05:19:03 npdoty has joined &dnt 07:55:31 npdoty has joined &dnt 12:15:18 Zakim has left &dnt 13:25:38 Ian has left &dnt 13:25:41 Ian has joined &dnt 13:25:43 rrsagent, bye 13:25:43 I see 1 open action item saved in http://www.w3.org/2012/07/31-dnt-actions.rdf : 13:25:43 ACTION: IJ will draft home page news item [1] 13:25:43 recorded in http://www.w3.org/2012/07/31-dnt-irc#T19-05-37 15:42:06 RRSAgent has joined #dnt 15:42:07 logging to http://www.w3.org/2012/08/01-dnt-irc 15:42:15 Zakim has joined #dnt 15:42:24 Zakim, this will be dnt 15:42:24 ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 18 minutes 15:42:35 chair: aleecia 15:42:43 rrsagent, make logs public 15:42:52 agenda? 15:43:06 agenda+ Selection of scribe 15:43:17 agenda+ Review of overdue action items: http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner 15:43:27 agenda+ Any comments on minutes posted a week ago: 15:43:37 agenda+ Quick check that callers are identified 15:43:55 agenda+ Discussion of face-to-face meeting 15:44:06 agenda+ Discussion of how we move forward on permitted uses 15:44:21 agenda+ pending review texts 15:44:37 agenda+ Announce next meeting & adjourn 15:44:49 agenda? 15:52:00 T&S_Track(dnt)12:00PM has now started 15:52:07 + +1.408.674.aaaa 15:52:07 BrendanIAB has joined #dnt 15:52:17 Good morning, Brendan 15:52:34 npdoty has joined #dnt 15:52:35 Good morning Aleecia 15:52:40 Hi, Nick! 15:52:54 …I'm thinking Friday 15:53:36 +??P5 15:53:51 Zakim, ??P5 is probably BrendanIAB 15:53:51 +BrendanIAB?; got it 15:53:59 Please mute :-) 15:54:21 +npdoty 15:54:51 Zakim, who is on the phone? 15:54:51 On the phone I see +1.408.674.aaaa, BrendanIAB?, npdoty 15:55:00 Zakim, aaaa is aleecia 15:55:00 +aleecia; got it 15:56:13 efelten has joined #dnt 15:57:22 + +1.202.326.aabb 15:57:28 Zakim, aabb is me 15:57:28 +efelten; got it 15:58:01 ninjamarnau has joined #dnt 15:58:13 adrianba has joined #dnt 15:58:29 suegl has joined #dnt 15:58:58 justin_ has joined #dnt 15:59:03 + +49.431.98.aacc 15:59:04 robsherman has joined #dnt 15:59:10 Chris_IAB has joined #dnt 15:59:11 Lia has joined #dnt 15:59:26 Zakim, aacc is ninjamarnau 15:59:26 +ninjamarnau; got it 15:59:28 +[Microsoft] 15:59:28 dwainberg has joined #dnt 15:59:38 jchester2 has joined #dnt 15:59:39 + +1.202.370.aadd 15:59:45 +??P13 15:59:48 zakim, [Microsoft] has suegl 15:59:48 +suegl; got it 15:59:50 zakim, aadd is robsherman 15:59:50 +robsherman; got it 15:59:54 just joined via Skype 16:00:04 Zakim, ??P13 is probably Chris_IAB 16:00:04 +Chris_IAB?; got it 16:00:15 +jchester2 16:00:21 vincent has joined #dnt 16:00:33 + +1.646.654.aaee 16:00:39 + +1.415.734.aaff 16:00:50 + +1.206.658.aagg 16:00:59 dsinger has joined #dnt 16:01:02 dsriedel has joined #dnt 16:01:05 +[GVoice] 16:01:14 + +1.202.637.aahh 16:01:21 + +49.721.83.aaii 16:01:25 zakim, aahh is justin_ 16:01:25 +justin_; got it 16:01:28 zakim, aaii is dsriedel 16:01:28 +dsriedel; got it 16:01:29 +??P31 16:01:34 zakim, mute me 16:01:37 dsriedel should now be muted 16:01:42 Zakim, aaff is KevinT 16:01:42 +KevinT; got it 16:01:43 zakim, ??P31 is vincent 16:01:43 +vincent; got it 16:01:45 +bryan 16:01:46 Zakim, aagg is amyc 16:01:48 +[Apple] 16:01:50 zakim, [apple] has dsinger 16:01:53 +amyc; got it 16:01:58 WileyS has joined #DNT 16:02:03 +dsinger; got it 16:02:09 + +1.207.619.aajj 16:02:13 zakim, who is on the phone? 16:02:19 On the phone I see aleecia, BrendanIAB?, npdoty, efelten, ninjamarnau, [Microsoft], robsherman, Chris_IAB?, jchester2, +1.646.654.aaee, KevinT, amyc, [GVoice], justin_, dsriedel 16:02:19 johnsimpson has joined #dnt 16:02:22 ... (muted), vincent, bryan, [Apple], +1.207.619.aajj 16:02:26 [Microsoft] has suegl 16:02:27 eberkower has joined #dnt 16:02:28 [Apple] has dsinger 16:02:44 zakim, aajj is dwainberg 16:02:44 +dwainberg; got it 16:02:49 +[Microsoft.a] 16:02:54 Zakim, who is making noise? 16:02:59 zakim, [microsoft.a] is me 16:02:59 +adrianba; got it 16:03:00 + +1.408.349.aakk 16:03:05 npdoty, listening for 11 seconds I heard sound from the following: KevinT (4%), [GVoice] (51%) 16:03:12 zakim, aakk is WileyS 16:03:12 +WileyS; got it 16:03:13 + +1.310.392.aall 16:03:14 646 is eberkower 16:03:14 Saturday is good. 16:03:15 Zakim, mute [GVoice] 16:03:15 [GVoice] should now be muted 16:03:19 +??P50 16:03:23 Simon has joined #dnt 16:03:46 Zakim, aaee is eberkower 16:03:46 +eberkower; got it 16:03:53 sidstamm has joined #dnt 16:03:58 + +1.919.517.aamm 16:04:01 volunteers to scribe? 16:04:15 AnnaLong has joined #dnt 16:04:20 + +1.678.580.aann 16:04:27 zakim, 392aall is johnsimpson 16:04:29 sorry, johnsimpson, I do not recognize a party named '392aall' 16:04:41 +[Mozilla] 16:04:44 ChrisPedigoOPA has joined #dnt 16:04:45 Zakim, Mozilla has sidstamm 16:04:47 + +1.917.318.aaoo 16:04:50 hwest has joined #dnt 16:04:53 +sidstamm; got it 16:04:56 zakim, aall is johnsimpson 16:04:56 susanisrael has joined #dnt 16:04:57 + +1.201.723.aapp 16:05:01 +johnsimpson; got it 16:05:08 tedleung1 has joined #dnt 16:05:10 Zakim, aall is johnsimpson 16:05:10 scribenick: adrianba 16:05:13 sorry, npdoty, I do not recognize a party named 'aall' 16:05:18 http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner 16:05:21 susanisrael joined from 201723 xxxx 16:05:22 TOPIC: Review of overdue action items 16:05:23 thx, adrianba 16:05:26 + +1.202.507.aaqq 16:05:31 chapell has joined #DNT 16:05:33 Zakim, aapp is susanisrael 16:05:33 +susanisrael; got it 16:05:43 aleecia: the first few are from ian, who has not yet joined the call 16:05:50 ... next are from roy 16:05:55 ... also not yet here 16:05:55 zakim, 8440 is chapell 16:05:55 sorry, chapell, I do not recognize a party named '8440' 16:05:58 ... next against me 16:06:02 Zakim, aaqq is ChrisPedigoOPA 16:06:02 +ChrisPedigoOPA; got it 16:06:06 ... some are done but need to close out the actions 16:06:11 Apologies - I will be joining the call late or not at all as I deal with some crisis still here, but will try to follow on IRC 16:06:13 ACTION-210? 16:06:13 ACTION-210 -- Aleecia McDonald to come up with further text to get the consensus declared in this call around DNT and whether it can be set by default (no) in the spec -- due 2012-07-25 -- OPEN 16:06:13 http://www.w3.org/2011/tracking-protection/track/actions/210 16:06:14 + +1.206.369.aarr 16:06:15 Brooks has joined #dnt 16:06:16 + +1.609.981.aass 16:06:21 aleecia: will do this by the end of the week 16:06:28 zakim, aarr is tedleung 16:06:28 +tedleung; got it 16:06:33 ACTION-228? 16:06:33 ACTION-228 -- David Singer to update remove methods to have an appropriate failure mode -- due 2012-07-25 -- OPEN 16:06:33 http://www.w3.org/2011/tracking-protection/track/actions/228 16:06:35 action-228 16:06:45 dsinger: in process but not done - working on the API at the moment 16:07:02 Brooks Calling in on 678 580 16:07:07 ACTION-227? 16:07:07 ACTION-227 -- David Singer to collect input (from Tom, Jonathan, Ed, Rob) on needs for a service-provider flag and compare to current draft -- due 2012-07-25 -- OPEN 16:07:07 http://www.w3.org/2011/tracking-protection/track/actions/227 16:07:09 alex has joined #dnt 16:07:12 dsinger: same here 16:07:18 JC has joined #DNT 16:07:21 + +1.813.366.aatt 16:07:23 aleecia: i will send email reminders 16:07:29 http://www.w3.org/2012/06/06-dnt-minutes 16:07:30 http://www.w3.org/2012/06/13-dnt-minutes 16:07:31 http://www.w3.org/2012/06/20-dnt-minutes 16:07:31 TOPIC: Any comments on minutes posted a week ago 16:07:32 +[Microsoft.a] 16:07:33 http://www.w3.org/2012/06/21-dnt-minutes 16:07:34 http://www.w3.org/2012/06/22-dnt-minutes 16:07:34 http://www.w3.org/2012/07/11-dnt-minutes 16:07:38 Zakim, aatt is alex 16:07:39 +alex; got it 16:07:40 aleecia: did anyone have comments on the minutes? 16:07:45 ... not seeing any comments 16:07:52 TOPIC: Quick check that callers are identified 16:07:54 Zakim, who is on the phone? 16:07:58 On the phone I see aleecia, BrendanIAB?, npdoty, efelten, ninjamarnau, [Microsoft], robsherman, Chris_IAB?, jchester2, eberkower, KevinT, amyc, [GVoice] (muted), justin_, dsriedel 16:08:01 ... (muted), vincent, bryan, [Apple], dwainberg, adrianba, WileyS, johnsimpson, ??P50, +1.919.517.aamm, +1.678.580.aann, [Mozilla], +1.917.318.aaoo, susanisrael, ChrisPedigoOPA, 16:08:04 ... tedleung, +1.609.981.aass, alex, [Microsoft.a] 16:08:06 [Mozilla] has sidstamm 16:08:08 [Apple] has dsinger 16:08:14 [Microsoft] has suegl 16:08:33 zakim, 917 318 is chapell 16:08:37 I don't understand '917 318 is chapell', chapell 16:08:40 Zakim, aaoo is chapell 16:08:46 Zakim, aamm is AnnaLong 16:08:47 thanks nick 16:08:48 rrsagent, make minutes 16:08:48 I have made the request to generate http://www.w3.org/2012/08/01-dnt-minutes.html adrianba 16:08:50 +chapell; got it 16:08:51 Zakim, aann is Brooks 16:08:55 +AnnaLong; got it 16:08:56 rrsagent, make logs public 16:08:59 +Brooks; got it 16:09:26 agenda? 16:09:46 issue-97? 16:09:46 ISSUE-97 -- Re-direction, shortened URLs, click analytics -- what kind of tracking is this? -- open 16:09:46 http://www.w3.org/2011/tracking-protection/track/issues/97 16:09:50 jeffwilson has joined #dnt 16:09:55 bilcorry has joined #dnt 16:09:58 http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0106.html 16:10:02 jmayer has joined #dnt 16:10:03 TOPIC: We will work our way through a number of pending review texts, all of which have had ample time for people to read and reflect upon. 16:10:12 5. A user visits Example Social and sees the language: "Check out this 16:10:12 aleecia: following up on an action from Justin 16:10:13 Example News article on cooking: sho.rt/1234". The user clicks the link 16:10:14 which directs the user to a page operated by the company Example Sho.rt 16:10:16 which then redirects the user to a page operated by Example News. 16:10:17 Example Social and Example News and first parties, and Example Sho.rt is 16:10:19 a third party. 16:10:20 6. A user visits Example Social and sees a hyperlink reading: "Check out 16:10:22 this Example News article on cooking." A user clicks the link which 16:10:23 points to framing.com/news1234. This page loads nothing but a frame 16:10:25 which contains the cooking article from Example News, but all links are 16:10:26 rewritten to pass through framing.com which is operated by Example 16:10:27 + +1.202.684.aauu 16:10:27 Framing. Example Social and Example News are first parties and Example 16:10:28 Framing is a third party. 16:10:29 + +1.703.265.aavv 16:10:40 Zakim, aauu is jmayer 16:10:41 +jmayer; got it 16:10:43 + +1.408.223.aaww 16:10:47 + +1.703.265.aaxx 16:10:51 q+ 16:10:56 Zakim, aaww is me 16:10:56 +bilcorry; got it 16:11:03 Zakim, mute me 16:11:03 bilcorry should now be muted 16:11:24 cblouch has joined #dnt 16:11:37 damiano_ has joined #dnt 16:11:44 aleecia: let's talk about this - there's one more para at the end but let's start here 16:11:49 ... no objections on the mailing list 16:11:50 I'm the one on google talk sorry 16:11:50 q? 16:11:58 ack dwainberg 16:12:11 David, stay on topic. 16:12:13 dwainberg: want to reiterate my concerns about agenda timing 16:12:22 Did we skip the F2F timing agenda item? 16:12:25 ... these are meaty issues - date from this posting is some time ago 16:12:32 ... we haven't had much time to prep 16:12:45 aleecia: you're right - was behind on agenda 16:12:55 ... i think as we go through them it's possible to handle in real time 16:13:14 ... if you find things that you need more time for we can consider that but there has been time to discuss on the mailing list 16:13:27 We've been thinking about URL shorteners and framing for well over six months. 16:13:27 ... agreed that 24 hours for agenda would be better but let's give it a shot 16:13:36 samsilberman has joined #dnt 16:13:41 dwainberg: let's take time to discuss but not make decisions? 16:13:44 I object to "not making decisions on calls". 16:13:47 aleecia: not willing to do that 16:14:04 ... if there is text nobody has seen before then okay, say new text from editors 16:14:16 ... but for something that people have had time to go through then yes we can make decisions 16:14:25 if there are cases where something is missed, can we follow up to decisions with objections on the mailing list? 16:14:29 ... we can look at specific issues but not as a general statement 16:14:35 + +1.781.472.aayy 16:14:36 ... let's move ahead on this 16:14:49 obstruction |əbˈstrəkSHən, äb-| - noun - a thing that impedes or prevents passage or progress; an obstacle or blockage: the tractor hit an obstruction. 16:14:57 q? 16:14:59 ... there were no objections on the list - question for the group is if there are things missing that they didn't bring up before 16:15:05 ... not hearing anyone 16:15:08 ... one last para 16:15:13 In some cases, web requests are redirected through intermediary domains, 16:15:14 such as url shorteners or framing pages, before eventually delivering 16:15:15 the content that the user was attempting to access. The operators of 16:15:16 these intermediary domains are third parties, unless they are a common 16:15:17 party to the operator of either the referring page or the eventual 16:15:18 agree with David; need ample time to review; just got the agenda last night 16:15:18 landing page. 16:15:18 zakim, aayy is samsilberman 16:15:18 +samsilberman; got it 16:15:29 ... fairly non-controversial 16:15:58 aleecia: that's explaining what it is we're talking about 16:16:10 ... may need more time to be crisp but want to get a sense from people on the call 16:16:20 ... think it's straightforward 16:16:21 need additional time to review proposed language 16:16:25 +q 16:16:25 support for the re-direct or intermediary being a third party, have we heard any objections to that? 16:16:30 ack jmayer 16:16:39 Chris_IAB, You've had two months to review this language. 16:16:40 jmayer: two thoughts 16:16:53 ... think new examples are helpful 16:16:58 Who are the people who called in just after we completed the identification-check? There were several. Some identified themselves, but others didn't. 16:17:06 ... still using user expectations as rough guidelines 16:17:10 noted, Ed, thanks 16:17:10 but didn't know it was to be decided on today, until last night my time 16:17:20 ... since users don't expect to interact with link shorteners then in general they're not first parties 16:17:21 zakim, who is on the phone? 16:17:21 On the phone I see aleecia, BrendanIAB?, npdoty, efelten, ninjamarnau, [Microsoft], robsherman, Chris_IAB?, jchester2, eberkower, KevinT, amyc, [GVoice] (muted), justin_, dsriedel 16:17:25 ... (muted), vincent, bryan, [Apple], dwainberg, adrianba, WileyS, johnsimpson, ??P50, AnnaLong, Brooks, [Mozilla], chapell, susanisrael, ChrisPedigoOPA, tedleung, +1.609.981.aass, 16:17:25 ... alex, [Microsoft.a], jmayer, +1.703.265.aavv, bilcorry (muted), +1.703.265.aaxx, samsilberman 16:17:25 [Mozilla] has sidstamm 16:17:25 [Apple] has dsinger 16:17:25 [Microsoft] has suegl 16:17:41 ... when there is interaction then they would be 16:17:44 +q 16:17:57 ... second, a link shortener could be explicit that collecting information is the purpose 16:18:04 justin_, how much of the things you read in the last 2-months are you ready to recall and decide on at the last minute-- let's not be rediculous 16:18:14 q? 16:18:21 q+ 16:18:32 ... i wouldn't object to adding third example that iwilltrack then we could add another example 16:18:33 q? 16:18:37 A user is aware of the URL they are about to click on - its difficult to argue that party is not a 1st party due to URL construction. I agree with the general sentiment of moving redirectors to a 3rd party status but see the URL being an obvious issue with user expectation. 16:18:39 aleecia: i'm hearing i wouldn't mind 16:18:51 ack BrendanIAB 16:18:51 +q 16:18:52 I thought we had consensus on the user expectations issue. 16:18:57 brendan: i don' 16:19:08 Not about party size, but about what's a first party vs. third party. 16:19:13 URL structure appears to break the "user expectation" rule 16:19:24 s/i don'/i don't see specific text about redirection - what about javascript and onload/ 16:19:37 aleecia: think this is supposed to be technology neutral 16:19:54 brendan: in the javascript page the page is rendered and then the redirection happens 16:19:57 If I'm about to click on a URL "http://exam.pl.e/code1234" how do I argue that I didn't know I was about to visit "exam.pl.e"? 16:20:02 aleecia: justin did you have this in mind? 16:20:03 Zakim, aaxx is me 16:20:03 +jeffwilson; got it 16:20:08 WileyS, you mean the user knew they were going to Example Sho.rt because they saw the http://sho.rt in the URL? 16:20:19 justin: no, i copied most of the language from a previous proposal - not sure i understand 16:20:28 Nick, correct - and had the choice to not go to "sho.rt" if they didn't want to. 16:20:28 WileyS, I think a lot of links on the Web don't have the URL visible 16:20:38 brendan: standard redirect is HTTP 302 - the browser just navigates on 16:20:40 Its that basic premise that supports the 1st party argument. 16:21:00 ... the second case is a page that is delivered and then after the javascript changes the URL - you're interacting here as a first party 16:21:08 All links on the internet are discoverable - easily set within the UA to make this visible (CRUCIAL for the detection of phishing sites) 16:21:10 ... difference is client-side vs. server-side 16:21:24 ... javascript isn't considered a redirect in the HTTP spec 16:21:32 justin: what are you proposing? 16:21:40 brendan: i'm not seeing any text for this 16:21:40 "Check out example.com!" 16:21:52 this is a nice question. does a page that achieves the re-direct through scripting or other client-side actions get to be a first-party as a result? 16:21:53 justin: i tried to be tech neutral but we can add text if we need to 16:22:12 Nick, hover over "example.com" and you'll see it links to "http://sho.rt/abcd" 16:22:22 q? 16:22:26 brendan: both have the same end result but in the client-side the client has the opportunity to render the page so technically interacting 16:22:57 aleecia: sounds like so far no one is complaining about this text but different ways to expand - may need a new action to add more 16:23:00 ack dwainberg 16:23:26 dwainberg: first, haven't had much time to look at this - not participants when this language was proposed 16:23:32 How is this broad? 16:23:36 ... concerned that it is broad and need more time to review 16:23:38 It's one particular use case. 16:23:47 ... need to be narrowed to url shorteners and framing pages 16:23:54 +q 16:23:57 ... intermediaries text seems broad 16:23:58 zakim, aaxx is cblouch 16:23:58 sorry, cblouch, I do not recognize a party named 'aaxx' 16:24:00 ack WileyS 16:24:09 WileyS: i believe the issue is user expectation 16:24:18 WileyS, not sure we could expect that users will do that, especially if the anchor refer to a site name which is not the redirection service 16:24:22 ... anything not a first party becomes third party 16:24:33 ... user has opportunity to understand URL they navigate to 16:25:03 hm, few users look at the details of URLs behind links... 16:25:06 ... if i'm about to click on link to microsoft.com or micro.soft/abcd i know one is a first party and in the other case i'm hitting third party doing redirection 16:25:11 q+ 16:25:27 ... perhaps the key issue is redirection rather than shorteners or framing environments - these are manifestations 16:25:29 ack jmayer 16:25:37 zakim, aavv is cblouch 16:25:37 +cblouch; got it 16:25:38 behave. 16:25:49 WileyS, I tried to address this issue with the last sentence: The operators of these intermediary domains are third parties, unless they are a common party to the operator of either the referring page or the eventual landing page. 16:26:00 jmayer: i disagree - i think this is a clear violation of user expectations - users don't hover over links to see where they go 16:26:33 ... seems so straightforward that if a user clicks a link and there is chain of redirects most users won't understand and shouldn't have to 16:26:42 JMayer - why don't user understand? What proof or research do you have? 16:26:44 ... i don't think this is just a redirect thing 16:26:58 ... think this misses discoverability 16:27:00 ack justin_ 16:27:01 q+ to say maybe a first party has to 'present itself' to the user in order to become a first party? so any kind of 'silent intermediary' does not become so? 16:27:02 WileyS, I think we all agree that they're examples of the more generic question of re-directions, the question was just whether the re-directing parties were third parties to the interaction? 16:27:35 justin: trying to understand Shane's point - if micro.soft goes to microsoft think the language is okay 16:27:54 ... but if micro.soft goes to NY times then that might be different 16:27:54 Agreed - the last sentence (with some work) can fit this situation. 16:28:09 -amyc 16:28:15 ... the language says the redirector is third party unless they are common with the destination 16:28:26 WileyS: agreed - common party issue is addressed 16:28:28 +[Microsoft.aa] 16:28:28 "The operators of 16:28:29 these intermediary domains are third parties, unless they are a common 16:28:30 party to the operator of either the referring page or the eventual 16:28:31 landing page." 16:28:57 q+ 16:28:58 ... trying to also cover for where party injecting shortener bears some cost and putting them into third party may cause negative monetary pressure 16:29:09 ... struggling with wholesale throwing them into third party 16:29:12 +q 16:29:19 ... disagree with jmayer that people do look 16:29:25 Shane, I agree it's "discoverable 16:29:25 ... not everyone blindly clicks 16:29:38 ... would like time to research internally - we do have a shortener that we use 16:29:56 ... trying to understand if this would destroy some of our uses 16:29:58 Do we need to distinguish between the sender of the shortened URL vs the recipient? 16:30:00 Shane, I agree it's "discoverable" - but that's not the test. It's user expectations. Moving to "discoverable" would blow away the first party vs. third party divide. 16:30:07 amyc has joined #dnt 16:30:08 ... first party might still want the data 16:30:19 But the consumer wouldn't want their data collected if they have sent DNT 16:30:32 ... if yahoo had shortener in mobile space sounds like jmayer's view is this would be third party 16:30:33 I'm also, on reflection, not entirely comfortable with treating the referring site as a first party. 16:30:45 q? 16:30:46 ... definitely agree the same party case is covered - can improve the language 16:30:49 ack dsinger 16:30:49 dsinger, you wanted to say maybe a first party has to 'present itself' to the user in order to become a first party? so any kind of 'silent intermediary' does not become so? 16:30:51 aleecia: pretty close on this 16:30:55 Chapell has joined #DNT 16:31:06 dsinger: clear that definition of first party is something user realises interacts with 16:31:10 Jmayer, 1st party definition is already hinged on "discoverable" 16:31:25 ... silent site that the user is unaware of probably doesn't count as first party 16:31:37 ... this is question of site normally third party becoming first party 16:31:38 + +49.172.147.aazz 16:31:50 ... not banishing site to third party - determining if it is becoming first party 16:31:50 Zakim, aazz is schunter 16:31:50 +schunter; got it 16:31:58 case: I own a URL shortener. I have a Twitter account. I use my URL shortener in my Twitter post to link to a NYT article. Is the URL shortener a 3rd party? 16:31:59 ... think we can talk about evident first parties 16:32:13 ack justin_ 16:32:14 aleecia: i thought that - we could add text to be clearer 16:32:33 justin: if someone on yahoo uses yahoo shortener to go to NYtimes then that's okay as first party 16:32:49 -dwainberg 16:32:49 ... but if it is bit.ly then see Shane is saying there is a problem with monetisation 16:32:56 ... have a problem saying that is first party 16:33:06 ... but do get the idea that people aren't happy with that 16:33:06 Shane, the size of a party is determined by discoverable + affiliation. That's different from whether a party's a first party or a third party - where we agreed to user expectations. 16:33:08 q? 16:33:13 ack jmayer 16:33:34 Jmayer, agreed - so the referring site would fit that rule. 16:33:36 WileyS, in addition to the internal re-direction service, you also raised a question about monetization of third party URL shorteners -- do you think we would need to remove this third-party status altogether to cover that case? 16:33:46 jmayer: refering site collecting destination - my concern is in many cases this could violate user expectations 16:33:48 rvaneijk has joined #dnt 16:34:04 Nick, need more time to figure out how redirectors make money to support the services they provide seemingly for free today. 16:34:26 ... reading a news article and clicking on a source - one web site is learning something about what a user is doing on another site 16:34:28 + +31.65.141.bbaa 16:34:29 WileyS: Not sure even they know that one... 16:34:36 zakim, bbaa is me 16:34:36 +rvaneijk; got it 16:34:43 ... so the refering is a different case rather than where there is a landing page 16:34:43 Nick, We could inadvertantly kill the redirection market without looking at this more closely. 16:34:48 Shane: Can you also add to this research what data is collected by redirectors and what is sold, monetized, etc. 16:35:07 ... user expectations is often who does the user expect to be talking to but it's also what are they sending to whom 16:35:10 q? 16:35:14 Jeff - yes, want to know these items myself. 16:35:19 ... not clear users expect to be sending info about where they are going to 16:35:28 Tl - agreed, but hopefully someone knows. :-) 16:35:32 And tl at one point . . . 16:35:52 aleecia: think this was worked on by david and justin - they are agreeing with Shane that not expecting to affect single first party but text not as clear as it could be (and tom) 16:36:10 Outbound link tracking - if I click on a link that goes through a link shortener vs if I click on a link that redirects through a same origin as the site I'm interacting with? 16:36:13 And we'll try to address BrendanIAB's point too. 16:36:15 ... does anyone object to david and justin working to add one more sentence in a couple of days - throw this open until monday 16:36:19 Could you explain this one point? 16:36:22 it sounds like WileyS might have an objection if it affects a certain revenue model? 16:36:24 ... maybe work with Shane to ensure this is handled 16:36:28 (Concisely.) 16:36:45 ok 16:36:49 dwainberg has joined #dnt 16:37:10 aleecia: editing action for due date to monday and note that we are looking for one more sentence from justin and david to cover first party case 16:37:12 agenda? 16:37:34 zakim, who is on the phone? 16:37:34 On the phone I see aleecia, BrendanIAB?, npdoty, efelten, ninjamarnau, [Microsoft], robsherman, Chris_IAB?, jchester2, eberkower, KevinT, [GVoice] (muted), justin_, dsriedel 16:37:37 TOPIC: Discussion of face-to-face meeting 16:37:37 ... (muted), vincent, bryan, [Apple], adrianba, WileyS, johnsimpson, ??P50, AnnaLong, Brooks, [Mozilla], chapell, susanisrael, ChrisPedigoOPA, tedleung, +1.609.981.aass, alex, 16:37:37 ... [Microsoft.a], jmayer, cblouch, bilcorry (muted), jeffwilson, samsilberman, [Microsoft.aa], schunter, rvaneijk 16:37:37 [Mozilla] has sidstamm 16:37:37 [Apple] has dsinger 16:37:38 [Microsoft] has suegl 16:37:43 zakim, who is on call? 16:37:43 I don't understand your question, johnsimpson. 16:37:52 If the point is that a URL shortener is first party if it's provided by the first party and linking to the first party, I think we definitely have agreement there. 16:37:55 How many people do we lose with Yom Kippur? 16:38:00 zakim, who is on phone 16:38:00 I don't understand 'who is on phone', johnsimpson 16:38:02 aleecia: jewish holiday during the time we picked 16:38:13 If the point is that a URL shortener is first party if it's provided by the first party, we don't have agreement. 16:38:21 ... had a couple of personal messages on this that such things shouldn't come to a vote 16:38:43 ... the problem is that this is when room is available - haven't been successful in finding another room 16:38:50 ... please hold off booking travel for now 16:38:53 henryg has joined #dnt 16:39:00 ... looking for more options and will get back to you on monday 16:39:03 whoa, already booked and paid for travel 16:39:05 +dwainberg 16:39:06 ... comments? 16:39:12 Let's meet in Brussels and have the EU supply the room 16:39:16 me too 16:39:19 zakim, who is making noise? 16:39:26 -bryan 16:39:27 aleecia: know a couple of people have booked travel 16:39:30 dsinger, listening for 10 seconds I heard sound from the following: alex (14%) 16:39:47 ... this isn't straightforward - we're going to see if we have options - if you have not yet booked please don't 16:39:53 ... apologies for confusion 16:39:54 Jmayer, I agree its not that simple. But if the owner of the shorter uses that in their 1st party context, I believe the shortner (redirector) should be considered 1st party in that context. 16:39:57 Zakim, who is on the phone? 16:39:57 On the phone I see aleecia, BrendanIAB?, npdoty, efelten, ninjamarnau, [Microsoft], robsherman, Chris_IAB?, jchester2, eberkower, KevinT, [GVoice] (muted), justin_, dsriedel 16:40:01 ... (muted), vincent, [Apple], adrianba, WileyS, johnsimpson, ??P50, AnnaLong, Brooks, [Mozilla], chapell, susanisrael, ChrisPedigoOPA, tedleung, +1.609.981.aass, alex, 16:40:01 ... [Microsoft.a], jmayer, cblouch, bilcorry (muted), jeffwilson, samsilberman, [Microsoft.aa], schunter, rvaneijk, dwainberg 16:40:01 [Mozilla] has sidstamm 16:40:01 [Apple] has dsinger 16:40:01 [Microsoft] has suegl 16:40:04 + +1.508.655.bbbb 16:40:06 +q 16:40:19 zakim, aass is tl 16:40:19 +tl; got it 16:40:30 And, Zakim, how long have you known me? 16:40:42 I'm hurt, truly hurt. 16:40:43 I'll need to leave call in a few minutes 16:40:45 Aleecia, ETA on decision? 16:40:54 q- 16:41:10 Zakim, bbbb is HenryGoldstein 16:41:10 +HenryGoldstein; got it 16:41:16 Zakim, drop [GVoice] 16:41:16 [GVoice] is being disconnected 16:41:17 damiano fusco, the nielsen company. Not sure what my phone is i'm using google talk 16:41:18 -[GVoice] 16:41:22 Zakim, drop ??P50 16:41:22 ??P50 is being disconnected 16:41:24 -??P50 16:41:24 Aleecia, thank you. 16:41:31 -johnsimpson 16:41:35 johnsimpson has left #dnt 16:41:42 aleecia: by monday of next week will have a decision - if someone has space in europe they can volunteer please get in touch with nick 16:41:51 TOPIC: Discussion of how we move forward on permitted uses 16:42:00 aleecia: great progress in Seattle on permitted uses 16:42:10 +[GVoice] 16:42:10 np 16:42:14 ... now spending some time talking about SOX compliance 16:42:21 ... trying to get some auditors to review 16:42:22 Zakim, [GVoice] is damiano_ 16:42:22 +damiano_; got it 16:42:36 ... is there any other information people think we need that we don't have in the group 16:42:42 Aleecia, we'll need representatives from every legal juristiction in the world if you're using that as guiding point for the Financial Permitted Use 16:42:44 ... please let me know 16:42:45 zakim, who is making noise? 16:42:47 +??P32 16:42:57 dsinger, listening for 10 seconds I heard sound from the following: schunter (14%), aleecia (84%), jchester2 (24%), Brooks (7%) 16:43:16 aleecia: we've discuss a lot of these issues for a year - we are getting to the point where we will have final text 16:43:26 I don't see why we need info on SOX -- there's always going to be a "legally required" exception, yes? 16:43:27 Zakim, who is making noise? 16:43:32 ... and if we can't agree the text will come to the chairs to figure out the least objectionable text 16:43:40 npdoty, listening for 12 seconds I heard sound from the following: schunter (12%), aleecia (91%) 16:43:40 I am muted at the telphone level 16:43:45 -schunter 16:44:20 TOPIC: Third parties should be prohibited from acting or representing themselves as first parties 16:44:25 ACTION-116? 16:44:25 ACTION-116 -- Thomas Lowenthal to draft text prohibitng third parties from acting or representing themselves as first parties -- due 2012-03-06 -- PENDINGREVIEW 16:44:25 http://www.w3.org/2011/tracking-protection/track/actions/116 16:44:29 http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0618.html 16:44:39 aleecia: should be fairly straightforward 16:45:07 "knowingly represent" seems more fair 16:45:20 aleecia: that seems fine 16:45:23 "or with reason to know" 16:45:24 ... any other comments? 16:45:29 "for example, by …" 16:45:34 Ignorance shouldn't be an excuse. 16:45:40 David speaking 16:45:41 +q 16:45:42 do we need clarity about service providers? 16:45:48 dsinger: trying to think, people will have questions about how to do that 16:45:49 ack tl 16:45:56 tl: think the example is right in there 16:46:02 q+ 16:46:10 q- 16:46:15 q? 16:46:16 Agreed, Service Providers will need to do this. 16:46:19 ... specific case was a 3rd party might send 1st party response header and that was previously not prohibited and this makes it prohibited 16:46:26 q+ 16:46:38 -KevinT 16:46:41 ack dwainberg 16:46:42 aleecia: any objections to "knowingly represent" 16:46:52 dwainberg: not a ton of time to think about this 16:47:07 ... if concern is narrowly about headers and responses then we should link it to that 16:47:13 ... right now it is broad 16:47:19 Once again, there's nothing broad here. 16:47:24 ... i don't know what the standard is for falsely representing 16:47:29 If you're a third party, don't tell users you're a first party. 16:47:30 ... not sure what all the contexts are 16:47:37 ... should narrow to this 16:47:44 tlr has joined #dnt 16:47:47 aleecia: when is it okay for 3rd party to say it is 1st party? 16:48:12 dwainberg: think there is a case where someone might need to be represented as first party and this might cause a problem for that 16:48:18 ... thinking outside header and response 16:48:36 aleecia: for example a privacy policy, which could be many formats 16:48:45 Aleecia, Service Providers can say they are a 1st party. An affiliated site, while technically a 3rd party from a domain perspective, can also say they are a 1st party. 16:48:47 I don't understand the comments from nick and shane about service providers. Can you explain the concern? 16:48:51 dwainberg: could be some interstitial, or an interface to request consent 16:49:08 +q 16:49:09 +q 16:49:09 Doesn't "knowingly" help with David's issue? 16:49:12 aleecia: trying to understand why it would ever be okay for 3rd party to say it is a 1st party 16:49:22 dwainberg: not saying that - think the text is unclear 16:49:31 ack tl 16:49:31 ... falsely represent is not a clear standard 16:49:59 efelten also proposes that "knowingly" might help dwainberg; dwainberg, does that help? 16:50:11 tl: i find this objection pretty shocking - the language is clear - don't falsely represent yourself as a first party if you're a third party 16:50:18 ... it's not supposed to say how 16:50:35 dwainberg: part of the problem is that first or third parties are not going to say which they are 16:50:40 "knowingly" might help dwainberg's concern if it's about uncertainty 16:50:53 ... sometimes more vague signals such as logos or language 16:50:58 +q 16:51:12 ... to avoid the problem, remember this is text for lawyers, we need to be clear what we're getting at 16:51:31 Perhaps it would help to add the word "knowingly"? 16:51:35 ... this raises a flag as kind of vague because it doesn't give enough guidance to avoid running afoul of this 16:51:43 ... agree misrepresenting should not be allowed 16:51:46 ack WileyS 16:51:59 WileyS: i think with knowingly we get out of the accidental 16:52:09 ... agree with jmayer that ignorance shouldn't be a valid out 16:52:18 "knowingly" and "intentionally"? 16:52:32 not sure…I'll need to think about it further 16:52:35 ... but truly not knowing technically such as iframe'd content where you honestly think you're always a first party 16:52:53 ... service providers is one case and so is affiliated domains 16:53:01 As we discussed in Seattle, service providers should not claim to be first parties. 16:53:18 ... truly trying to go after bad actors here 16:53:29 ... wanted to give some examples where third party will respond as first party 16:53:35 aleecia: don't think those cases are covered here 16:53:44 ... service providers not considered 3rd parties 16:53:51 ... not 1st either - they are service providers 16:53:59 ... could add language to exclude service providers 16:54:05 ... domain names shouldn't be an issue 16:54:13 ok, i understand the point about service providers now. 16:54:19 when editors integrate this text, they'll need to make it fit in with the text on service providers in any case 16:54:23 q? 16:54:26 -q 16:54:29 ack jmayer 16:55:04 aleecia: suggestion to add couple of different modifiers - knowingly or intentionly 16:55:11 ... intention seems difficult to get at 16:55:14 I haven't heard anyone agree with David, so no need to consume the group's time. 16:55:20 +ChrisPedigoOPA.a 16:55:22 ... knowingly also difficult but maybe easier 16:55:25 q+ 16:55:29 I see no need for a change to this text. 16:55:39 ack dsinger 16:55:58 dsinger: in protocols there is usually a blanket rule you don't state falsehoods - seem to picking on a particular area here 16:56:16 ... do we need to say this as a more general statement - you must state the truth about who you are 16:56:22 aleecia: is there standard language for this? 16:56:31 dsinger: don't think this is something people usually talk about 16:56:36 T1, I disagree. Any first party that has their content hijacked will be breaking this rule. 16:56:38 aleecia: in this case we appear to 16:56:39 Matthias objected to putting that content in the DNT doc, and suggest it be added to the TCS instead. That is the reason for this text. 16:56:40 why do we need to address? 16:56:48 +1 16:56:53 +q 16:56:54 can we suggest that the editors add this to the draft and they can see how best to integrate it (regarding fitting in with service providers, and whether it's part of a more general section)? 16:56:55 Agree with David Singer; this is enforceable by local authorities, without the need for further clarification 16:56:59 ... we don't currently have any text that says if you are X you must represent yourself as X 16:57:02 ack amyc 16:57:32 amyc: i think it's interesting that this isn't used in other protocols - wondering if we need to focus on this specific part 16:57:59 ... think we're defining the parties in each transaction and we can evaluate them objectively 16:58:12 ... okay with shane's proposal but don't know why we're spending time on this 16:58:18 we also say that that the UA can't lie and say the user wanted DNT when they have not asked the user; we also say that you can't say I'm not tracking, and go ahead and track; and so on... 16:58:18 aleecia: is this harmful? 16:58:23 amyc: if it takes time away from this 16:58:28 Let's have more language prohibiting other lies too! 16:58:35 dsinger: implication that if we ban lying here it's okay to lie in other places 16:58:38 t1, LOL - NO! 16:59:04 Zakim, who is making noise? 16:59:08 aleecia: two viewpoints: we should be silent vs. we should adopt this or something like it 16:59:11 zakim, who is making noise? 16:59:15 npdoty, listening for 10 seconds I heard sound from the following: aleecia (9%), [Mozilla] (81%), susanisrael (4%) 16:59:19 -[Mozilla] 16:59:28 dsinger, listening for 10 seconds I heard sound from the following: [Microsoft.aa] (18%), aleecia (79%) 16:59:41 -1 16:59:42 -1 16:59:43 +1 16:59:43 -1 16:59:44 +q 16:59:45 -1 16:59:46 -q 16:59:46 -1 16:59:47 +1 16:59:47 +1 16:59:48 aleecia: please +1 if this is a loophole we need to close or -1 if we should not address at all 16:59:49 -1 16:59:49 -1 16:59:51 +1 16:59:52 -1. I wonder if the gap that Aleecia and others identified is reflected by the fact that the TPE provides a header response but doesn't specifically say that if you give a response it has to be consistent with the first/third party definitions. If that's right, can we just fix that gap? 16:59:53 +1 17:00:08 8 to 5 (-1s have it) 17:00:10 -1 17:00:13 Chapell has joined #DNT 17:00:13 0 17:00:15 -1 17:00:15 9 to 5 17:00:18 aleecia: interesting - few people participating 17:00:19 -1 17:00:21 0 17:00:24 0 17:00:31 11 to 5 (3 obstain) 17:00:36 aleecia: what's 0? 17:00:45 same 17:00:48 justin: both are justifiable - doesn't matter - happy either way 17:00:51 same 17:00:55 effectively a 0 = status quo then 17:01:02 Final: 11 to 5 (4 obstain) 17:01:14 mistype 17:01:16 aleecia: most say don't need text explicitly on this 17:01:26 -1 17:01:47 aleecia: of those saying we need text, is there anyone who can't live with "of course you can't lie" - i.e. having no text 17:01:50 +q 17:01:55 ack tl 17:02:00 -samsilberman 17:02:04 Updated Final: 12 to 5 (4 obstain) 17:02:05 i'm kind of a zero too as long as the language is more precise. I am hearing david's concern as more of a lawyer's perspective on precise drafting than an advocacy for lying. 17:02:09 not necessary 17:02:10 tl: if we all think obviously we can't lie then shouldn't be a problem with saying it 17:02:13 Looks like at least 25 people abstained 17:02:35 all such standards depend on voluntary adherence 17:02:37 +q 17:02:46 aleecia: trouble was trying to phrase it without suggesting can lie in other areas or for companies that don't realise they got it wrong for no fault of their own 17:02:47 ack jmayer 17:02:48 Ed, true, I should capture the 4 "0"s as something other than an abstain 17:02:57 Companies can already get in trouble for accidental lies under at least US law. 17:02:59 jmayer: can't we address this explicitly too 17:03:08 ... say other lying isn't also okay 17:03:29 aleecia: anyone who can't live with counter suggestion - actually text already says this 17:03:42 ... jmayer, can you suggest other text 17:03:42 make the rule in the affirmative and the negative is not required 17:03:48 jmayer: will think of something and type in 17:04:01 +q 17:04:19 +1 17:04:25 Chris_IAB: anyone adhering to the standard has to adhere to the standard - it's not necessary to say you're doing it and you're not going to lie about it 17:04:29 "It it PROHIBITED send a signal described in the TPE doc which is deceptive." 17:04:34 ... if you choose to lie it doesn't matter what it says in the standard 17:04:40 ack robsherman 17:04:53 robsherman: we already have laws that say can't lie to consumers - don't need to include in spec 17:05:10 if we all agree about the requirement and the question is just whether we need this text in the spec, we could just leave it up to the editors? 17:05:17 q? 17:05:18 ... main concern heard is that TPE doesn't say you have to correctly state 1st or 3rd party 17:05:21 +q 17:05:25 ack tl 17:05:35 tl: pasted text counter proposal 17:05:48 Object 17:05:50 aleecia: anyone who would object to that 17:05:53 No need to state this... 17:05:54 object to the need for this language 17:05:59 q+ 17:06:05 WileyS: core argument - why do we need to state this? 17:06:08 "This section is not intended to allow or prohibit any practices other than those explicitly addressed." 17:06:09 +q 17:06:19 ... if you state your compliant then you are following it 17:06:34 ... if someone sends an untrue signal then already not following spec 17:06:39 ... this text doesn't change that 17:06:45 Would this text change the meaning of the spec, or not? 17:06:52 Are deceptive business practices prohibited in the EU? 17:06:56 ... my concern more on unintended consequences 17:07:20 ...wasteful language and we're all trying to have straightforward text 17:07:24 efelten, it would. Third parties are substantively prohibited from acting as first parties. But the rest of the spec doesn't address what a party claims to be. 17:07:25 @justin, yes, but this is outside data protection legislation 17:07:28 Aleecia, agreed 17:07:34 aleecia: seems like already covered by party definitions 17:07:51 ... says what a company reasonable expects what is going on - what is different here? 17:08:03 The spec already covers this topic - this is unneeded additional text. 17:08:22 aleecia: question from ed - would text change meaning of spec? 17:08:24 ... hearing both 17:08:26 You already had a vote on this and the group overwhelmingly (13 to 5) agreed this text should NOT be added 17:08:39 Straw vote - apologies. 17:08:39 If it doesn't change the meaning, then it seems like a clarification. It it does change the meaning, then we should discuss whether to make that change. 17:08:46 aleecia: straw poll not a vote - trying to understand intensity of disagreement 17:08:48 WileyS: We operate by consensus. 17:08:56 intense on this side-- can't live with it 17:08:57 ... if people have a preference but can live with the other approach 17:09:15 tl, remember that point :-) 17:09:19 rvaneijk, Right, so DPAs couldn't bring a case based on deception? Though would they be able to bring an enforcement action just based on violating a technical spec? Or does it depend on jurisdiction at this point? 17:09:26 they just changed the semantics... 17:09:33 ... asked if can't live with no text - counter proposal suggested 17:09:44 Inadvertant consequence 17:09:50 q? 17:09:51 ... now asking can people live with this statement 17:09:57 @justin, depends on local jurisdiction. In NL we have civil law. 17:10:04 ack dwainberg 17:10:16 +q 17:10:27 dwainberg: agree with sentiment don't want deception - language is either redundant or creates new standard at w3c for deceptive 17:10:40 aleecia: how does this create new standard for w3c? 17:10:52 Question to people who can't live with this: How does it change the meaning of the spec? 17:10:55 Was is the legal defintion of "deceptive" in Korea? In Japan? In Italy? 17:11:02 dwainberg: to put in a spec a party must not do something that is deceptive - what is the standard for deceptive 17:11:09 Its a legally loaded term - that's the concern here. 17:11:10 ... decades of case law on meaning of deceptive 17:11:17 ... are we including that by reference 17:11:20 are tl, jmayer comfortable with existing regulations against deception covering the common sentiment? 17:11:26 "falsely represent themselves as a first party" 17:11:27 @justin: the obligation to inform is an important data protection principle however.. 17:11:30 q? 17:11:33 ... don't know how that will work - adds risk to parties trying to be compliant with standard 17:11:38 ack jmayer 17:11:46 If we can't use any language which has actual meaning and consequence because lawyers don't understand what it means, then we have a real problem. 17:11:53 jmayer: now we have agreement that changes what text says 17:11:54 The word "deceptive" does not appear in the proposed language (in any form). 17:12:00 if you want parties to voluntarily comply with this standard, you should probably stay away from legally loaded terms like this 17:12:06 ... current text prohibits 3rd party acting as 1st party 17:12:11 Ed, its in the offered up revision (look higher up in the IRC chat) 17:12:15 rvaneijk, Right, so it should be a transparency/notice violation under existing data protection law under either iteration. 17:12:27 ... what spec doesn't say is what a 3rd party sends when acting in a certain way 17:12:35 just define 1st party and 3rd party FOR THIS SPEC, and we are done with this 17:12:44 That language should be fixed then 17:12:45 make the definitions clear 17:12:46 ... would not be a violation for third party to be a third party but say it is a first party 17:12:51 that's working in the affirmative 17:12:53 not sure I understand 17:12:56 ... no doubt we're changing the substance of the spec 17:13:09 q+ to agree with Rob that we need the TPE to say that the response header and well-known resource 'reflect the party's status and behavior' 17:13:29 ... as to the legal implications, that will vary, in the US the FTC might already give you most of this if not all 17:13:35 ... even without the language 17:13:53 How many attorneys do we have on the call today? Jurisdiction of practice? 17:14:06 If the standard is specified technically in a decent manner, a first party and its contracted third parties, working in "silo"mode, have an easy time to make their status transparent while a deceptive third party would have a hard time. Especially when audits or clever browsers investigate "DNT complaint" parties. 17:14:07 ... might not be deceptive just because of this spec- think this does change legal enforcement in some countries 17:14:12 +1 DSinger - sounds like a better path "'knowingly' reflect the party's status and behavior" 17:14:13 ack robsherman 17:14:13 dsinger, as in "The communications described in the TPE MUST accurately represent the party's status and behavior." ? 17:14:32 robsherman: question is this is new language that there is not precedent for 17:14:40 ... so can discuss if this changes a practice 17:14:49 ... we don't know how this will be interpreted later 17:14:51 So maybe this is also something a first party should be able to within this standard to have at least some control about its status and the status of its partners. 17:14:57 0 17:14:57 ... if we don't need it then we should have it 17:15:10 ... if we have specific cases we should just address those 17:15:13 Rob, there is specific behavior we're concerned about: a third party claiming it's a first party. 17:15:17 tl: maybe. you can 'under-act' (it's true you are a first party, but you do less tracking than many thirds) 17:15:18 From the HTTP 1.1 standard: Since the protocol version indicates the protocol capability of the sender, a proxy/gateway MUST NOT send a message with a version indicator which is greater than its actual version 17:15:27 ... favour minimalism here because it gets hard to structure language 17:15:29 (took ten seconds to find that one) 17:15:39 ... and difficult to know how regulators will interpret that language 17:15:45 ack dsinger 17:15:45 dsinger, you wanted to agree with Rob that we need the TPE to say that the response header and well-known resource 'reflect the party's status and behavior' 17:16:01 let's keep it to a technical specification: define what is a 1st and 3rd party, specifically, for this spec 17:16:05 @Robsherman: lying is not allowed, not telling the whole truth is a different thing 17:16:11 dsinger: can we just edit the TPE doc to say what you claim in your header or well known resource must reflect your status 17:16:14 Which would mirror the language that efelten just sent around. 17:16:17 "your actual status" - so if a 1st party's content is hijacked they are non-compliant? 17:16:20 aleecia: would you take an action to write that? 17:16:27 dsinger: sure, if the group wants that to happen 17:16:38 aleecia: think text will be useful and won't take long 17:16:50 ... let's look at that approach vs. what we currently have and go from there 17:16:54 rrsagent, make minutes 17:16:54 I have made the request to generate http://www.w3.org/2012/08/01-dnt-minutes.html adrianba 17:17:14 dsinger, Take note of the HTTP 1.1 language that efelten pasted above. 17:17:38 aleecia: we'll take another look with text from david 17:17:48 action: singer to draft very short text in TPE about representing party status 17:17:48 Created ACTION-233 - Draft very short text in TPE about representing party status [on David Singer - due 2012-08-08]. 17:17:50 Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? (ISSUE-49) 17:18:05 http://www.w3.org/2011/tracking-protection/track/actions/161 17:18:06 ACTION-161? 17:18:06 ACTION-161 -- Shane Wiley to work on issue-49 -- due 2012-05-07 -- PENDINGREVIEW 17:18:06 http://www.w3.org/2011/tracking-protection/track/actions/161 17:18:09 adrianba, Sure 17:18:19 Shortest scribing FTW. 17:18:36 scribenick: justin_ 17:18:45 A Third-Party MAY operate as a First Party if the following conditions are met: 17:18:46 • Data collected is separated for each First Party by technical means and organizational process, AND 17:18:47 • The Third Party has no independent rights to the collected information outside of Permitted Uses (see Section X.Y), AND 17:18:48 • A contractual relationship exists between the Third Party and the First Party that outlines and mandates these requirements. 17:18:49 A Third-Party acting on the behalf of a First Party is subject to all of the same restrictions of a First Party. 17:19:03 aleecia: Reading above for those not on IRC 17:19:15 -adrianba 17:19:19 +q 17:19:25 WileyS, you intend this as an elaboration/definition of "Service Provider", yeah? 17:19:26 -ninjamarnau 17:19:38 +q 17:19:38 adrianba has left #dnt 17:19:42 q? 17:19:49 Yes 17:19:50 WIleyS, the limitation of futher use is lacking in the normative text. 17:19:53 ack jmayer 17:19:57 aleecia: This is text from WileyS 17:20:14 jmayer: Two points: This conflates service providers and first parties. 17:20:28 ... There's value in treating them separately. 17:20:36 ... O 17:20:55 q+ to say "operate as a First Party" should be "operate under the rules for a first party", but otherwise agree 17:21:11 ... Otherwise, it's easy to think that service providers have the same complete lack of restrictions that first parties have (or don't have). 17:21:49 JMayer, could you give an example that worries you? 17:22:14 ... Second, glad that service providers can't use for their own purposes, but what if service providers can get access to extra data? 17:22:17 re-use for market research, is that an example? 17:22:29 q? 17:22:35 ack justin_ 17:22:42 Okay with placing "Service Provider" at the top of the text (as that's what we're trying to cover here) 17:22:47 Justin, yes. 17:22:54 justin: is this language just meant to replace outsourcing/service provider language? 17:23:04 q? 17:23:08 ack dsinger 17:23:08 dsinger, you wanted to say "operate as a First Party" should be "operate under the rules for a first party", but otherwise agree 17:23:09 Q: How is this supposed to substantively change the current text? 17:23:12 Disagree with the removal for the permitted use protection 17:23:14 justin_: Is this language just meant to be a replacement to the current language in the Strawman draft on outsourcing? 17:23:20 WileyS: yes. 17:23:27 David, I'm fine with that change 17:23:37 Got it 17:23:44 dsinger: I'd prefer that the language say that the service provider isn't a first party, but that they may act as a first party. 17:23:48 I'd much prefer to be more explicit. 17:24:24 aleecia: Remember, that the third parties can have outsourcing service providers too, so we may need to adapt this definition to reflect that. 17:24:37 ... Asks WileyS to accomodate the language. 17:24:40 Aleecia, yes - makes sense 17:24:57 q? 17:25:19 zakim, who is making noise? 17:25:23 ... Some editing needs to get done here. Seeing no one on queue, wants to know what can be done to address jmayer's concerns. 17:25:29 dsinger, listening for 10 seconds I heard sound from the following: jchester2 (14%) 17:25:47 Zakim, mute jchester2 17:25:47 jchester2 should now be muted 17:25:50 ... Notes that there are limitations, contractual relationships, etc. --- other than permitted uses, what do you need jmayer? 17:26:01 sorry 17:26:30 I heard the static. thks 17:26:33 We disagreed with your language and approach -- and feel this is a better position (less prescriptive but meets the same goals) 17:26:48 jmayer: I'd prefer our language that was rejected by folks in the ad industry. This language looks much less stringent. Weaker siloing. More ability to use information . Weaker legal protections. 17:26:49 Feel free to compare 17:27:12 +q 17:27:15 ... Would like to see a comparison between our language and this language. What's in here that solves their problems? 17:27:16 I also would like to hear. 17:27:21 ack WileyS 17:27:36 WileyS: This is cleaner, less prescriptive, more flexibile through a variety of mechanisms. 17:27:41 jmayer: How? 17:27:56 How is it prescriptive, Shane? 17:27:58 WileyS, when we're talking about "prescriptive", is that on the example technical means? 17:28:06 WileyS: Feel free to point out why what you suggested is needed, but no one will implement. 17:28:10 Nick, yes 17:28:28 aleecia: Take this to the mailing list and look at side-by-side. 17:28:44 You mean the explicitly "Non-Normative" language? 17:28:45 Got it 17:28:54 That was prescriptive? 17:28:57 ... Reopening action item for WileyS to make the two edits that we seemed to agree upon on the call. 17:29:01 jmayer, the structure of the normative language as well. 17:29:43 ... Not seeing movement toward the middle, so we may be moving down the path of taking formal objections. 17:29:54 -efelten 17:29:55 ... That's probably where we're headed :( 17:29:56 -tedleung 17:29:56 -ChrisPedigoOPA.a 17:29:56 -rvaneijk 17:29:57 -jchester2 17:29:57 -robsherman 17:29:58 -??P32 17:30:00 -tl 17:30:01 ... Take care and see you later. 17:30:01 -eberkower 17:30:03 -vincent 17:30:05 -AnnaLong 17:30:08 -Brooks 17:30:09 -bilcorry 17:30:11 -[Microsoft] 17:30:13 -[Apple] 17:30:16 rrsagent, draft minutes 17:30:16 I have made the request to generate http://www.w3.org/2012/08/01-dnt-minutes.html npdoty 17:30:16 -alex 17:30:17 -jeffwilson 17:30:19 -jmayer 17:30:21 -damiano_ 17:30:23 -justin_ 17:30:25 -HenryGoldstein 17:30:27 -BrendanIAB? 17:30:29 -aleecia 17:30:30 Zakim, list attendees 17:30:31 -dwainberg 17:30:33 -Chris_IAB? 17:30:35 -[Microsoft.a] 17:30:37 As of this point the attendees have been +1.408.674.aaaa, BrendanIAB?, npdoty, aleecia, +1.202.326.aabb, efelten, +49.431.98.aacc, ninjamarnau, +1.202.370.aadd, suegl, robsherman, 17:30:40 ... Chris_IAB?, jchester2, +1.646.654.aaee, +1.415.734.aaff, +1.206.658.aagg, +1.202.637.aahh, +49.721.83.aaii, justin_, dsriedel, KevinT, vincent, bryan, amyc, dsinger, 17:30:43 ... +1.207.619.aajj, dwainberg, [Microsoft], adrianba, +1.408.349.aakk, WileyS, +1.310.392.aall, eberkower, +1.919.517.aamm, +1.678.580.aann, +1.917.318.aaoo, sidstamm, 17:30:46 ... +1.201.723.aapp, johnsimpson, +1.202.507.aaqq, susanisrael, ChrisPedigoOPA, +1.206.369.aarr, +1.609.981.aass, tedleung, +1.813.366.aatt, alex, chapell, AnnaLong, Brooks, 17:30:49 ... +1.202.684.aauu, +1.703.265.aavv, jmayer, +1.408.223.aaww, +1.703.265.aaxx, bilcorry, +1.781.472.aayy, samsilberman, jeffwilson, cblouch, +49.172.147.aazz, schunter, 17:30:52 ... +31.65.141.bbaa, rvaneijk, +1.508.655.bbbb, tl, HenryGoldstein, damiano_ 17:30:54 -chapell 17:30:56 -cblouch 17:30:58 -susanisrael 17:31:00 -dsriedel 17:31:09 cblouch has left #dnt 17:32:11 robsherman1 has joined #dnt 17:32:41 -WileyS 17:49:52 -npdoty 17:53:27 -[Microsoft.aa] 17:58:01 ifette has joined #dnt 17:58:27 disconnecting the lone participant, ChrisPedigoOPA, in T&S_Track(dnt)12:00PM 17:58:29 T&S_Track(dnt)12:00PM has ended 17:58:29 Attendees were +1.408.674.aaaa, BrendanIAB?, npdoty, aleecia, +1.202.326.aabb, efelten, +49.431.98.aacc, ninjamarnau, +1.202.370.aadd, suegl, robsherman, Chris_IAB?, jchester2, 17:58:29 ... +1.646.654.aaee, +1.415.734.aaff, +1.206.658.aagg, +1.202.637.aahh, +49.721.83.aaii, justin_, dsriedel, KevinT, vincent, bryan, amyc, dsinger, +1.207.619.aajj, dwainberg, 17:58:31 ... [Microsoft], adrianba, +1.408.349.aakk, WileyS, +1.310.392.aall, eberkower, +1.919.517.aamm, +1.678.580.aann, +1.917.318.aaoo, sidstamm, +1.201.723.aapp, johnsimpson, 17:58:33 ... +1.202.507.aaqq, susanisrael, ChrisPedigoOPA, +1.206.369.aarr, +1.609.981.aass, tedleung, +1.813.366.aatt, alex, chapell, AnnaLong, Brooks, +1.202.684.aauu, +1.703.265.aavv, 17:58:36 ... jmayer, +1.408.223.aaww, +1.703.265.aaxx, bilcorry, +1.781.472.aayy, samsilberman, jeffwilson, cblouch, +49.172.147.aazz, schunter, +31.65.141.bbaa, rvaneijk, +1.508.655.bbbb, 17:58:39 ... tl, HenryGoldstein, damiano_ 17:58:47 ifette_ has joined #dnt 18:09:25 tl has joined #dnt 19:59:04 ifette has joined #dnt 19:59:16 ifette_ has joined #dnt 20:35:01 dsinger has joined #dnt 20:42:10 tlr has joined #dnt 20:56:07 schunter has joined #dnt 20:59:09 schunter1 has joined #dnt 21:03:51 schunter has joined #dnt 21:04:51 schunter has joined #dnt 21:09:19 schunter has joined #dnt 21:11:32 tl has joined #dnt 21:16:54 schunter1 has joined #dnt 21:20:14 ifette_ has joined #dnt 21:47:58 schunter has joined #dnt 21:58:44 schunter1 has joined #dnt 22:51:14 tlr has joined #dnt 23:16:48 ifette has joined #dnt