 [WileyS]
Jmayer, I'll avoid using that phrases going forward - perhaps another way to state it is to say the rules we've already agreed upon would state that application of DNT on a 1st party appending user opt-in consent data is not appropriate.
16:46:49 [hwest]
aleecia, can we back up and have people j ust write up WHAT data append is, in practice?
16:46:56 [hwest]
I think a lot of us don't have a clue.
16:47:07 [hwest]
(Me included)
16:47:32 [npdoty]
actio: pedigo to draft crisp definition of data append / proposed response -- does that sound reasonable?
16:47:32 [Joanne]
Aleecia: what I think jmayer raised, for data append to work, 1st party wants to get additional data they will need to send to the third party data so the third party to do the append. if 1st party can't share with 3rd party, how can they append data
16:47:39 [jchester2]
I am happy to work with colleagues to show how this violates DNT. I am on deadline until end of month so can't fully focus on it alone.
16:48:06 [Joanne]
jmayer: soewhere there is a 1st party sharing with 3rd party depening on perspective. how do we work around that.
16:48:13 [jchester2]
16:48:14 [justin]
I don't understand the second argument, jmayer.
16:48:55 [aleecia]
ack jchester2
16:48:55 [Joanne]
Aleecia: lets not tackle that in this action. lets keep scope simple so ChrisP has a chance to complete action item. Chris has 2 weeks
16:49:06 [jmayer]
justin, some have argued that we have consensus on no first parties sharing with third parties, but not no third parties sharing with first parties. My point is that it's just a matter of perspective. From the LL Bean perspective, it's a first party sharing with a third party.
16:49:14 [npdoty]
ChrisPedigoOPA, aleecia -- does that action text sound reasonable?
16:49:36 [WileyS]
ChrisP, happy to work with you on this if you like
16:49:37 [npdoty]
actio: pedigo to draft crisp definition of data append / proposed response -- does that sound reasonable?
16:49:42 [ifette]
so why don't we let chris draft some text and then respond to it?
16:49:55 [Joanne]
JChester: another response to show why it violates DNT. Happy to help draft this and would like others to work with me.We have to whow why this could viollate DNT
16:50:16 [ifette]
16:50:20 [Joanne]
Allecia: ChrisP will define append and how that works and give him a chance to present what he has in mind
16:50:26 [vincent]
npdoty, missing a n in action?
16:50:44 [npdoty]
action: pedigo to draft crisp definition of data append / proposed response (potentially with Shane and Jeff)
16:50:44 [trackbot]
Could not create new action (failed to parse response from server) - please contact sysreq with the details of what happened.
16:50:44 [trackbot]
Could not create new action (unparseable data in server response: local variable 'd' referenced before assignment) - please contact sysreq with the details of what happened.
16:50:47 [Joanne]
Aleecia: moving to issue 150
16:50:59 [justin]
jmayer, I still don't think I understand, or at least see how it's different from the previously stated concerns about a publisher sending id'ing info to a data broker.
16:51:14 [npdoty]
trackbot, init
16:51:15 [dsinger]
16:51:15 [trackbot]
ISSUE-150 -- DNT conflicts from multiple user agents -- raised
16:51:15 [trackbot]
16:51:24 [npdoty]
action: pedigo to draft crisp definition of data append / proposed response (potentially with Shane and Jeff)
16:51:24 [trackbot]
Created ACTION-230 - Draft crisp definition of data append / proposed response (potentially with Shane and Jeff) [on Chris Pedigo - due 2012-08-01].
16:51:36 [jmayer]
justin, one is about the flow from the first party to the append provider; the other is about the flow back from the append provider to the first party.
16:51:43 [npdoty]
Topic: Issue 150 -- conflicts in user agents
16:51:53 [npdoty]
+1 to Aleecia's proposal, up to the UA to handle conflicts
16:52:00 [Joanne]
...only one DNT should be sent, not three. Compliance editors add language but want to makes sure we aren't missing anything. Comments? Sggestions?
16:52:07 [npdoty]
aleecia: will just ask the editors to add those two lines
16:52:12 [dsinger]
totally agree, this is out of scope, the UA's problem with their plug-in architecture etc.
16:52:21 [Joanne] one thinking that is bad idea. editors will add text to compliance draft
16:52:38 [aleecia]
16:52:38 [trackbot]
ISSUE-151 -- User Agent Requirement: Be able to handle an exception request -- raised
16:52:38 [trackbot]
16:52:38 [npdoty]
Topic Issue 151 -- requirement for handling exceptions
16:52:41 [Joanne]
...Issue 151. rigo not on call. Outcome will impact how we handle other issues
16:52:59 [npdoty]
q+ on JavaScript-disabled UAs
16:53:26 [aleecia]
ack jchester
16:53:34 [Joanne]
...without Rigo to present we can take up but lets move forward with discussion
16:53:38 [aleecia]
ack npdoty
16:53:38 [Zakim]
npdoty, you wanted to comment on JavaScript-disabled UAs
16:53:44 [Brooks]
16:53:49 [johnsimpson]
16:53:50 [ifette]
16:54:23 [aleecia]
ack Brooks
16:54:24 [Joanne]
Nick: will follow up with Rigo. shouldn't need this requirement.
16:54:34 [dwainberg]
16:55:12 [npdoty]
npdoty: users who have JavaScript disabled can still use DNT, doesn't change the meaning of a preference, simpler to just not have additional text on this
16:55:12 [Zakim]
16:55:18 [aleecia]
ack ifette
16:55:23 [Joanne]
Brooks: this creates confusion adn conflict due to def of user agent. UA only thing that can capture user pref. if a non-UA sets user pref but can't respond. how will that work.
16:55:36 [Joanne]
ifette: agree with Brooks, there is a definition problem
16:55:55 [Zakim]
16:56:16 [dsinger]
is there a practical difference between a UA that is hard-wired to say "no", and a UA that doesn't have the API?
16:56:24 [Joanne]
...not aware of UA with js disabled by default. can't use internet w/o js so shouldn't be an issue
16:56:36 [aleecia]
16:56:37 [Joanne]
Aleecia: disagree with Ian's statement.
16:56:41 [adrianba]
16:56:52 [Joanne]
ifette: dos break most sites users go to
16:56:53 [npdoty]
have we only been talking about compliance for default configurations of shipping browsers?
16:56:59 [jmayer]
16:57:10 [aleecia]
ack dwainberg
16:57:27 [Joanne]
Aleecia: think in terms of plugins and add-ons. I think that is what we are talking about more than broqsers as UAs
16:57:34 [ifette]
apologies, i have a conflict at 10 and need to drop off the call
16:57:58 [aleecia]
ack adrianba
16:58:03 [dsinger]
16:58:04 [Joanne]
dwainberg: in all cases, a UA needs to take that consent and override conseent given by other software
16:58:31 [Joanne]
Nick: need to jump. can you scribe?
16:58:36 [npdoty]
it sounds like Brooks and dwainberg are talking about conflicting plugins/UAs, like the last issue
16:58:39 [npdoty]
scribenick: npdoty
16:58:47 [Joanne]
thanks Nick!
16:58:57 [npdoty]
adrianba: if the JS API is in the spec, then compliance requires implementing it
16:59:01 [Zakim]
16:59:11 [dwainberg]
s/override consent given/override DNT set/
16:59:14 [npdoty]
... but a separate question of how to handle UAs that don't support the exception
16:59:14 [Zakim]
16:59:19 [ifette]
adrian, the software you're contemplating should have some way to fit in with the spec and support exceptions
16:59:45 [ifette]
unfortunately, i've a conflict and need to drop off
16:59:57 [johnsimpson]
16:59:59 [npdoty]
adrianba: of course it's not compliant with the whole spec, but the key issue is how we'll handle them
17:00:12 [ifette]
but i agree it's a "what makes a valid spec-compliant UA" and then that gets tangled in with "what do you do if you get a signal from a UA that doesn't comply with the spec"
17:00:16 [Zakim]
17:00:24 [npdoty]
scribenick: hwest
17:00:28 [aleecia]
ack jmayer
17:01:01 [hwest]
jmayer: I agree with Adrian and Ian that if this becomes a matter of non compliant UAs, then it does get entangled with honoring noncompliant user agents. I think the answer is yes.
17:02:06 [hwest]
... I want to argue that we shouldn't call a UA noncompliant just because it doesn't support the API. I've implemented this API, and it's not extraordinarily hard. Asynchronous work, needs UI. Lots harder to add on developers than implementing response header. Shouldn't put that on every developer.
17:02:14 [hwest]
... but websites will need a fallback or OOBC mechanism.
17:02:19 [npdoty]
in particular for extension developers
17:02:33 [hwest]
... sites will need an alternative, we can make that easier with JS libraries etc.
17:02:41 [aleecia]
17:02:45 [aleecia]
ack dsinger
17:02:50 [hwest]
... should not be considered out of compliance w/o JS API
17:02:58 [Zakim]
+ +1.727.686.aann
17:03:04 [hwest]
dsinger: We're working no the API design, and open question whether API is better than OOBC
17:03:06 [Zakim]
17:03:22 [alex]
Zakim, aann is alex
17:03:26 [Zakim]
+alex; got it
17:03:28 [hwest]
... some prefer out of band. If header in a plugin, don't think plugins get to handle JS calls, no idea how to do a compliant plugin with JS API.
17:03:45 [npdoty]
depends on the exact structure of your plugin architecture, but it's certainly a lot harder to handle JS calls in an extension/plugin
17:03:48 [hwest]
... not sure that I see the difference between not having API and having the always-no browser.
17:03:52 [WileyS]
Jmayer, very few in industry will implement W3C's version of DNT if there is a requirement to honor non-compliant UA DNT signals. If the goal is to have implementation, this needs to be seriously considered.
17:03:58 [jmayer]
17:04:04 [hwest]
aleecia: at a technical level, do add ons get to handle js?
17:04:04 [aleecia]
ack jamyer
17:04:09 [aleecia]
ack jmayer
17:04:44 [hwest]
jmayer: varies by browser, FF you can add a JS API. Some browsers you have to add a script tag to the DOM that brings in the API script and does callbacks. Can get complicated, haven't verified that it works in other browsers.
17:04:52 [npdoty]
I've gotten it to work in Chrome, though it is tricky
17:05:02 [adrianba]
17:05:09 [aleecia]
ack adrianba
17:05:20 [hwest]
adrianba: IE doesn't have a reliable mechanism
17:05:37 [hwest]
... suggestion that jmayer made is possible, but have ordering problems if page wants to access the API first
17:06:08 [Zakim]
17:06:27 [hwest]
aleecia: To sum up, hearing some support, and hearing concerns that this is a high implementation cost on developers. Have at least one case of an OS sending DNT as a signal, so lots of different examples/implementations that dont' fit this mold.
17:06:28 [jmayer]
adrianba, getting ordering right can be annoying in Chrome/Safari too. Certainly a hacky approach.
17:06:30 [npdoty]
q+ to ask does anyone think sites should feel free to ignore DNT signals if a JS api isn't present?
17:06:44 [Zakim]
17:06:51 [hwest]
... should write up this and figure out how to mitigate those concerns.
17:06:54 [aleecia]
ack npdoty
17:06:54 [Zakim]
npdoty, you wanted to ask does anyone think sites should feel free to ignore DNT signals if a JS api isn't present?
17:07:09 [hwest]
npdoty: does anyone think sites should feel free to ignore DNT signals if a JS api isn't present?
17:07:32 [hwest]
... because if not, we can set that aside and just figure out how easy it is for extension developers
17:07:40 [jchester2]
I have to go. sorry
17:07:44 [WileyS]
Nick, if there is no way to determine if a sites 3rd parties are receiving site-wide exception signals (DNT:0) then I find it hard to hard that that UA without the API should be supported. Unbalanced situation.
17:07:47 [dwainberg]
17:07:49 [Zakim]
17:07:53 [aleecia]
ack dwainberg
17:08:01 [WileyS]
Nick, "hard to argue"
17:08:29 [tl]
17:08:35 [aleecia]
ack tl
17:08:36 [hwest]
dwainberg: I think we'd feel that UAs without the API are noncompliant and should be ignored. It's part of the package, if we're about user choices. If it doesn't go both ways, it all breaks down.
17:08:56 [WileyS]
+1 to David
17:08:57 [Zakim]
- +1.202.326.aall
17:09:05 [Zakim]
17:09:06 [hwest]
tl: If users make a choice, and the choice is to always say DNT1, don't ask me when a site wants an exception, shouldn't make it noncompliant.
17:09:15 [aleecia]
17:09:23 [hwest]
dwainberg: sure, that could be an option,but not an excuse to not have the API
17:10:17 [aleecia]
17:10:24 [WileyS]
t1, I thought we agreed a UA must support all 3 states to be compliant - that includes user granted exceptions
17:10:32 [hwest]
aleecia: Please do the scheduling doodle!
17:10:42 [hwest]
... We want to get that done vey soon and work on the F2F
17:10:49 [WileyS]
If the site/3rd party is blocked from a dialogue with the user I don't see this as a compliant outcome.
17:10:55 [npdoty]
WileyS, tl, I think that's an open and very disputed question for which we'll have a call for objections coming shortly
17:10:58 [dsinger]
17:10:58 [trackbot]
ISSUE-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- raised
17:10:58 [trackbot]
17:11:19 [hwest]
... Next issue is ISSUE-153
17:11:32 [hwest]
... what happens when a non-UA changes the DNT setting
17:11:49 [dsinger]
I don't understand. Something is at the end of the HTTP protocol, that's rrespnsible'
17:12:00 [adrianba]
17:12:32 [aleecia]
ack adrianba
17:12:59 [hwest]
adrianba: Clarify, question was based on how the spec applies to software that you may run on your PC that changes settings on a browser but is not itself a browser
17:13:14 [hwest]
... Something is changing the user preference that impacts how the browser sends the signal
17:13:42 [Zakim]
17:13:47 [WileyS]
Nick, can you explain what you mean by "call for objections"? Doesn't that preclude that we've reached a consensus point?
17:13:55 [dwainberg]
17:13:58 [BrendanIAB]
17:14:06 [hwest]
... All browsers store their prefs somewhere, what happens when the browser doesn't have visibility
17:14:22 [hwest]
dsinger: this is out of scope, that's part of your system design
17:14:31 [aleecia]
ack dwainberg
17:15:11 [hwest]
dwainberg: Issue there about question of what set the DNT and how the relevant pieces of software and parties down the chain know. Second issue, something at the end of the HTTP protocol controls what goes out.
17:15:25 [hwest]
... Do we need that thing to be able to take in and apply exceptions?
17:15:41 [hwest]
... If no JS API or user interface, how do you take in exception requests?
17:15:42 [npdoty]
WileyS, yes, Aleecia mentioned it on the call earlier (I recognize you're not with us on the phone), at the last f2f when we reached an impasse on that question it sounded like further discussion wasn't going to help, the chairs said they would send out a call for objections to different proposals to the Working Group
17:15:54 [aleecia]
ack BrendanIAB
17:16:01 [rvaneijk]
@dwainberg: I see a new feature for ccleaner
17:16:25 [hwest]
brendanIAB: Have done some relevant research. AAVG implementation is a plugin that modified HTTP after browser hands it off to the plugin.
17:16:34 [WileyS]
Nick, could someone send a more detailed explanation of this issue to the mailing list? Seems like a significant issue if we're at the "Formal Objection" stage.
17:16:38 [hwest]
... that means the browser is not aware of the modification.
17:16:52 [dwainberg]
@rvaneijk: or maybe a header signal to request exceptions?
17:16:54 [hwest]
... that means interaction with the plugin is more user friendly.
17:17:05 [hwest]
aleecia: Does this run into no third party interception and changing of the signal?
17:17:06 [npdoty]
WileyS, yes, definitely have more details on the list; this isn't the formal objection stage, fwiw
17:17:12 [aleecia]
(JC speaking)
17:17:22 [hwest]
JC: so this could change the header?
17:17:46 [hwest]
BrendanIAB: Yes, so the UA isn't the only entity that is responsible. Giving browser full control might require restructuring of some browser functino.
17:18:04 [hwest]
... plugins can modify outbound headers in three of five browsers.
17:18:34 [Chris_IAB]
it's relatively easy for any user agent to "hijack" and propagate the DNT header signal (that's a problem)
17:18:40 [WileyS]
Nick, Thank you.
17:18:49 [hwest]
aleecia: Two approaches possible. Dsinger suggests that we can't handle this as an issue, we shouldn't address it.
17:19:14 [dsinger]
17:19:16 [Chris_IAB]
...this hijacking can be done without explicit knowledge of the user.
17:19:16 [hwest]
... Or we could handle this through requiring a user presentation, either through exception handling requirement or choice requirement or some other mechanism.
17:19:36 [aleecia]
ack dsinger
17:19:44 [hwest]
... Useful to hear from folks what they think and how they'd address this.
17:20:15 [Chris_IAB]
in the case of AVG, they look to send DNT:1 WITHOUT modifying the setting in the user's browser (thus the user has no way to change this)
17:20:18 [hwest]
... So right now because of UA definition we would not have an issue of AVG as a UA, since it wouldn't be a UA.
17:20:28 [Zakim]
17:20:38 [hwest]
... So to push it back to the modifier, then we need a "UA and friends" category.
17:20:45 [npdoty]
do we just need to add a sentence, "Other software MUST NOT modify DNT preferences without following the requirements of this section."?
17:20:59 [aleecia]
17:21:19 [dwainberg]
17:21:25 [aleecia]
ack dwainberg
17:21:44 [hwest]
dwainberg: I'll take the action. Also question, at some point someone had the idea to add a signal in the header to indicate who set the signal. What happened there?
17:21:54 [hwest]
aleecia: That is an open issue in the TPE doc.
17:22:19 [npdoty]
dwainberg, I don't think that actually helps us here, though, right? if we're talking about rogue software changing your preferences without your knowledge...
17:22:53 [hwest]
... so a hypothetical, that you must state who set the DNT header, then you can imagine UAs needing to coordinate with their plugins to get that info. What we'er hearing is that that may be difficult with current architecture.
17:23:19 [Chris_IAB]
Is this right: the UA cannot access the user's setting in the browser to change them? (ref AVG implementation)
17:23:31 [rvaneijk]
plugins and other software can still override the header info. The underlying problem remains, how can a site reliably trust a DNT signal.
17:23:40 [hwest]
dwainberg: Lots of signals here will lead to a lot of confusion for the consumer.
17:23:53 [vincent]
17:23:54 [hwest]
... is there a way to make this consistent and easy for the user?
17:24:02 [aleecia]
ack vincent
17:24:04 [WileyS]
Issue 143
17:24:08 [WileyS]
David, Issue 143
17:24:12 [hwest]
vincent: Maybe give priority to UA
17:24:30 [rvaneijk]
17:24:31 [npdoty]
17:24:37 [aleecia]
ack npdoty
17:24:43 [dsinger]
I am deeply concerned about the idea that sites can second-guess how 'valid' the dnt:1 signal is. That's a recipe for spiralling lack of trust and compliance.
17:24:49 [Chris_IAB]
<rvaneijk>, when you say "override", you mean just send a DNT signal without notifying the user?
17:25:04 [hwest]
npdoty: Conflicts could be bad, especially for rogue software
17:25:09 [hwest]
... but may not impact most u sers
17:25:12 [WileyS]
have to drop - have a great day everyone
17:25:14 [Chris_IAB]
and moreover, the user has no way to toggle back via their browser...
17:25:17 [aleecia]
take care, Shane
17:25:21 [vincent]
Maybe give priority to UA that support user exception if such UA is installed
17:25:27 [tl]
Every other setting?
17:25:29 [hwest]
dwainberg: Are there similar cases where settings have to fight it out?
17:25:30 [vincent]
that's what I meant
17:25:37 [rvaneijk]
@Chris_IAB: with override I mean like a proxy, browser sends DNT:0, and software changes that to DNT:1
17:25:42 [hwest]
npdoty: cookie management, some people have extra tools
17:26:14 [hwest]
dwainberg: Anything in common use?
17:26:21 [Chris_IAB]
<rvaneijk>, thanks... but the UA could just send an ADDITIONAL (perhaps conflicting) signal too
17:26:53 [rvaneijk]
@Chris_IAB: it is just text in a header. ANY additional info can be altered/deleted/overwritten
17:27:15 [hwest]
aleecia: Action item for... who? Write up any sort of sane alternative for how we deal with this case.
17:27:25 [npdoty]
I can take an action for a very short proposal per my above suggestion
17:27:28 [Chris_IAB]
Example: I set DNT:0 via my browser, then I install AVG and it just starts sending DNT:1 in addition to my DNT:0 signal (both signals are set)-- how does a pub/ad-network deal with that?
17:27:30 [dsinger]
"The software that is responsible for causing a DNT header to be sent is also responsible for assuring it reflects the user's intention"
17:27:47 [Chris_IAB]
<rvaneijk> , I get how headers work, thanks :)
17:28:11 [npdoty]
action: doty to write a very short proposal (with dsinger) on issue-153
17:28:11 [trackbot]
Created ACTION-231 - Write a very short proposal (with dsinger) on issue-153 [on Nick Doty - due 2012-08-01].
17:28:24 [dwainberg]
@npdoty: is that different from the Action I just agreed to take?
17:28:31 [npdoty]
action-231: dsinger: "The software that is responsible for causing a DNT header to be sent is also responsible for assuring it reflects the user's intention"
17:28:31 [trackbot]
ACTION-231 Write a very short proposal (with dsinger) on issue-153 notes added
17:28:35 [Chris_IAB]
meant to write "both signals are sent" (not set, but that's also true ;)
17:28:42 [hwest]
aleecia: All for today! Adjourned.
17:28:44 [Zakim]
17:28:45 [Zakim]
17:28:45 [Zakim]
17:28:45 [Zakim]
17:28:46 [Zakim]
17:28:46 [Zakim]
17:28:46 [sidstamm]
thanks aleecia!
17:28:47 [Zakim]
17:28:49 [Zakim]
17:28:51 [Zakim]
17:28:51 [dsinger]
cheers, everyone
17:28:53 [Zakim]
- +1.703.438.aamm
17:28:55 [Zakim]
17:28:56 [johnsimpson]
17:28:57 [Zakim]
17:28:59 [Zakim]
17:28:59 [johnsimpson]
johnsimpson has left #dnt
17:29:01 [Zakim]
17:29:01 [tedleung]
tedleung has joined #dnt
17:29:03 [Zakim]
17:29:04 [npdoty]
dwainberg, I think we're proposing an alternative
17:29:05 [Zakim]
17:29:07 [Zakim]
17:29:09 [Zakim]
17:29:11 [Zakim]
17:29:14 [Zakim]
17:29:14 [npdoty]
dwainberg, though if we come to the same conclusion: great!
17:29:15 [Zakim]
17:29:26 [npdoty]
action-231: "Other software MUST NOT modify DNT preferences without following the requirements of this section."
17:29:27 [trackbot]
ACTION-231 Write a very short proposal (with dsinger) on issue-153 notes added
17:29:27 [dwainberg]
ok. thanks, nick.
17:29:44 [dwainberg]
did that get assigned to me in the issue tracker?
17:29:52 [Zakim]
17:30:04 [npdoty]
I think I missed it, let's create it now
17:30:04 [Zakim]
17:30:54 [Zakim]
17:30:59 [npdoty]
action: wainberg to write a proposal for issue-153
17:30:59 [trackbot]
Sorry, couldn't find user - wainberg
17:31:03 [Zakim]
17:31:28 [dwainberg]
it's dwainberg
17:31:41 [dwainberg]
action:dwainberg to write a proposal for issue-153
17:31:57 [npdoty]
dwainberg, let's get you signed up formally (will send email offline) and then Tracker can handle an action for you
17:32:19 [dwainberg]
17:32:22 [npdoty]
Zakim, list attendees
17:32:22 [Zakim]
As of this point the attendees have been npdoty, aleecia, +1.646.654.aaaa, +1.646.654.aabb, eberkower, +1.202.370.aacc, robsherman, ifette, Joanne, AnnaLong, sidstamm, jeffwilson,
17:32:25 [Zakim]
... jchester2, +1.678.580.aadd, +1.202.695.aaee, vinay, jmayer, dwainberg, dsinger, +1.202.403.aaff, Lia, ChrisPedigoOPA, alex, +49.721.91.aagg, dsriedel, Chris_IAB,
17:32:25 [Zakim]
... +1.813.366.aahh, justin, tl, hwest, fielding, +1.206.658.aaii, BrendanIAB?, adrianba, +1.508.655.aajj, +1.206.369.aakk, tedleung, johnsimpson, rvaneijk, brooks, Nielsen, amyc,
17:32:25 [Zakim]
... suegl, Henry_CBS, Peder, +1.202.326.aall, vincent, [GVoice], +1.703.438.aamm, +1.727.686.aann
17:32:33 [npdoty]
rrsagent, make logs public
17:32:36 [npdoty]
rrsagent, draft minutes
17:32:36 [RRSAgent]
I have made the request to generate npdoty
17:32:40 [npdoty]
Zakim, bye
17:32:41 [Zakim]
leaving. As of this point the attendees were npdoty, aleecia, +1.646.654.aaaa, +1.646.654.aabb, eberkower, +1.202.370.aacc, robsherman, ifette, Joanne, AnnaLong, sidstamm,
17:32:41 [Zakim]
Zakim has left #dnt
17:33:05 [tedleung]
tedleung has left #dnt
17:50:00 [fielding]
fielding has left #dnt
18:57:52 [tlr]
tlr has joined #dnt
19:57:45 [npdoty]
npdoty has joined #dnt
19:58:20 [aleecia]
aleecia has left #dnt
20:18:03 [ifette]
ifette has joined #dnt
20:28:49 [npdoty]
npdoty has joined #dnt
21:00:42 [ifette]
ifette has joined #dnt