15:41:44 RRSAgent has joined #dnt 15:41:44 logging to http://www.w3.org/2012/08/15-dnt-irc 15:41:52 Zakim, this will be dnt 15:41:52 ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 19 minutes 15:41:58 chair: schunter 15:42:08 rrsagent, make logs public 15:42:13 agenda? 15:42:20 zakim, clear agenda 15:42:20 agenda cleared 15:42:49 Chris_IAB has joined #dnt 15:43:20 I will be joining the call today, probably via Skype in about 15-min. 15:46:41 Great, Chris! 15:47:32 agenda+ Selection of scribe 15:47:42 agenda+ Review of overdue action items: http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner 15:47:53 agenda+ Any comments on published minutes 15:48:11 agenda+ Quick check that callers are identified 15:48:47 agenda+ summary by Roy on the changes to the TPE document (diff: http://www.w3.org/2011/tracking-protection/drafts/diffs/TPE-sea-to-20120814.html) 15:49:24 agenda+ Pending agreement: http://www.w3.org/2011/tracking-protection/track/issues/116 15:49:40 agenda+ Open: http://www.w3.org/2011/tracking-protection/track/issues/137 15:50:06 agenda+ Newly raised 1: http://www.w3.org/2011/tracking-protection/track/issues/158 15:50:22 agenda+ Newly raised 2: http://www.w3.org/2011/tracking-protection/track/issues/159 15:50:44 agenda+ Newly raised 3: http://www.w3.org/2011/tracking-protection/track/issues/160 15:50:54 T&S_Track(dnt)12:00PM has now started 15:50:58 agenda+ Announce next meeting & adjourn 15:51:01 + +1.650.200.aaaa 15:51:04 npdoty has joined #dnt 15:51:12 agenda? 15:51:28 - +1.650.200.aaaa 15:51:31 T&S_Track(dnt)12:00PM has ended 15:51:32 Attendees were +1.650.200.aaaa 15:51:33 David has joined #dnt 15:51:55 schunter1 has joined #dnt 15:52:18 Ok, we should be all set. 15:52:28 thanks aleecia! 15:53:01 T&S_Track(dnt)12:00PM has now started 15:53:08 +schunter 15:53:21 It worked for me (you are the 1st participant). 15:53:32 The passcode is only valid 10min before the start (AFAIR). 15:53:48 +npdoty 15:53:49 Yes. 15:54:05 Uh, yes on first 10 minutes, not yes on having issues 15:54:27 I've run into that a few times :-) 15:54:36 fielding has joined #dnt 15:54:42 +aleecia 15:54:57 hi (muted) 15:55:29 +fielding 15:55:42 dsinger has joined #dnt 15:55:45 BrendanIAB has joined #dnt 15:56:13 rvaneijk has joined #dnt 15:56:40 efelten has joined #dnt 15:56:58 Lia has joined #dnt 15:57:02 +BerinSzoka 15:57:23 +felten 15:57:59 + +1.650.200.aaaa 15:58:14 alex has joined #dnt 15:58:24 +rvaneijk 15:58:44 will be joining the call in about 15 minutes... 15:58:44 +??P17 15:58:57 Please mute 15:59:02 thank you 15:59:07 +alex 15:59:16 Joanne has joined #DNT 15:59:19 Who called in via Skype or similar? 15:59:20 -npdoty 15:59:30 JC has joined #DNT 15:59:30 amyc has joined #dnt 15:59:34 +npdoty 15:59:36 Nick: Do you want to do the de-anonymisation procedure? 15:59:37 Zakim, felten is efelten 15:59:37 +efelten; got it 15:59:43 Chris_IAB has joined #dnt 15:59:46 justin_ has joined #dnt 15:59:53 just joined via Skype 15:59:55 (perhaps Chris?) 15:59:57 great 16:00:06 Zakim, ??P17 is Chris_IAB 16:00:06 +Chris_IAB; got it 16:00:08 +hhalpin 16:00:14 zakim, who is on the call? 16:00:14 On the phone I see schunter, aleecia, fielding, BerinSzoka, efelten, +1.650.200.aaaa, rvaneijk, Chris_IAB, alex, npdoty, hhalpin 16:00:16 +[Microsoft] 16:00:21 fyi- am on mute, as I'm joining from an off-site meeting 16:00:22 + +1.415.520.aabb 16:00:23 +[Microsoft.a] 16:00:24 +justin_ 16:00:39 dsinger has joined #dnt 16:00:40 Chris, so noted. We'll want an update on the action item you have due. 16:00:45 +AnnaLong 16:00:46 vincent has joined #dnt 16:00:48 Zakim, aabb is Joanne 16:00:48 +Joanne; got it 16:00:51 BrendanIAB just joined via Skype, but I didn't see me scroll by. 16:00:52 samsilberman has joined #dnt 16:00:57 +[Google] 16:01:00 AnnaLong has joined #dnt 16:01:03 I don't see you either, Brendan 16:01:03 Zakim, aaaa is DavidMcMillan 16:01:03 +DavidMcMillan; got it 16:01:09 Aleecia, which action item do I have due? 16:01:19 vinay has joined #dnt 16:01:25 JamesB has joined #dnt 16:01:29 hwest has joined #dnt 16:01:32 damiano has joined #dnt 16:01:34 +[GVoice] 16:01:35 + +1.917.934.aacc 16:01:35 zakim - its actually MacMillan (with an 'a' in Mac) 16:01:37 Wrong Chris, sorry 16:01:43 np 16:01:47 zakim, aacc is vinay 16:01:47 +vinay; got it 16:01:52 + +1.703.438.aadd 16:01:52 hwest_ has joined #dnt 16:01:52 ifette has joined #dnt 16:01:55 Zakim DavidMcMillan is DavidMacMillan 16:01:57 rrsagent, bookmark? 16:01:57 See http://www.w3.org/2012/08/15-dnt-irc#T16-01-57 16:02:02 + +1.212.565.aaee 16:02:02 Yes, none of that made any sense - need coffee. 16:02:08 +samsilberman 16:02:10 Zakim, DavidMcMillan is really DavidMacMillan 16:02:10 +DavidMacMillan; got it 16:02:13 +??P31 16:02:27 Zakim, google has ifette 16:02:27 +ifette; got it 16:02:35 zakim, ??P31 is vincent 16:02:35 +vincent; got it 16:02:43 +Brooks 16:02:44 schunter: sent out a list of issues I think are resolved in the draft 16:02:46 agenda? 16:02:52 Brooks has joined #dnt 16:02:54 scribenick: aleecia 16:02:54 AN has joined #dnt 16:03:01 ... haven't seen any comments on the issues planning to close 16:03:13 Matthias: Listed issues to close based on the document, no comments. 16:03:15 +dsinger 16:03:21 scribe anybody? 16:03:49 +WileyS 16:03:55 +dwainberg 16:03:58 I can scribe again if needed 16:04:04 But did last time :-) 16:04:05 WileyS has joined #DNT 16:04:06 jmayer has joined #dnt 16:04:07 + +1.646.827.aaff 16:04:10 Brendan? 16:04:21 I annot scribe today 16:04:26 I will 16:04:30 thanks, JC 16:04:31 Thanks a lot! 16:04:34 scribenick: JC 16:04:34 dwainberg has joined #dnt 16:04:36 +jmayer 16:04:37 adrianba has joined #dnt 16:04:39 scribenick: JC 16:05:04 close agendum 1 16:05:15 +[Microsoft.aa] 16:05:17 shcunter: Looking at overdue action items, there are 4 16:05:24 zakim, [Microsoft.aa] is me 16:05:24 +adrianba; got it 16:05:33 cblouch has joined #dnt 16:05:40 ... action 225 Heather? 16:05:48 Heather: I'm not finished yet 16:05:57 action-225? 16:05:57 ACTION-225 -- Heather West to propose an alternative definition of first party (based on ownership? alternative to inference?) -- due 2012-08-01 -- OPEN 16:05:57 http://www.w3.org/2011/tracking-protection/track/actions/225 16:06:06 +jeffwilson 16:06:08 ... will finish next week or we can drop it. 16:06:14 updated. 16:06:23 Schunter: action 229 Rigo? 16:06:28 action-229? 16:06:28 Getting info on ACTION-229 failed - alert sysreq of a possible bug 16:06:31 I only got comments to Chris last night so I think we need another week 16:06:35 I'll send email to ping. 16:06:40 Thank you 16:06:40 Shane, thanks for the info 16:06:47 ... will send reminder on Action 229 16:07:00 ... action 232 David 16:07:04 Getting it out by Friday would let people read it in time for the next call 16:07:12 dwainberg: will finish next week 16:07:12 I'll see what Chris thinks & cc you 16:07:34 Schunter: that closes action items. Any other issues? 16:07:37 trackbot, reload 16:07:55 Zakim, who is on the phone? 16:07:55 On the phone I see schunter, aleecia, fielding, BerinSzoka, efelten, DavidMacMillan, rvaneijk, Chris_IAB, alex, npdoty, hhalpin, [Microsoft], Joanne, [Microsoft.a], justin_, 16:07:56 ... Callers identified? 16:07:58 close agendum 2 16:07:58 ... AnnaLong, [Google], [GVoice], vinay, +1.703.438.aadd, +1.212.565.aaee, samsilberman, vincent, Brooks, dsinger, WileyS, dwainberg, +1.646.827.aaff, jmayer, adrianba, jeffwilson 16:07:58 [Google] has ifette 16:08:04 +chapell 16:08:07 sidstamm has joined #dnt 16:08:11 Npdoty: Still checking a couple numbers. 16:08:23 Damiano Fusco from Nielsen, on Google Talk 16:08:25 close agendum 4 16:08:36 Zakim, aadd is RichardWeaver 16:08:36 +RichardWeaver; got it 16:08:46 Zakim, aaff is Matt_AppNexus 16:08:46 +Matt_AppNexus; got it 16:08:47 chapell has joined #dnt 16:08:48 Are we fully confirmed on next f2f? 16:08:51 212 is New York 16:09:04 Zakim, aaee has hwest 16:09:04 +hwest; got it 16:09:10 917 is chapell 16:09:12 dwainberg has joined #dnt 16:09:14 agenda? 16:09:23 Zakim, [GVoice] is damiano 16:09:24 +damiano; got it 16:09:38 +[Mozilla] 16:09:40 Schunter: Next agenda item is TPE changes 16:09:41 Zakim, Mozilla has sidstamm 16:09:41 +sidstamm; got it 16:09:47 http://www.w3.org/2011/tracking-protection/drafts/diffs/TPE-sea-to-20120814.html 16:10:41 Simon has joined #dnt 16:11:16 Fielding: I sent around the changes earlier. Major changes in section 4.3 & 5 16:11:58 ... enables JS to ask for an exception or to enable APIs to ask for exception 16:12:01 + +1.303.661.aagg 16:12:09 ... section 5 is big change 16:12:39 johnsimpson has joined #dnt 16:12:47 ... holds tracking status value. N none 1 first part 3 third party 16:13:01 ... claim by origin server stating this is how I operate 16:13:16 ... doesn't indicate how it is used because it may not be known 16:13:19 We discussed this on the last call, and I thought we had agreement it's a Compliance issue. 16:13:30 +johnsimpson 16:13:36 +tl 16:13:40 ksmith has joined #DNT 16:13:43 What does "this" in your sentence refer to? 16:13:49 ... the actual choice will be in header field or tracking resouce 16:13:57 apologies was stuck in LA traffic 16:14:33 Consent != first party. There are some limits on first parties, and there may be limits to the consent. 16:14:44 ... other response is consent. If consent is answer then a link to consent controlling resource is necessary 16:15:19 ... another response could indicate that a consent may have changed for monitoring cache changes 16:15:47 ... I also moved some text around. 16:16:01 ... section 5.4 is about the same. 16:16:04 regarding "C", consent, the current spec says sites SHOULD provide a control URI in such a case. (I had thought earlier we had agreed on MUST, but would have to check.) 16:16:45 ... changed partner array to third-party array for clarity and consistency. 16:17:07 ... received and response member has been removed. 16:17:12 + +385221aahh 16:17:18 Nick, we stayed with a "SHOULD" in discussion as a full out-of-band experience wouldn't require a control URI (meaning the entire experience occurs outside of the DNT context - consent and control - and this only serves as a reminder to the user) 16:17:22 ... qualifiers nobody liked so they have been removed. 16:17:32 Could you say what that just meant? 16:17:55 (all the qualifiers indicating claims of permissions, etc. are gone) 16:18:13 ... section 5 the section on status codes, 16:18:14 npdoty, I thought it was a MUST too - that was the compromise. 16:18:15 q? 16:18:41 Jmayer, how is consent a compromise? 16:18:41 Schunter: lets take questions before moving to Dsinger 16:18:56 ... you have one week to respond to issues 16:19:09 q+ 16:19:18 schunter: reminder to raise any issues with closing the list of issues by the 20th; let schunter know if you need more time 16:19:20 q? 16:19:41 Jmayer: Could you clarify the removal of qualifiers? 16:20:10 zakim, aahh is ksmith 16:20:10 +ksmith; got it 16:20:16 q? 16:20:32 It seems to me that it's very premature to drop things for lack of expected implementations. 16:20:45 Fielding: I couldn't find anyone who wanted to define them for every resource 16:21:02 The main justification was that we discussed and agreed in seattle. 16:21:13 ... the only person who wanted it on the client was Tom, but if no one implements why bother. 16:21:13 q+ 16:21:32 I'd expect post-LC to be a time we'd find out about implementations at earliest 16:21:35 Jmayer: How do we manage issues that are important, but no one wants to work on it? 16:21:42 Um, no JC. 16:21:47 kj has joined #dnt 16:21:59 right, chair called it in seattle 16:22:28 Jmayer: Maybe this stays in the spec, maybe it doesn't. But some people care about it. So we should have more process than a unilateral decision by an editor. 16:22:29 q+ to ask about my email 16:22:52 ack dwainberg 16:22:53 Schunter: Roy implemented based on Seattle discussions 16:22:55 I believe you're hearing sustained disagreement with that approach, Matthias 16:23:03 and the text was a proposal from me, not consensus from the group 16:23:21 Dwainberg: was is the tracking status of n and how to state that no tracking is occurring 16:23:35 We've been reviewing the text from Ninja on that. 16:23:39 On the compliance side. 16:23:43 I heard agreement in Seattle that we would want a definition of such a term. 16:23:54 We talked about that 2-3 calls ago 16:24:21 ACTION-110? 16:24:21 ACTION-110 -- Ninja Marnau to write proposal text for what it means to "not track" -- due 2012-02-10 -- PENDINGREVIEW 16:24:21 http://www.w3.org/2011/tracking-protection/track/actions/110 16:24:21 +q to point out that this is not what we agreed. 16:24:37 Or, Adrian can find it - thanks! 16:24:43 Schunter: there are three levels of tracking N not tracking 1 first party 3 third parthy 16:24:47 q? 16:24:51 ack ifette 16:25:27 for better :) 16:25:35 Ifette: We spent a lot of time defining DNT 0 & 1, exceptions a questions was asked about implementation and no one said yes 16:25:51 Quite. 16:26:00 Stay on topic... 16:26:03 ... from a process standpoint is it worth spending time on issues if no one is willing to implement things 16:26:19 ... that makes me worry 16:26:22 for us, the devil is in the details, indeed 16:26:44 yes, agreed dsinger 16:26:48 Schunter: I hope people consider what is likely to be implemented or not. But for now it is just hearsay 16:26:57 ... we should try to reach consensus 16:27:17 yes, but how does that affect compliance? 16:27:18 If there is no exception framework I don't see why industry would implement this standard 16:27:26 ... we should not automatically kill an idea because some people say they won't implement it 16:27:36 q? 16:27:47 ... Ifette what did you mean no one implements dnt:0 16:27:48 There is a difference between "nobody will use" vs "nobody will implement" 16:28:01 Mozilla did say they were going to implement DNT:0 16:28:04 Ifette: No one agreed to implement it or have currently 16:28:06 Ian is asking specifically about browsers, and it *has* been implemented 16:28:16 no-one really explained why a *general preference* for dnt:0 makes sense. dnt:0 for exceptions does make sense 16:28:16 Actually, I have implemented a prototype of exceptions, and Mozilla said they're looking into it. 16:28:22 ... let's see what happens when Aleecia sends out poll 16:28:26 It's built into b2g, and it's on the roadmap for FF 16:28:50 q? 16:28:53 should we survey all the browser makers on this? 16:28:55 Schunter: Let's not kill the feature unless all browser vendors say no 16:28:57 ack dsinger 16:28:57 dsinger, you wanted to ask about my email 16:29:02 WileyS, to implement DNT you only need DNT and any consent mechanism -- it is far easier for us to use cookies as a consent mechanism than cookies for 90% of browsers and a half-baked API for the other 10% 16:29:14 http://lists.w3.org/Archives/Public/public-tracking/2012Jul/0202.html 16:29:22 Dsinger: End of July I sent out questions using WKR and others, but no one responded 16:29:43 ... what do we need resource and tracking header to answer? 16:30:05 Schunter: Dsinger still wants answers to email? 16:30:37 David, can you resdend the email? 16:30:43 Dsinger: I would like to encourage peole to respond otherwise it is hard to design it 16:30:52 archived here, johnsimpson http://lists.w3.org/Archives/Public/public-tracking/2012Jul/0202.html 16:30:59 q? 16:31:00 q? 16:31:04 ack tl 16:31:04 tl, you wanted to point out that this is not what we agreed. 16:31:06 dsinger, I would like to move those questions and answers to section 5.6 16:31:19 action: schunter to follow-up re: David, regarding purposes of the WKR 16:31:20 Created ACTION-238 - Follow-up re: David, regarding purposes of the WKR [on Matthias Schunter - due 2012-08-22]. 16:31:22 Schunter1, re: Ian's point, I would suggest that this working group survey (even privately) if major browsers and UAs will implement DNT:0, so as to avoid unnessesary work on this... 16:31:47 TL: I want to reiterate point about procedure. Maybe Roy is right or perhaps not, but in Seattle we agreed to a specific format and had consensus 16:32:05 Roy, if cookies were enough then the current opt-out structure is just fine and DNT is not needed 16:32:08 ... it would make more sense to have a document that reflects our consensus 16:32:29 from the Bellevue minutes: AGREED: fields become part of optional member of tracking status resource 16:32:36 ... if there are changes lets have that discussion rather than having editor drop it on floor 16:32:47 +1 fielding 16:32:54 I had an interest as well, tl was not alone :) 16:32:57 Ifette: we never had consensus on that issue 16:33:19 Fielding: of Ifette 16:33:22 +q 16:33:33 Nick, can you grab additional context to note what "fields" these are? 16:33:48 ... if you want something in the document create an issue and we can add it back 16:34:00 tedleung has joined #dnt 16:34:04 TL: we had it in the document based on a whiteboarding session 16:34:18 ... after the 25 minute session we had consensus 16:34:26 +tedleung 16:34:34 One year in, we still don't have a clear process for accepting edits. How wonderful. 16:34:39 Schunter: We should look at the minutes and make a decsion 16:34:57 ... if you disagree with the proposal then make a counter proposal 16:35:17 sounds like Roy may be mistaken in his perception of what the consensus was on qualifiers; maybe we should re-confirm that. The question is, is the onus on those who want them out, or on those who want them in? 16:35:21 ... we may have changed our mind or missed a consensus. In the end we should have text we call all live with 16:36:11 q? 16:36:16 what? 16:36:18 TL: we had a process where we discussed what we were going to do. Reproposing things is not a good approach. 16:36:34 q+ 16:36:38 Wait, editors can decide whose opinion matters? Awesome. 16:36:41 ack tl 16:36:53 aleecia, I believe we're referring to the list of qualifiers for permitted uses (which would need to be updated) 16:36:58 Dsinger: Is the onus on the editor or the people who don't want text removed. 16:36:59 David, you weren't at the meeting but I believe the consensus was to remove the fields 16:37:11 Fielding: let's work with chair on issue 16:37:20 I was told to remove the fields by the CHAIR 16:37:24 q- 16:37:42 Schunter: Let's repropose as needed. I would look at minutes and see what I can find. 16:37:47 I thought we had agreed to drop them (the permitted use qualifier fields) from the header and make them optional in the WKR 16:37:57 +1 to Nick 16:38:04 agree with nick and shane 16:38:04 ... if not in minutes let's work together to fix text 16:38:04 that's exactly my memory as well 16:38:09 With sustained objections 16:38:31 for the record, I was disturbed to see them completely gone, but I was not in Seattle 16:38:45 ??? 16:38:50 Then propose text to make them optional in the resource -- I have no such text and am not going to waste my time on it any further. 16:38:52 David, not completely gone - moved to an optional element 16:38:55 Minutes: matthias: we have consensus to remove the tokens except for p 16:38:59 http://www.w3.org/2012/06/22-dnt-minutes#item04 16:39:19 Schunter: I will go through minutes to see what I can find. Nick will add actoin. 16:39:24 p is now C 16:39:37 q? 16:39:41 Schunter: any question on Fieldings update? 16:39:52 ... David provide update 16:39:53 action: schunter to review minutes regarding permitted use qualifiers 16:39:53 Created ACTION-239 - Review minutes regarding permitted use qualifiers [on Matthias Schunter - due 2012-08-22]. 16:40:51 Chapell has joined #DNT 16:40:59 Dsinger: minor change to reconfirmation of exceptions 16:41:36 what if he reject the exception request, shoudl we ask again? 16:41:48 ... big change resolving tention between people who want explicit list of third parties and giving peole ability to modify list 16:42:58 ... is this mechanism operational or not. Can user agent deal with explicit list or deal with them as a site-wide exception. this should be reviewed 16:43:53 ... what do we tell the first party. It could add itself to third-party list and get DNT:0, but seems like bad idea. Maybe modify header to handle. 16:44:50 ... for remove call I simplified it by making it a general removal to clean state and put back needed exceptions 16:45:40 ... web-wide exception not changed. Added section on API for user's general tracking preference. 16:45:55 q? 16:46:17 ... what if exception request is rejected? 16:47:01 q+ 16:47:36 ???: User agent must know when exceptions are granted 16:47:43 s/???/vincent/ 16:47:53 Dsinger: also must be able to know when exceptions are removed 16:48:08 ... the return callback indicates if the exception was granted or not 16:48:12 q? 16:48:26 q? 16:48:29 I think vincent is perhaps noting that the user agent might remember that the user has rejected this request before and not bother the user? 16:48:29 ack ifette 16:48:41 yes that's it :) 16:48:44 +q 16:48:52 thx npdoty, ifette 16:49:10 sites can use cookies and other mechanisms to remember what happened the last time they did something 16:49:10 Ifette: How does user agent know when to ask if exception is still granted? 16:49:22 Cookies don't work very well 16:49:25 dsriedel has joined #dnt 16:49:31 q? 16:49:32 -q 16:49:41 ... how do we track when an exception is not granted 16:49:55 +dsriedel 16:49:57 Nick, if cookies were enough then the current opt-out approach would be fine and DNT would not be needed 16:49:57 it's not about how the UA handles it, it's whether there's any way for the site to handle it 16:50:02 zakim, mute me 16:50:02 dsriedel should now be muted 16:50:13 q? 16:50:15 Schunter: do we want to change protocal or place requirements on UA? 16:50:43 Ifette: The question is whether the site can know if it needs to ask for exception 16:50:59 Schunter: according to spec it is okay to cache response 16:51:13 WileyS, I'm not suggesting use of cookies for opt-out, just if a site wanted to remember a rejected request from a past interaction, the way sites will continue to use cookies to remember other preferences 16:51:17 Its up to the site to determine how many times it wants to request an exception 16:51:19 Dsinger: is not clear on cookieing the user. It is not suggest not forbidden 16:51:36 They can use any mechanism they desire 16:51:54 +1, up to the site's design 16:52:04 Dsinger: this is a site design question that could be a rathole for us 16:52:12 ... do we need an issue? 16:52:14 +q 16:52:15 Yep. I don't think a cookie like "HaveAskedForException=True" would raise objections. 16:52:28 ack WileyS 16:52:29 q? 16:52:42 If the UA can cache the user response, and the site cannot determine if it has received a cached response or a direct user response, there is the possibility of problem with regards to server response. 16:52:48 +1 16:52:51 WileyS: We should speak to it directly to idicate server can implement mechanism of it choice to remember user choices 16:53:10 We should also be explicit about browsers limiting excessive requests. 16:53:15 ... if a site wants to ask user everytime that should be a fair outcome though not suggested. 16:53:22 action: dsinger to insert a note on how sites can avoid repeatedly asking the user for an exception 16:53:22 Sorry, couldn't find user - dsinger 16:53:25 Dsinger: I will drop a note to that effect 16:53:27 And that there are limits on the designs that might be allowed. 16:53:35 Non-normative text giving some example implementation approaches? 16:53:40 jmayer, use can leave site if they feel requests are excessive 16:53:40 action: singer to insert a note on how sites can avoid repeatedly asking the user for an exception 16:53:40 Created ACTION-240 - Insert a note on how sites can avoid repeatedly asking the user for an exception [on David Singer - due 2012-08-22]. 16:53:55 Jmayer, "user" can... 16:54:01 WileyS, requests might not originate from a site. 16:54:06 *first-party site. 16:54:31 issue-116? 16:54:31 ISSUE-116 -- How can we build a JS DOM property which doesn't allow inline JS to receive mixed signals? -- pending review 16:54:31 http://www.w3.org/2011/tracking-protection/track/issues/116 16:54:33 Schunter: Issue 116 is there an agreement on status 16:54:49 jmayer, if a 3rd party is the source of the request then the first party will manage the issue if the requests are excessive (aka - kick the 3rd party off of their site) 16:55:01 Wiley, leaving a site because of excessive requests contradicts the element of free choice. It will definately become a problem in EU. 16:55:28 Not if we permit user agents to cache decisions. 16:55:31 s/definately/definitely 16:55:46 Rob, I disagree with the thought that free choice can be applied in this context from a EU legal perspective 16:55:47 Npdoty: We have the JS property. the value will be one was sent to the first party. third party should only use it if there not expecting an exception 16:55:51 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#js-dom 16:56:13 I know we disagree 16:56:16 Schunter: what was disagreement and how we come to agreeable conclusion 16:56:30 rvaneijk, can you provide any case law that supports your position? :-) 16:56:39 Fielding: I don't know how to describe disagreement 16:56:43 WileyS, you are endlessly entertaining. We all know that many first parties have very little control over the third parties on their website. 16:56:48 see my presentation on consent in brussels 16:56:54 Dsinger: what is problem 16:56:59 -samsilberman 16:57:24 Npdoty: difference between text and what was sent on ML 16:57:44 jmayer, not true. 1st parties have complete control. Any tag "initially" placed on a page is done so by the 1st party. Its my assumption it would be possible to track the source of excessive requests to its source and backtrack and take appropriate action as a 1st party. 16:58:01 trying to find Nick's message 16:58:14 jmayer, allow the free market to manage itself in this context versus building arbitrary definitions of "excessive" 16:58:15 Npdoty: header should be per sight and not general value 16:58:33 rvaneijk, I have reviewed it - not meaningful case law in this area 16:58:51 q+ 16:58:53 ... it should reflect the value of the header originating the page request 16:59:05 Dsinger: can't there be a cross site scripting problem 16:59:06 If I'm a publisher, and a third party is spamming my users, I'm going to find a way to put a stop to it. I don't see how adding "excessive" to a W3C spec is helpful. 16:59:24 Schunter: is there a need for feature? 16:59:32 also, should it be off of navigator or window? 16:59:32 q? 16:59:37 ack ifette 16:59:52 Ifette: Should that be off Navigator or Window? 17:00:09 q+ 17:00:17 Npdoty: if top level page Window, otherwise Navigator 17:00:22 +1 to npdoty … global setting should hang off navigator 17:00:37 npdoty, I can't find your text on list -- did you send it just to editors? 17:00:40 Hanging from window and pegging to the frame location seems the most reasonable approach to me. 17:01:20 There is no concept of a "general preference" defined yet. User agents may use heuristics (reflecting user preference) to determine DNT;0 vs. DNT;1 17:01:32 Adrianba: we put things on Navigator because Window is the global namespace, and can cause conflicts with other names 17:01:33 fielding, my original proposal is at: http://lists.w3.org/Archives/Public/public-tracking/2012May/0313.html and regarding our particular differences I sent just to you and dave, I think 17:02:53 Ifette: I understand name conflicts, I don't know how we solve, but I prefer it not on Navigator 17:02:58 agree with ifette - makes sense 17:03:06 to be clear, the current text does not have the top-level origin part 17:03:13 ifette: if it's a property of the origin and changes depending on what site 17:03:19 Schunter: Do we need this feature and for which use case? 17:03:30 Fielding: for js runing on a page 17:03:42 ifette: depending on what site i'm on, then it's not really a property of the navigator but rather of the window. especially if an iframe on a different origin can discover something about the parent, that seems suboptimal 17:03:53 Dsinger: What is the use case for understand general preference 17:04:20 Fielding: so it can avoid sending header to sites that do not implement dnt 17:04:46 Npdoty: It can be valuable to know what value was received to avoid a call 17:05:09 Dsinger: It should be careful with interactions with sites that do not implement DNT 17:05:39 Schunter: a user can use a mechanism to indicate prefence, but do not want to obligate UA 17:05:50 Fielding: we have the concept 17:06:10 schunter: we don't have a defined concept of a general preference, user agent and user can use whatever heuristic they want 17:06:23 fielding: we do have the concept of being "enabled" 17:06:32 oh, a UA is allowed to say "european sites don't get DNT, Ugandan ones do" 17:06:50 Schunter: a user can send what it wants to sites as long as it can prove it reflects user preference 17:06:58 ... how do we move forward? 17:07:09 propose that those who want to change something propose exact text changes? 17:07:13 ... we should reopen issue and collect use cases 17:07:37 Dsinger: giving we have a proposal lets make changes pending reviews 17:07:55 Schunter: so we should make proposals and counter proposals as needed 17:08:12 q? 17:08:18 ack adrianba 17:08:19 q- 17:08:21 -ksmith 17:08:37 to propose the changes you suggest... 17:08:37 Npdoty: I will take action to make suggested changes 17:09:06 -[Mozilla] 17:09:08 action: doty to propose changes regarding issue-116 (and also "general preference") 17:09:08 Could not create new action (failed to parse response from server) - please contact sysreq with the details of what happened. 17:09:08 Could not create new action (unparseable data in server response: local variable 'd' referenced before assignment) - please contact sysreq with the details of what happened. 17:09:11 Schunter: 137 is open 17:09:16 action: doty to propose changes regarding issue-116 (and also "general preference") 17:09:16 Could not create new action (failed to parse response from server) - please contact sysreq with the details of what happened. 17:09:16 Could not create new action (unparseable data in server response: local variable 'd' referenced before assignment) - please contact sysreq with the details of what happened. 17:09:48 -BerinSzoka 17:09:50 ... if service provide on page they should indicate they are part of first party or send something different 17:09:54 ... this is not closed 17:10:08 we sent a discussion document to the list, without reaction 17:10:17 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value 17:10:28 q? 17:10:41 q? 17:10:43 Dsinger: hard to know where we are 17:10:56 q? 17:11:38 q? 17:12:00 Right, as it says in text: No, in practice there may be dozens of service providers on any given request. If the designated resource is operated by a service provider acting as a first party, then the responsible first party is identified by the policy link or the owner of the origin server domain. This satisfies the use case of distinguishing between a service provider acting for some other site and the same service provider acting on one of its own sites. 17:12:03 Fielding: I placed resolution of our discussion in IRc 17:12:06 discussion at http://www.w3.org/mid/0EF8FE6B-77A3-4B82-A10C-3918477EA59B@apple.com 17:12:26 ... I explained why SP tag does not provide usefulness and it is an open issue. 17:12:32 ... people should review text 17:12:57 Dsinger: there is a difference between a hosting provider and a site acting on behalf of first party 17:13:27 -efelten 17:13:39 q? 17:13:50 Schunter: If a site uses a service provider it must satisfy constraints and indicate it is first party otherwise third party 17:14:05 Dsinger: the site can, but the user may disagree 17:14:10 +efelten 17:14:25 ... the site should indicate that it is acting as service provider 17:14:33 well, yimg.com is part of the 1st party even though it's a different domain name than yahoo.com 17:14:51 We've spent a long time talking about this and I thought we agreed that there is a difference between 1st party and acting as a 1st party but is a Service Provider 17:15:04 or, 3rd party acting as a different 3rd party 17:15:05 Schunter: That is a UA can not tell difference between 1P and SP 17:15:14 Yes. 17:15:20 ... the question is how do we indicate to UA 17:15:27 I thought we'd agreed to do so in Seattle 17:15:44 Fielding: there could be dozens of SP on major web sites 17:16:16 +q 17:16:18 Schunter: I agree with David on this. Analytics provide all the rule so they are part of the 1P. 17:16:39 ... that could be confusing to user 17:16:47 Fielding: that is a different issue 17:17:21 Schunter: how can a UA differentiation between first party and accidentaly included 3rd party 17:17:24 q? 17:17:28 I would prefer we resolve this now. 17:17:30 am happy to write up the issue/question 17:17:31 ... I will work with David on how to resolve 17:17:34 issue-137? 17:17:34 ISSUE-137 -- Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) -- pending review 17:17:34 http://www.w3.org/2011/tracking-protection/track/issues/137 17:17:42 q? 17:17:47 It's been in the backlog for awhile, we have the right participants on the call. 17:17:52 SP can also be acting for a 3rd party 17:18:05 Fielding: will SP need to indicate that it is not first party in tracking status resource 17:18:45 q? 17:19:01 ... I added requirement that a SP is acting as first party domain must be run by first party or tracking must be provided and point to first party 17:19:02 q? 17:19:16 ksmith has left #DNT 17:19:21 ... must know when SP is acting as first party for main site or other site 17:19:34 ... hard to describe but text is in spec 17:19:38 q? 17:19:38 Where in spec? 17:19:42 Schunter: what is attribute 17:19:44 - +1.303.661.aagg 17:20:21 fielding, you're saying the user agent would need to check the `policy` element and if it re-directs to the domain name of the responsible first party? 17:20:25 Fielding: when acting as SP information is provided indicating who first party is 17:20:40 If the designated resource is operated by a service provider acting as a first party, then the responsible first party is identified by the policy link or the owner of the origin server domain. 17:20:50 I assume 5.4.3, "An optional member named same-party may be provided with an array value containing a list of domain names that the origin server claims are the same party, to the extent they are referenced by the designated resource, since all data collected via those references share the same data controller. 17:20:51 " 17:20:51 q? 17:21:01 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value 17:21:04 Schunter: I will work with David to see how UA can make choice. New text should determine if flag is needed. 17:21:31 Is it absolutely necessary for the UA to be able to determine in-transaction the state (1P/3P/SP) of the server with which they are communicating? 17:21:34 it isn't an excpetion 17:21:42 Jmayer: some people feel SP needs to be known. Need to know how exception will be used. Getting rid of this is not workable outcome 17:21:50 Roy: In order to inform user agents whether another URL claims to be part of the 1st party (as service provider or for some other reason), then it either needs to be part of the 1st party domain or else be listed in the "same-party" attribtue at the well-known location. 17:21:51 ... there is not a lot of controversy 17:22:04 some sites might object to their providers effectively saying "I am Acme corp." vs. "I am acting solely on behalf of Acme corp." :-) 17:22:28 ... three scnarions. 1 send http request as 3rd party, 2 send something as 1st party, send something as SP, but not know for whom 17:22:57 ... need to indicate if acting as 1st or 3rd party. I would like to get this resolved know 17:23:40 Schunter: Okay I will draft an outline with David and everyone can respond, ok? 17:23:48 7 minutes left 17:23:59 Dsinger: please send response on ML jmayer 17:24:10 Jmayer: so we cannot finish on call? 17:24:14 But I agree with David: Jonathan, that was uncommonly lucid, and could really help as a quick post 17:24:15 aleecia, well, at least we got a lot done in the prior 83 minutes. 17:24:18 Dsinger: Only 7 mins left 17:24:20 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-policy 17:24:36 I hear you. 17:24:38 Schunter: Have new issues that came up that I would like to resolve 17:24:53 Link please? 17:24:54 ... issue 158 effect of redirect 17:25:00 http://www.w3.org/2011/tracking-protection/track/issues/158 17:25:06 http://www.w3.org/2011/tracking-protection/track/issues/158 17:25:08 Thank you Nick 17:25:24 And Mr. Schunter :-) 17:25:37 Dsinger: they are not considered. should be considered on top level domain and target 17:25:41 object because that effectively kills auctions, right? 17:26:12 Site-wide vs. explicit-explicit exception? 17:26:19 If site-wide, this isn't an issue is it? 17:26:23 Npdoty: If DNT:0 needs to go with redirect needs to have site wide exception 17:26:24 okay, never mind 17:26:43 Dsinger: yes, if you ask for site-wide exception you do not have problem 17:26:45 But we've not solved explicit-explicit, have we? Do we need to solve that first? 17:26:52 Schunter: what happens if you do nothing? 17:27:19 Dsinger: we can drop corner case (auctions) for now 17:27:30 WileyS, singer presented an updated version of the exception proposal today, including an option to include a list in addition to the site-wide option 17:28:00 WileyS, in any case, you can ask for a site-wide exception if you need DNT:0 to be sent to all third parties, including re-directs related to auctions 17:28:15 user-generated content is another case where you might not know/trust all third parties 17:28:23 ... we should be fine with just asking for site-wide exceptions. 17:28:29 -[Microsoft] 17:28:34 Schunter: therefore we can close 158: 17:28:34 fine to close 158 17:28:37 ... closing 17:28:58 -dsriedel 17:29:06 ... leaving 159 and 160 and Raised 17:29:12 f2f firm??????????? 17:29:12 I think it makes sense to postpone 159, as suggested just now by singer 17:29:24 -Joanne 17:29:34 more details on F2F? 17:30:44 -hhalpin 17:31:04 -efelten 17:31:05 -vinay 17:31:05 -RichardWeaver 17:31:07 -tedleung 17:31:07 -[Google] 17:31:08 -johnsimpson 17:31:08 -vincent 17:31:09 - +1.212.565.aaee 17:31:09 thx for your patience 17:31:10 yes, we're confirmed on October 3-5 in Amsterdam, hosted by an IAB Netherlands member company 17:31:12 -DavidMacMillan 17:31:12 rrsagent, list participants 17:31:12 I'm logging. I don't understand 'list participants', ifette. Try /msg RRSAgent help 17:31:13 -tl 17:31:15 -alex 17:31:15 efelten has left #dnt 17:31:15 zakim, list participants 17:31:16 tedleung has left #dnt 17:31:17 rrsagent, list attendees 17:31:17 I'm logging. I don't understand 'list attendees', fielding. Try /msg RRSAgent help 17:31:17 -dwainberg 17:31:19 -Brooks 17:31:22 -jeffwilson 17:31:23 -[Microsoft.a] 17:31:23 zakim, list attendees 17:31:25 -justin_ 17:31:27 i'll get it one of these days :( 17:31:28 -Matt_AppNexus 17:31:30 -AnnaLong 17:31:31 -dsinger 17:31:33 As of this point the attendees have been schunter, npdoty, aleecia, fielding, BerinSzoka, +1.650.200.aaaa, rvaneijk, alex, efelten, Chris_IAB, hhalpin, [Microsoft], 17:31:36 ... +1.415.520.aabb, justin_, AnnaLong, Joanne, +1.917.934.aacc, vinay, +1.703.438.aadd, samsilberman, DavidMacMillan, ifette, vincent, Brooks, dsinger, WileyS, dwainberg, 17:31:39 ... +1.646.827.aaff, jmayer, adrianba, jeffwilson, chapell, RichardWeaver, Matt_AppNexus, hwest, damiano, sidstamm, +1.303.661.aagg, johnsimpson, tl, +385221aahh, ksmith, tedleung, 17:31:42 ... dsriedel 17:31:44 -WileyS 17:31:46 rrsagent, draft minutes 17:31:46 I have made the request to generate http://www.w3.org/2012/08/15-dnt-minutes.html ifette 17:31:46 -npdoty 17:31:46 johnsimpson has left #dnt 17:31:49 -damiano 17:31:50 -aleecia 17:31:53 -adrianba 17:31:55 As of this point the attendees have been schunter, npdoty, aleecia, fielding, BerinSzoka, +1.650.200.aaaa, rvaneijk, alex, efelten, Chris_IAB, hhalpin, [Microsoft], 17:31:57 ... +1.415.520.aabb, justin_, AnnaLong, Joanne, +1.917.934.aacc, vinay, +1.703.438.aadd, samsilberman, DavidMacMillan, ifette, vincent, Brooks, dsinger, WileyS, dwainberg, 17:32:04 ... +1.646.827.aaff, jmayer, adrianba, jeffwilson, chapell, RichardWeaver, Matt_AppNexus, hwest, damiano, sidstamm, +1.303.661.aagg, johnsimpson, tl, +385221aahh, ksmith, tedleung, 17:32:08 ... dsriedel 17:32:09 -rvaneijk 17:32:11 -Chris_IAB 17:32:14 -chapell 17:32:16 -fielding 17:32:17 David? 17:32:22 cblouch has left #dnt 17:32:34 action: doty to propose changes regarding issue-116 (and also "general preference") 17:32:34 Created ACTION-244 - Propose changes regarding issue-116 (and also "general preference") [on Nick Doty - due 2012-08-22]. 17:33:16 dsinger_ has joined #dnt 17:33:50 action: schunter to review spec for indicating service provider relationship (with singer and mayer) and propose changes if necessary 17:33:50 Created ACTION-245 - Review spec for indicating service provider relationship (with singer and mayer) and propose changes if necessary [on Matthias Schunter - due 2012-08-22]. 17:33:51 -schunter 17:38:51 disconnecting the lone participant, jmayer, in T&S_Track(dnt)12:00PM 17:38:52 T&S_Track(dnt)12:00PM has ended 17:38:52 Attendees were schunter, npdoty, aleecia, fielding, BerinSzoka, +1.650.200.aaaa, rvaneijk, alex, efelten, Chris_IAB, hhalpin, [Microsoft], +1.415.520.aabb, justin_, AnnaLong, 17:38:52 ... Joanne, +1.917.934.aacc, vinay, +1.703.438.aadd, samsilberman, DavidMacMillan, ifette, vincent, Brooks, dsinger, WileyS, dwainberg, +1.646.827.aaff, jmayer, adrianba, 17:38:54 ... jeffwilson, chapell, RichardWeaver, Matt_AppNexus, hwest, damiano, sidstamm, +1.303.661.aagg, johnsimpson, tl, +385221aahh, ksmith, tedleung, dsriedel 17:45:31 adrianba has left #dnt