IRC log of dnt on 2012-08-22

Timestamps are in UTC.

15:38:11 [RRSAgent]
RRSAgent has joined #dnt
15:38:11 [RRSAgent]
logging to
15:38:20 [aleecia]
Zakim, this will be dnt
15:38:20 [Zakim]
ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 22 minutes
15:38:24 [aleecia]
chair: aleecia
15:38:35 [aleecia]
rrsagent, make logs public
15:38:39 [aleecia]
15:38:47 [aleecia]
zakim, clear agenda
15:38:51 [Zakim]
agenda cleared
15:39:07 [aleecia]
agenda+ Selection of scribe
15:39:18 [aleecia]
agenda+ Review of overdue action items:
15:39:33 [aleecia]
agenda+ Reminder: polling on choices offered by UA open one more week,
15:39:43 [aleecia]
agenda+ Quick check that callers are identified
15:40:30 [aleecia]
agenda+ PROPOSAL: The Compliance editors add Roy's text and we close issue-45.
15:40:51 [aleecia]
agenda+ Third parties should be prohibited from acting or representing themselves as first parties. (ISSUE-123)
15:41:19 [aleecia]
agenda+ Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? (ISSUE-49)
15:41:41 [aleecia]
agenda+ ISSUE-64POSTPONEDHow does site-preference management work with DNT
15:41:54 [aleecia]
agenda+ ACTION-208 on Ian Fette: Draft a definition of DNT:0 expression -- issue-148
15:42:04 [aleecia]
agenda+ Specify "absolutely not tracking" (ISSUE-119)
15:42:23 [aleecia]
agenda+ Buried in this discussion was David Singer's attempt to define tracking:
15:42:36 [aleecia]
agenda+ Announce next meeting & adjourn
15:48:11 [npdoty]
npdoty has joined #dnt
15:49:48 [eberkower]
eberkower has joined #dnt
15:50:47 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:50:54 [Zakim]
15:51:34 [aleecia]
15:52:26 [damiano]
damiano has joined #dnt
15:52:50 [jeffwilson]
jeffwilson has joined #dnt
15:53:32 [Zakim]
15:53:49 [aleecia]
Hi! Please mute :-)
15:53:54 [aleecia]
15:53:57 [Zakim]
+ +1.813.358.aaaa
15:54:08 [Zakim]
+ +1.646.654.aabb
15:54:23 [eberkower]
aabb = eberkower
15:54:23 [Zakim]
- +1.813.358.aaaa
15:54:27 [cblouch]
cblouch has joined #dnt
15:54:31 [Zakim]
15:54:39 [aleecia]
Zakim, aabb is eberkower
15:54:44 [Zakim]
+eberkower; got it
15:54:49 [Zakim]
+ +1.813.358.aacc
15:54:51 [Zakim]
- +1.813.358.aacc
15:55:04 [Zakim]
15:55:05 [Zakim]
15:55:07 [damiano]
Is the conference code still 87225 ?
15:55:18 [npdoty]
Zakim, code?
15:55:18 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200, npdoty
15:55:37 [aleecia]
(87225 spells out "track")
15:55:42 [BrendanIAB]
BrendanIAB has joined #dnt
15:55:45 [aleecia]
zakim, who is on the call?
15:55:45 [Zakim]
On the phone I see aleecia, cblouch, eberkower, alex, npdoty, jeffwilson
15:55:46 [damiano]
Cannot connect. Does it work only from 12pm and after?
15:55:55 [dwainberg]
dwainberg has joined #dnt
15:55:56 [aleecia]
Several of us are already on.
15:56:04 [alex]
alex has joined #dnt
15:56:11 [Zakim]
+ +1.646.801.aadd
15:56:14 [aleecia]
It works from 10 of noon EST and onward, so you should be fine.
15:56:20 [dwainberg]
zakim, aadd is dwainberg
15:56:20 [Zakim]
+dwainberg; got it
15:56:27 [Zakim]
+ +1.813.358.aaee
15:56:45 [damiano]
After i dial the conference code, i hear 3 beeps and nothing else
15:57:01 [efelten]
efelten has joined #dnt
15:57:03 [Zakim]
15:57:10 [damiano]
15:57:14 [eberkower]
damiano, try waiting for several seconds after you hear the "This is the Zakim Conference Bridge"
15:57:22 [BrendanIAB]
Zakim, p34 is probably BrendanIAB
15:57:22 [Zakim]
sorry, BrendanIAB, I do not understand your question
15:57:23 [Zakim]
- +1.813.358.aaee
15:57:26 [eberkower]
Do not enter the code until after the recording tells you to
15:57:30 [BrendanIAB]
Zakim, ??P34 is probably BrendanIAB
15:57:30 [Zakim]
+BrendanIAB?; got it
15:58:11 [suegl]
suegl has joined #dnt
15:58:19 [Zakim]
+ +1.813.358.aaff
15:58:22 [fielding]
fielding has joined #dnt
15:58:27 [npdoty]
Zakim, who is on the phone?
15:58:27 [Zakim]
On the phone I see aleecia, cblouch, eberkower, alex, npdoty, jeffwilson, dwainberg, BrendanIAB?, +1.813.358.aaff
15:58:29 [Zakim]
15:58:40 [Zakim]
- +1.813.358.aaff
15:58:53 [hwest]
hwest has joined #dnt
15:58:54 [Zakim]
15:58:59 [suegl]
zakim, [Microsoft] has suegl
15:58:59 [Zakim]
+suegl; got it
15:59:05 [sidstamm]
sidstamm has joined #dnt
15:59:30 [eberkower]
813 dropping off may be damiano
15:59:33 [Chris_IAB]
Chris_IAB has joined #dnt
15:59:57 [Zakim]
16:00:06 [Zakim]
16:00:08 [johnsimpson]
johnsimpson has joined #dnt
16:00:13 [adrianba]
zakim, [Microsoft.a] is me
16:00:13 [Zakim]
+adrianba; got it
16:00:17 [adrianba]
zakim, mute me
16:00:17 [Zakim]
adrianba should now be muted
16:00:34 [alex]
npdoty: it may be Damiano.
16:00:36 [Zakim]
+ +1.212.380.aagg
16:00:39 [vinay]
vinay has joined #dnt
16:00:45 [Chapell]
Chapell has joined #DNT
16:00:46 [Zakim]
16:00:48 [damiano]
The admin is joining me
16:00:49 [Chris_IAB]
just joined from 212
16:00:56 [npdoty]
Zakim, aagg is Chris_IAB
16:00:56 [Zakim]
+Chris_IAB; got it
16:01:06 [Zakim]
16:01:07 [Zakim]
16:01:15 [Zakim]
16:01:16 [damiano]
my number is 813 358 etc
16:01:25 [Zakim]
16:01:27 [Zakim]
16:01:28 [sidstamm]
Zakim, Mozilla has sidstamm
16:01:29 [Zakim]
+sidstamm; got it
16:01:31 [Zakim]
+ +1.303.661.aahh
16:01:37 [Simon]
Simon has joined #dnt
16:01:51 [amyc]
amyc has joined #dnt
16:01:56 [damiano]
ok i can finally hear
16:02:01 [npdoty]
volunteers to scribe?
16:02:03 [JC]
JC has joined #DNT
16:02:09 [Zakim]
16:02:16 [Zakim]
16:02:27 [Zakim]
- +1.303.661.aahh
16:02:28 [sidstamm]
aleecia: I can do it
16:02:29 [Zakim]
16:02:37 [npdoty]
scribenick: sidstamm
16:02:43 [dsinger]
zakim, [apple] has dsinger
16:02:46 [sidstamm]
y'all watch me like a hawk and correct me
16:02:46 [aleecia]
16:02:49 [Zakim]
16:02:53 [Simon]
Simon has left #dnt
16:02:55 [Zakim]
+dsinger; got it
16:02:57 [npdoty]
Topic: Action Items
16:02:58 [johnsimpson]
Apologies, i will be dropping off about 9:30...
16:02:59 [sidstamm]
aleecia: looking at overdue action items
16:03:08 [Zakim]
+ +1.206.361.aaii
16:03:20 [rvaneijk]
rvaneijk has joined #dnt
16:03:25 [Zakim]
+ +1.646.827.aajj
16:03:26 [dsinger]
zakim, who is on the phone?
16:03:29 [npdoty]
Zakim, [Google] has ifette
16:03:33 [sidstamm]
… action 200 (ifette) to write text for issue 84
16:03:33 [dsinger]
16:03:33 [trackbot]
ISSUE-84 -- Make DNT status available to JavaScript -- pending review
16:03:33 [trackbot]
16:03:35 [Zakim]
On the phone I see aleecia, cblouch, eberkower, alex, npdoty, jeffwilson, dwainberg, BrendanIAB?, efelten, [Microsoft], adrianba (muted), fielding, Chris_IAB, Damiano, ninjamarnau,
16:03:40 [Zakim]
... johnsimpson, vinay, [Microsoft.a], [Mozilla], chapell, [Google], [Apple], WileyS, +1.206.361.aaii, +1.646.827.aajj
16:03:43 [Zakim]
[Mozilla] has sidstamm
16:03:46 [Zakim]
[Apple] has dsinger
16:03:47 [Zakim]
[Microsoft] has suegl
16:03:49 [Zakim]
+ifette; got it
16:03:49 [fielding]
all of mine are open
16:04:09 [ifette]
ifette has joined #dnt
16:04:11 [Zakim]
16:04:15 [amyc]
206.361.aaii is amyc
16:04:17 [ifette]
16:04:17 [trackbot]
ISSUE-84 -- Make DNT status available to JavaScript -- pending review
16:04:17 [trackbot]
16:04:22 [ninjamarnau]
ninjamarnau has joined #dnt
16:04:23 [KevinT]
KevinT has joined #dnt
16:04:25 [AN]
AN has joined #dnt
16:04:25 [npdoty]
Zakim, aaii is amyc
16:04:34 [adrianba]
adrianba has joined #dnt
16:04:35 [sidstamm]
fielding: still working on my open issues, not sure what 228 is, will get to it soon
16:04:37 [Zakim]
16:04:43 [Zakim]
+amyc; got it
16:04:43 [sidstamm]
… 116 is waiting until we have a place to put it in the spec
16:04:52 [dsinger]
not sure that Ian's action makes much sense…unless he wants to add to the TPE, it seems in hand (issue 84)
16:04:52 [sidstamm]
… 131 is waiting until we agree on the tracking status resource section
16:04:58 [Zakim]
+ +1.678.492.aakk
16:05:04 [dsinger]
16:05:04 [trackbot]
ISSUE-228 does not exist
16:05:09 [npdoty]
ifette, I think we're about to close issue 84 unless you want to propose something different
16:05:14 [sidstamm]
aleecia: [suggests starting with use cases]
16:05:22 [ifette]
i just saw that
16:05:24 [Zakim]
16:05:25 [sidstamm]
fielding: can't get to it for two weeks
16:05:46 [sidstamm]
dsinger: did a basic edit for action 228 already, fielding is welcome to improve it
16:06:01 [Joanne]
Joanne has joined #DNT
16:06:20 [tedleung]
tedleung has joined #dnt
16:06:23 [sidstamm]
fielding: can close 228, dsinger's text is good
16:06:27 [npdoty]
close action-228
16:06:27 [trackbot]
ACTION-228 Update remove methods to have an appropriate failure mode closed
16:06:29 [sidstamm]
dsinger: probably 84 too
16:06:33 [dsriedel]
dsriedel has joined #dnt
16:06:44 [Zakim]
16:06:50 [sidstamm]
aleecia: 195 is editorial at this point
16:06:54 [aleecia]
16:07:03 [npdoty]
16:07:03 [trackbot]
ISSUE-65 -- How does logged in and logged out state work -- open
16:07:03 [trackbot]
16:07:03 [dsinger]
16:07:03 [trackbot]
ISSUE-65 -- How does logged in and logged out state work -- open
16:07:03 [trackbot]
16:07:04 [Zakim]
16:07:11 [Zakim]
16:07:25 [ifette]
Zakim, google has ifette
16:07:25 [Zakim]
ifette was already listed in [Google], ifette
16:07:29 [sidstamm]
… logged in v. logged-out state discussion went on for a while, but then about a month ago we decided to point to the informed consent section
16:07:33 [cOlsen]
cOlsen has joined #dnt
16:07:45 [sidstamm]
hwest: do you want us to come up with text?
16:07:53 [laurengelman]
laurengelman has joined #dnt
16:07:55 [Zakim]
16:08:08 [JC]
JC has joined #DNT
16:08:18 [sidstamm]
wileys: justin and I had already made two informed consent drafts
16:08:37 [Zakim]
+ +1.415.627.aall
16:08:39 [sidstamm]
aleecia: we have gone round and round about the difficulty of getting informed consent into text
16:08:49 [Zakim]
16:08:54 [sidstamm]
… lets reassign it to justin and he can help us talk through this
16:09:08 [sidstamm]
wileys: we have strong difference of opinion, and want to be included with action 195
16:09:36 [sidstamm]
aleecia: justin can take point, but is a larger issue for discussion
16:09:37 [jmayer]
jmayer has joined #dnt
16:09:40 [npdoty]
wileys: with justin, had agreed at dc f2f not to include text on informed consent
16:09:45 [Zakim]
16:09:55 [sidstamm]
wileys: both in the exception period and active setting of dnt … whatever that definition is matters for both
16:10:08 [sidstamm]
aleecia: so I should make sure we bring it up in a call, soon.
16:10:30 [sidstamm]
… chris on action 229
16:10:35 [dsriedel]
zakim, mute me
16:10:35 [Zakim]
dsriedel should now be muted
16:10:41 [sidstamm]
… wileys, can you help update us too?
16:10:53 [Chris_IAB]
Chris P, right?
16:11:08 [npdoty]
yes, Chris Pedigo
16:11:11 [aleecia]
16:11:14 [sidstamm]
wileys: haven't heard back from chris p in two weeks
16:11:16 [Brooks]
Brooks has joined #dnt
16:11:23 [Zakim]
- +1.678.492.aakk
16:11:26 [sidstamm]
aleecia: can you forward us a draft of the working text?
16:11:33 [sidstamm]
wileys: no, we were in the middle of a debate
16:11:58 [sidstamm]
aleecia: 237 - hwest
16:12:07 [npdoty]
can we re-assign 229? this is almost a month old already
16:12:22 [aleecia]
16:12:26 [sidstamm]
hwest: I think it just needs a last editing pass
16:12:34 [sidstamm]
aleecia: please confirm and then close it if it is done
16:12:43 [Zakim]
16:13:14 [sidstamm]
… we probably shouldn't reassign 229, since we'll probably end up redoing it entirely
16:13:22 [Zakim]
16:13:27 [npdoty]
okay, understood.
16:13:35 [sidstamm]
… in this case, lets keep it open until chris p comes back, then we can reconsider
16:13:51 [ifette]
16:14:00 [npdoty]
16:14:03 [sidstamm]
… reminder - polling choices about "ease of setting" or silence deadline is in one week
16:14:05 [aleecia]
ack ifette
16:14:14 [sidstamm]
ifette: the poll is very binary -- can you live with this or not
16:14:31 [sidstamm]
… specifically the first question seems to suggest there should be three states, all equally to choose
16:15:17 [sidstamm]
… what do we say if we don't care how to choose dnt:1 or dnt:0, but it matters that header-on/header-off are both easy?
16:15:31 [Brooks]
16:15:37 [sidstamm]
aleecia: we discussed this in [bellevue], and passed the text for the poll around the group for a number of weeks
16:15:38 [dsinger]
16:16:01 [sidstamm]
… in the future, please make comments on the text earlier
16:16:07 [npdoty]
I think the Comments fields could be used to elaborate subtle opinions though
16:16:18 [sidstamm]
ifette: problem is that this is the first time we are voting, and so it requires us to consult with the rest of our companies
16:16:41 [sidstamm]
… maybe our personal opinions were in favor of one, but our point of view changes after consulting with others in our organization
16:16:58 [sidstamm]
aleecia: sounds like we need to build time in for consulting home-office people for some issues
16:17:32 [sidstamm]
… probably makes sense to send options around internally when we're talking about the text
16:17:56 [sidstamm]
… but at this point, we can't slow it down (has already been two months), but feel free to add your comments in the remarks field for the options.
16:17:59 [Chris_IAB]
the difference is that Google is a 50,000 person org and Mozzilla is several hundred, if I'm not mistaken...
16:18:16 [aleecia]
16:18:21 [sidstamm]
… can't just start over, or nothing will get done
16:18:22 [aleecia]
ack brooks
16:18:27 [Zakim]
16:18:35 [sidstamm]
Chris_IAB: you're right (Mozilla), but not all 50k at google are stakeholders
16:18:50 [sidstamm]
brooks: if you offer "equal ease" you're saying any of the options can be default
16:19:12 [sidstamm]
sorry, that Chris_IAB was not him speaking, it was my comment to him
16:19:18 [aleecia]
ack dsinger
16:19:20 [npdoty]
s/Chris_IAB: you're/Chris_IAB, you're/
16:19:47 [sidstamm]
dsinger: I don't understand why I should be required to offer an option to the user "yes, please track me as you wish"
16:19:52 [kj]
kj has joined #dnt
16:20:23 [sidstamm]
aleecia: quick use case -- you are a user in Germany and by default if you don't set DNT (it is unset), you start to get lots of messages as you browse, "don't you want personalization?"
16:20:47 [sidstamm]
… you decide it's crazy, don't want to be bothered, so you enable a global "yes to all", which is the "please track me as you wish" option
16:20:54 [sidstamm]
… things don't work the same in all countries
16:20:57 [jmayer]
A global "DNT: 0" may not be adequate for consent under European law. FYI.
16:20:59 [Chris_IAB]
sidatamm, I respectfully disagree that not all 50k people at Google are not stakeholders-- Google is an advertising supported company, so every single employee is paid with advertising revenue (and the value the market has attributed to that business); they aren't all required to make a decision, but what I was trying point out was the complexity of decision making at large orgs :)
16:21:07 [ifette]
sid, sure, but there's a lot more stakeholders at Google, and a lot more at stake at Google monetarily, than at Mozilla :)
16:21:14 [sidstamm]
yes yes, I agree ifette
16:21:26 [sidstamm]
but we have stakeholders who are not employees (volunteers)
16:21:42 [sidstamm]
aleecia: please look through the minutes and see that this poll is in line with what we discussed in bellevue
16:21:43 [Zakim]
16:21:51 [dsriedel]
zakim, mute me
16:21:51 [Zakim]
dsriedel should now be muted
16:22:09 [jmayer]
We discussed these options (and alternatives) at length in Bellevue. I'm likewise not entirely a fan of the options the group selected - but it was the decision we made.
16:22:18 [aleecia]
ack dsriedel
16:22:29 [dsinger]
16:22:35 [Chris_IAB]
I would just urge us to consider the business magnitude of what this working group is proposing, and not rush to finalization without take the due steps and time to consider all the potential outcomes...
16:22:38 [dsriedel]
sorry, just had me muted
16:22:41 [dsriedel]
nothing else
16:22:50 [dsriedel]
zakim, mute me
16:22:50 [Zakim]
dsriedel should now be muted
16:23:10 [sidstamm]
aleecia: one more week… please if you have something you can't live with in one of those options, please weigh in
16:23:18 [sidstamm]
… don't weigh in if you are okay with the options
16:23:19 [aleecia]
16:23:31 [efelten]
Most of the voices here represent business. I don't think there's any risk of business interests not being represented.
16:23:39 [npdoty]
Zakim, who is on the phone?
16:23:44 [Zakim]
On the phone I see aleecia, cblouch, eberkower, alex, npdoty, jeffwilson, dwainberg, BrendanIAB?, efelten, [Microsoft], adrianba (muted), fielding, Chris_IAB, Damiano, ninjamarnau,
16:23:47 [Zakim]
... johnsimpson, vinay, [Microsoft.a], [Mozilla], chapell, [Google], [Apple], WileyS, amyc, +1.646.827.aajj, KevinT, rvaneijk, tedleung, [FTC], +1.415.627.aall, hwest, jmayer,
16:23:50 [Zakim]
... schunter, Brooks, dsriedel (muted)
16:23:52 [Zakim]
[Mozilla] has sidstamm
16:23:54 [Zakim]
[Apple] has dsinger
16:23:56 [Zakim]
[Google] has ifette
16:23:59 [Zakim]
[Microsoft] has suegl
16:24:08 [sidstamm]
aleecia: [checking the attendees list for id]
16:24:08 [WileyS]
WileyS has joined #DNT
16:24:23 [laurengelman]
i am 415 627
16:24:37 [npdoty]
Zakim, aajj is Matt_AppNexus
16:24:37 [Zakim]
+Matt_AppNexus; got it
16:24:42 [npdoty]
Zakim, aall is laurengelman
16:24:42 [Zakim]
+laurengelman; got it
16:24:45 [aleecia]
An origin server MUST make a public commitment that it complies with this standard through the provision of a site-wide tracking status resource [[!TRACKING-DNT]].
16:24:45 [sidstamm]
aleecia: we ran out of time when discussing issue 25
16:25:15 [WileyS]
I'm assuming this same rule applies to UAs?
16:25:27 [dwainberg]
16:25:35 [sidstamm]
… anyone who has an issue with this text (from IRC)
16:25:38 [aleecia]
ack dwainberg
16:26:08 [WileyS]
Existance vs. a specific statement
16:26:29 [WileyS]
Good question - I would suggest it must be "include a specific statement"
16:26:34 [sidstamm]
dwainberg: does this say that the provision of the site-wide tracking resource is a public comitment, or that the resource must include a public commitment?
16:26:35 [WileyS]
Disagree with existance
16:26:37 [WileyS]
16:26:43 [sidstamm]
aleecia: the former, we should clarify it
16:26:49 [Zakim]
16:26:53 [efelten]
16:26:54 [sidstamm]
dwainberg: I don't support that, would rather allow servers some flexibility about public commitment
16:27:01 [hober]
Zakim, Apple.a is me
16:27:01 [Zakim]
+hober; got it
16:27:02 [npdoty]
16:27:06 [dsinger]
that makes it hard to partially implement (in progress work)
16:27:06 [jmayer]
16:27:23 [JC]
JC has joined #DNT
16:27:29 [fielding]
So, dwainberg wants a status that says "no"
16:27:35 [aleecia]
ack WileyS
16:27:36 [sidstamm]
dwainberg: this is looking like a legal hook for compliance and may get messy for some folks… nice technically, but not legally
16:27:40 [Zakim]
16:27:50 [ifette]
16:28:00 [sidstamm]
wileys: not a lawyer, agree with dwainberg in principle. Don't think the existence of that resource should be public commitment, but we could put something inside that resource
16:28:14 [Zakim]
16:28:22 [npdoty]
fielding, dwainberg or a field in the resource that says "yes, I comply"
16:28:25 [aleecia]
ack efelten
16:28:34 [sidstamm]
aleecia: that's another issue (literally)
16:28:41 [fielding]
npdoty, we already have that
16:28:59 [sidstamm]
efelten: what's the alternative? If a site publishes a resource that says "I'll be have this way", isn't it an assertion to the user that it'll do what it says?
16:29:07 [sidstamm]
aleecia: are you suggesting we don't need this text at all?
16:29:11 [WileyS]
Ed, depends on the flexibility of how your implementation is expressed in the resource.
16:29:16 [amyc]
16:29:21 [hwest]
16:29:29 [sidstamm]
efelten: I want to understand why people want to argue that a statement in the tracking status resource could be different than how a site acts
16:29:35 [aleecia]
who is speaking> david w?
16:29:41 [WileyS]
Yes - David W.
16:29:49 [npdoty]
fielding, there's a dedicated field for that? or you're suggesting just the presence of the resource at all?
16:30:00 [sidstamm]
dwainberg: the resource itself shouldn't constitute the commitment, but you could put something inside it
16:30:11 [WileyS]
+1 David
16:30:14 [Zakim]
16:30:17 [aleecia]
we have a queue
16:30:26 [sidstamm]
dsinger: it could mean that the resource existing is a suggestion you're working on it (partial compliance)
16:30:33 [hwest]
+1 David
16:30:43 [fielding]
npdoty, tracking field does exactly that
16:30:53 [aleecia]
16:31:00 [sidstamm]
dwainberg: difference is between the commitment technically (to implement a spec) and commitment to behave in a certain way
16:31:01 [fielding]
… but we have no option for "no"
16:31:11 [sidstamm]
I think we're talking past each other
16:31:43 [Chris_IAB]
you might message the user that you see their header, but are not going to honor it per the W3C spec
16:31:45 [WileyS]
Ed, we're with you on what is "IN" the resource, not the resource itself
16:31:46 [sidstamm]
efelten: I don't understand the confusion -- if you put a statement in a resource, how should it be interpreted?
16:31:50 [dsinger]
e.g. "3" says "I am behaving in compliance with the rules for a 3rd party"
16:32:10 [sidstamm]
dwainberg: if the company states what it does, that's what it does, but it's not public commitment to the full standard
16:32:18 [fielding]
16:32:29 [Chris_IAB]
it's a VOLUNTARY spec/standard
16:32:50 [sidstamm]
… the spec is gonna describe certain feedback the server must contain in the resource
16:33:01 [sidstamm]
… and if the server lies in the resource, it's a problem
16:33:13 [sidstamm]
… but this language says that just *having* the resource is a commitment to the entire spec
16:33:16 [Chapell]
Chapell has joined #DNT
16:33:30 [WileyS]
Ed, yes
16:33:32 [sidstamm]
efelten: but the statements in the status resource should be truthful
16:33:35 [sidstamm]
dwainberg: yes
16:33:41 [sidstamm]
efelten: and users can rely upon them?
16:33:49 [sidstamm]
dwainberg: that's probably true, yes
16:34:02 [WileyS]
Ed, yes - what is "in" the resource is not the argument - its the mere existence of the resource doesn't mean you're following ALL aspects of the standard in full compliance
16:34:05 [aleecia]
ack jmayer
16:34:28 [sidstamm]
jmayer: seems to me the issue at base here is the extent to which we want to facilitate companies' ability to comply with just part of the compliance spec and just do the protocol
16:34:29 [WileyS]
Much like UAs today :-)
16:34:55 [sidstamm]
… if just having it means you comply with the spec, it's harder to pick and choose
16:35:12 [sidstamm]
… but if there's a separate field, it is easier to pick what you implement
16:35:18 [Zakim]
16:35:28 [Chris_IAB]
neither the W3C or SEC have any ability to regulate how companies reply to a HTTP Header Flag... companies are free to respond to it how they feel is appropriate
16:35:31 [sidstamm]
… I think ed is pointing out that if there was not a separate field, something that *looked* like compliance (the resource) should not be relied on
16:35:41 [Chris_IAB]
sorry, not SEC :)
16:35:45 [Chris_IAB]
16:35:56 [aleecia]
ack ifette
16:36:03 [sidstamm]
are you trading headers on a market, Chris_IAB ?
16:36:13 [sidstamm]
ifette: to what extent do we want to support partial compliance?
16:36:38 [sidstamm]
… if we look at past history, of other work, people start sending invalid statements because they can't express what they want through the spec
16:36:44 [dwainberg]
excellent point about p3p
16:36:50 [Chris_IAB]
sidstamm, now sure what you mean by "trading headers on a market"?
16:37:01 [sidstamm]
… there will be a number of people who want to do the right thing, but if our spec is not flexible enough, it will cause issues
16:37:13 [sidstamm]
Chris_IAB, it was a joke about your SEC comment
16:37:13 [Chris_IAB]
sid, that's right
16:37:19 [Chris_IAB]
ah, right
16:37:44 [Chris_IAB]
dyslexic moment :)
16:37:47 [sidstamm]
ifette: I would rather see a company who doesn't agree with the whole spec can at least tell the user something honest (partial implementation)
16:37:54 [sidstamm]
aleecia: I disagree with your comments on p3p
16:37:55 [aleecia]
ack amyc
16:38:08 [sidstamm]
amyc: want to echo dsinger and what adrian said on the last call.
16:38:27 [aleecia]
ack hwest
16:38:29 [sidstamm]
… need to be able to have a flexible spec to address this
16:38:34 [jmayer]
The issue of phase-in is separate from the issue of partial adoption.
16:38:38 [Chris_IAB]
...and you would specify that in your privacy policy, not in the communication protocol between two servers
16:38:55 [sidstamm]
hwest: I've been hearing that having a tracking resource in itself means you comply with the spec -- that's a big problem, just wanted to make it clear that this is not good
16:39:02 [jmayer]
hwest, I think everyone was talking about the W3C Compliance spec.
16:39:04 [sidstamm]
… efelten and dwainberg were talking about different things
16:39:25 [sidstamm]
… if there's a resource on the server [regardless of its contents] does it mean it's fully compliant to the w3c spec?
16:39:32 [npdoty]
the statements in the tracking resource rely on definitions in the Compliance specification, though
16:39:43 [aleecia]
ack fielding
16:39:46 [sidstamm]
… I don't think it's a good option. We could put something inside the resource to claim it, but it should not be assumed by the resource's presence
16:40:06 [sidstamm]
fielding: currently, the only valid response for the tracking status resource is a claim of compliance with the spec
16:40:18 [sidstamm]
… fine with me if we want to make it more flexibile, but we need to revise the text
16:40:20 [dsinger]
maybe we need qualifiers back; 'p' suffix to say "I am in partial compliance (e.g. I am working on it)"
16:40:34 [efelten]
16:40:34 [sidstamm]
aleecia: what would this look like? A new response like "I do something with DNT, but don't fully comply"?
16:40:42 [Chris_IAB]
you could also reply that you don't comply with DNT, no?
16:40:46 [dsinger]
16:40:49 [dsinger]
16:40:51 [dwainberg]
the resource already includes a link to a policy, right?
16:40:52 [sidstamm]
aleecia: I think we're looking at two options
16:41:04 [sidstamm]
… (1) your response is enough to indicate "I implement DNT"
16:41:08 [npdoty]
if you don't comply, Chris_IAB, the spec says you can just not have a tracking status resource
16:41:16 [sidstamm]
… all of it, or a baseline defined in the spec
16:41:39 [efelten]
16:41:41 [sidstamm]
… (2) make changes to what the response looks like to have an additional part that says
16:41:54 [sidstamm]
… I implement parts of DNT, but not all, check for more information (here).
16:42:00 [sidstamm]
… and we'd need to update the compliance doc
16:42:04 [adrianba]
16:42:10 [sidstamm]
… if there are additional options, or I'm way off, speak up
16:42:16 [Chris_IAB]
npdoty, you can't legally dictate how companies reply to DNT headers... anyone can send a header-- it's just a header
16:42:28 [aleecia]
ack dsinger
16:42:42 [adrianba]
adrianba has joined #dnt
16:42:48 [fielding]
what I would add is an option for "not for your UA"
16:43:01 [jmayer]
16:43:08 [sidstamm]
dsinger: maybe we would have the qualify stack and after you say what party you are and such, we could add an additional char that says "but only part"
16:43:31 [sidstamm]
aleecia: we talked about this in the group, and it sounded like lots of people wanted to roll out all of their DNT support at once
16:43:42 [sidstamm]
… so there's not a needed provision for testing
16:43:50 [sidstamm]
… if it's changed, lets open an issue to address this
16:43:52 [npdoty]
Chris_IAB, I'm just pointing out the option that's defined within the spec: "an origin server that does not wish to claim conformance to this protocol would not supply a tracking status resource and would not send a Tk header field in responses."
16:43:55 [dwainberg]
yes, I would open that as an issue.
16:43:59 [adrianba]
zakim, unmute me
16:43:59 [Zakim]
adrianba should no longer be muted
16:44:00 [ifette]
16:44:02 [aleecia]
ack adrianba
16:44:11 [sidstamm]
adrianba: there's another option (3)
16:44:15 [ifette]
i don't think it's just "testing", I think it's "my steady state is something short of full compliance witht he spec"
16:44:20 [Chris_IAB]
npdoty, got it, thanks
16:44:37 [sidstamm]
… the policy doc doesn't need to say anything about this, people can use any form they want to make a public commitment
16:44:54 [sidstamm]
… the tech spec, just like every other tech spec, describes what a complete implementation should do
16:44:57 [Chris_IAB]
agree with David Singer
16:45:02 [sidstamm]
… the reality is that people incrementally implement stuff
16:45:11 [Chris_IAB]
how many browsers are HTML5 FULLY compliant today???
16:45:31 [sidstamm]
… if people don't fully implement the spec, they don't. We don't need a "partial compliance" flag
16:45:47 [jmayer]
16:46:00 [Chris_IAB]
sidstamm, can you please send that same kind of signal for HTML5? ;)
16:46:02 [sidstamm]
aleecia: you are advocating silence in the compliance spec and no additional flag for the technical side for incomplete implementations?
16:46:48 [sidstamm]
… for example, I'm partially done but we have to wait to finish rolling out or implementation of DNT
16:46:54 [sidstamm]
… I want to send something to say "not done yet"
16:47:13 [jmayer]
16:47:27 [Zakim]
16:47:47 [aleecia]
ack ifette
16:48:02 [npdoty]
in that case you wouldn't have a `tracking` field, and so it wouldn't be in compliance with the tracking-dnt spec either
16:48:02 [adrianba]
adrianba has joined #dnt
16:48:25 [sidstamm]
ifette: I agree with adrian that we want to make it possible, but I don't think it's an issue that we are *testing* dnt, but that the implementor actually disagrees with some of the spec and won't implement it
16:48:33 [adrianba]
rrsagent, pointer
16:48:33 [RRSAgent]
16:48:37 [sidstamm]
… I appreciate we don't want to get into the whole testing rathole, but this is different.
16:49:11 [sidstamm]
aleecia: the question I have is how do we avoid a situation where users rely on what they understand in the response from the site but it's wrong
16:49:55 [aleecia]
16:50:00 [aleecia]
ack jmayer
16:50:21 [rvaneijk]
@Chris_AIB, either you are compliant or not. WIth partial implementations claiming of full DNT compliance, we are not helping towards a fulfillment of the FTC critera to DNT.
16:50:23 [sidstamm]
jmayer: the first order issue is, "do we want to facilitate web sites speaking the DNT protocol but not actually acting in compliance with the spec?"
16:50:27 [WileyS]
+1 Ian
16:50:28 [dsinger]
for the record, I prefer it clean as it is (that the statement is a simple machine-readable statement of compliance); I just worry about staged bring-ups
16:50:30 [sidstamm]
… I think the answer should be NO
16:50:35 [Zakim]
16:50:42 [sidstamm]
… however we decide that issue, we can figure out how to implement it
16:50:56 [Chapell]
Chapell has joined #DNT
16:50:58 [fielding]
issue: do we need a tracking status value for partial compliance or rejecting DNT?
16:50:58 [trackbot]
Created ISSUE-161 - Do we need a tracking status value for partial compliance or rejecting DNT? ; please complete additional details at .
16:51:13 [WileyS]
Mayer, I like the idea of compliance codes: W3C, DAA, EDAA, etc.
16:51:18 [ifette]
16:51:38 [Chris_IAB]
interesting idea guys
16:51:44 [ifette]
and i unfortunately have to drop for a 10 meeting, but I do like the idea of "Here's some well-known thing I comply with, be it DAA, W3C, XYZ"
16:51:56 [dwainberg]
16:52:05 [efelten]
16:52:06 [Chris_IAB]
16:52:18 [sidstamm]
aleecia: I think you can imagine that the response back from the server could point to a type of compliance (point to an existing compliance doc from DAA, W3C, XYZ)
16:52:23 [dsinger]
which david?
16:52:26 [dsinger]
16:52:33 [WileyS]
dsinger :-)
16:52:35 [sidstamm]
dwainberg: I think others have given some examples that support my point, so I won't rehash it
16:52:36 [aleecia]
sorry - yes, davidw
16:52:55 [Zakim]
16:52:59 [Zakim]
+ +1.202.386.aamm
16:53:01 [ifette]
Zakim, aamm is ifette
16:53:01 [Zakim]
+ifette; got it
16:53:03 [jmayer]
I think an "I speak DNT, but I only comply with these documents" response would be a terrible idea. Just wanted to point out that the engineering is possible.
16:53:03 [sidstamm]
… one other example is other business models that may not be required to support DNT but want to implement it anyway
16:53:12 [sidstamm]
… but they don't want extra legal liability by trying to implement it
16:53:25 [sidstamm]
… but if we leave it the way it is, companies just won't deploy the tracking resource because of the risk
16:53:29 [aleecia]
we already have text of "you can be more privacy protective," there should be no risk to twitter
16:53:32 [fielding]
issue: If we have a mechanism for indicating partial compliance, how do we convey to the user why, and what is not being complied with, in a machine-readable manner?
16:53:33 [trackbot]
Could not create new issue - please contact sysreq with the details of what happened.
16:53:33 [trackbot]
Could not create new issue - please contact sysreq with the details of what happened.
16:53:39 [aleecia]
ack efelten
16:53:41 [sidstamm]
… they may respect the header and describe it in a privacy policy, but not implement the status resource
16:53:47 [Brooks]
sounds like the p3p issue of not issuing the full policy
16:53:59 [sidstamm]
efelten: we've had a suggestion that others can define what compliance means if it is put in the status resource
16:54:06 [WileyS]
jmayer, I think it was a great idea that you put out there - something we should seriously consider. It gives you the "on the hook" element I believe you're looking for and gives implementors the flexibility to support self-regulatory standards.
16:54:11 [sidstamm]
… but the group should think very carefully about it before we go down this road
16:54:20 [sidstamm]
… what happens if lots and lots of parties have their own definition?
16:54:41 [dsinger]
+1 to edfelten
16:54:42 [jmayer]
Again, I was pointing out that the engineering is possible, and the engineering ISSUE turns on the policy ISSUE.
16:54:47 [sidstamm]
… in a system where each third party has their own statement buried in their own privacy policy -- this system doesn't make a difference to users.
16:54:57 [sidstamm]
aleecia: that is one of the two reasons DNT is an interesting topic
16:55:10 [jmayer]
I would strongly oppose the design I mentioned, and I fully agree with what Ed just said.
16:55:11 [sidstamm]
… (1) persistence (2) baseline standard for compliance
16:55:13 [Chris_IAB]
David W brought a great point Ed: if companies are scared of FTC enforcement, they may just back away from it all together (in fear)-- that's not a good day for privacy
16:55:17 [Chapell]
Are regulators planning to provide a comprehensive, step-by-step guide re: how they plan to interpret and enforce the DNT spec?
16:55:24 [sidstamm]
… if there's a way to say there's a small group of deviations from the baseline, that might be worth investigating
16:55:38 [sidstamm]
… but the idea of "no standard" for DNT and anyone can make their own, seems opposite of the goal of this work
16:55:43 [fielding]
16:55:45 [trackbot]
Getting info on ISSUE-162 failed - alert sysreq of a possible bug
16:55:45 [sidstamm]
… this is my personal opinion as Aleecia
16:55:55 [aleecia]
ack ifette
16:55:59 [Chapell]
PS - that question is directed primarily to Ed, Rob @ Ninja (are there other regulators in the group?)
16:56:09 [Zakim]
16:56:19 [sidstamm]
ifette: I think right now what we see is not a proliferation, but a small number of deployed privacy protection measures
16:56:33 [sidstamm]
… like the DAA principles, other industry organizations, not W3C standards, but are standards
16:56:43 [sidstamm]
… agree with ed that every single company having their own standard is suboptimal
16:56:47 [johnsimpson]
johnsimpson has left #dnt
16:56:51 [sidstamm]
… but is not the necessary outcome of going down a road like this
16:57:00 [sidstamm]
aleecia: and lets go back to the particular issue
16:57:08 [sidstamm]
… there are other issues that can split off from this
16:57:16 [sidstamm]
… (1) testing -- should we add this as a new issue?
16:57:20 [rvaneijk]
@Chapell, that is your part of the puzzle. The regulators job is to define the norm.
16:57:38 [sidstamm]
… (2) flag of implementing w3c or someone else's standards -- or is this implicit?
16:58:02 [sidstamm]
dwainberg: there are two issues here
16:58:12 [sidstamm]
… where or how the public commitment is made and what the nature of the commitment may be
16:58:16 [sidstamm]
… these are two separate issues
16:58:22 [sidstamm]
aleecia: yeah, we may want to come back and pick them up
16:58:39 [Zakim]
16:58:59 [Chapell]
@RVaneijk - ok, but that is going to significantly delay implementation
16:59:00 [sidstamm]
… we are only discussing the issue of a public commitment at this time
16:59:05 [dwainberg]
ok...thanks, understood... sorry to interrupt
16:59:08 [aleecia]
1. text from Roy
16:59:12 [sidstamm]
aleecia: three paths
16:59:17 [sidstamm]
(1) text from roy
16:59:29 [sidstamm]
… responding = DNT compliance
16:59:34 [aleecia]
2. partial compiance
16:59:40 [sidstamm]
… (2) some way for partial compliance
16:59:48 [Chris_IAB]
wouldn't such an architecture allow the flexibility needed for countries to use DNT according to their laws? It's not a bad idea to consider... in the interest of global privacy concerns
16:59:55 [sidstamm]
… a response that will need to go into the TPE doc and also something in the compliance spec pointing to it
16:59:57 [aleecia]
(3) silence
17:00:06 [sidstamm]
… (3) silence -- stick with what we have
17:00:21 [sidstamm]
dwainberg: Number two is two pieces
17:01:03 [jmayer]
17:01:21 [aleecia]
ack jmayer
17:01:35 [sidstamm]
jmayer: they're the same, david. if you say the compliance statement goes in the PP, then you can do whatever you want.
17:01:43 [Chris_IAB]
Jonathan, and what's wrong with that?
17:02:20 [Chris_IAB]
shouldn't we allow users to decide where they will go, shop, etc. based on how they trust the sites they visit?
17:02:44 [sidstamm]
aleecia: what would be the benefit of having (2): the self-defined compliance definition
17:03:07 [sidstamm]
dwainberg: I think it's a bad idea to make the existence of a tracking status resource equal to an assertion of compliance.
17:03:31 [WileyS]
Aleecia, its more of a "I see your DNT signal and I honor it in this way"
17:03:41 [sidstamm]
aleecia: I understand your concern is that some response is that you comply with DNT.
17:03:46 [npdoty]
is dwainberg's concern about the resource being a public commitment different than the meanings of the fields in the resource being defined in the compliance spec?
17:03:50 [sidstamm]
… but I'm not sure I understand why having the same commitment in a privacy policy is different
17:03:58 [Chapell]
17:04:42 [aleecia]
"In order to be in compliance with this specification, a third party must make a public commitment that it complies with this standard. A "public commitment" may consist of a statement in a privacy policy, a response header, a machine-readable tracking status resource at a well-known location, or any other reasonable means. This standard does not require a specific form of public commitment."
17:04:58 [WileyS]
Nick - yes, the concern is that the text currently states that the "presence" of the tracking resource means you're supporting all elements of the W3C DNT standard vs. simply stating that what you deliver in the tracking resource is what you support.
17:05:13 [Chris_IAB]
Chapell just sent a "chapell" header in IRC and my response is "LOL"
17:05:16 [npdoty]
dwainberg, WileyS, but would you agree that the fields in the tracking status resource are a commitment to fulfilling the definitions of those terms?
17:05:28 [WileyS]
Aleecia - I like your text.
17:05:44 [sidstamm]
aleecia: lets make an action to think this through and draft something
17:05:46 [WileyS]
Nick, yes
17:06:08 [fielding]
just delete the last sentence
17:06:12 [hwest]
hwest has joined #dnt
17:06:18 [dsinger]
we would need proposed changes to "3Third party: The designated resource is designed for use within a third-party context and conforms to the requirements on a third party."
17:06:25 [Zakim]
17:06:29 [ifette]
ifette has joined #dnt
17:06:41 [Chapell]
@ DavidW - I'm happy to help with your proposal
17:06:53 [ifette]
+1 to David's proposal
17:06:56 [sidstamm]
aleecia: would anyone want to write up silence as an option?
17:07:12 [sidstamm]
… if nobody is willing to take this, we will rule it out as an option
17:07:19 [Chris_IAB]
confused what you are asking?
17:07:24 [tl]
Isn't silence what we already have?
17:07:35 [tl]
IE: ""
17:07:48 [adrianba]
adrianba has joined #dnt
17:07:49 [sidstamm]
aleecia: we have some people looking at a way to say "I partially commit to DNT"
17:08:06 [sidstamm]
dwainberg: I will ponder that as a piece of my other action
17:08:16 [Chris_IAB]
how about an action item to write a proposal for "I comply with X compliance policy" (x = DAA, W3C, etc.)
17:08:19 [npdoty]
action: weinberg to draft proposal regarding making a public compliance commitment (with Alan, Ian)
17:08:19 [trackbot]
Sorry, couldn't find user - weinberg
17:08:26 [Zakim]
+ +1.678.492.aann
17:08:27 [sidstamm]
aleecia: have two texts already from jmayer and fielding
17:08:30 [npdoty]
action: wainberg to draft proposal regarding making a public compliance commitment (with Alan, Ian)
17:08:30 [trackbot]
Sorry, couldn't find user - wainberg
17:08:33 [sidstamm]
… and silence as our fourth option
17:08:49 [fielding]
Aleecia, I am fine with the original text minus last sentence.
17:09:12 [sidstamm]
aleecia: to close out this discussion--do we have any interest in having a flag that says "I'm testing this, don't think I comply"
17:09:24 [npdoty]
action: dwainberg to draft proposal regarding making a public compliance commitment (with Alan, Ian)
17:09:24 [trackbot]
Sorry, couldn't find user - dwainberg
17:09:25 [sidstamm]
… nobody was interested in this as an issue, so we'll leave it
17:09:47 [sidstamm]
aleecia: lets talk about issue 123 action 116
17:09:49 [aleecia]
(b) Third parties should be prohibited from acting or representing themselves as first parties. (ISSUE-123)
17:09:49 [aleecia]
ACTION-116 on Thomas Lowenthal
17:09:51 [aleecia]
Original text:
17:09:52 [aleecia]
Proposed edit:
17:09:54 [aleecia]
HISTORY: From the Aug 1 call, the basic concern is that the language in the draft assumes parties will always and forever, in all cases, know what party they are despite the 1st and 3rd party definitions in the Compliance document that make it clear that is not the case. [We do have some debate over that text as well, which will need to be resolved, but that is another issue, specifically issue-60.] Other concerns arose, but the major and persistent concern wa
17:09:55 [aleecia]
use case where someone has content embedded in someone else's iFrame, is not aware they are 3rd and not 1st party, and has negative consequences through no action of their own.
17:09:57 [aleecia]
New suggestions for this text include using the phrase "knowingly represent," limiting the scope to just be about DNT responses, and adding language that this text does not suggest it is ok to misrepresent elsewhere ("This section is not intended to allow or prohibit any practices other than those explicitly addressed.")
17:10:00 [aleecia]
We agreed service providers will need to be integrated with this text, and are not currently.
17:10:01 [sidstamm]
aleecia: [pastes into irc]
17:10:02 [aleecia]
We did not discuss but might consider if examples in non-normative text could help clarify here. An example that specifically addresses iFrames seems apropos. That might help address the substantive concerns.
17:10:04 [Zakim]
17:10:05 [aleecia]
David Singer took action-233 to draft text to add similar intent to the TPE document, but after further reflection, closed the issue. No one was interested in taking it up from David.
17:10:08 [aleecia]
Tom Lowenthal was uninterested in updating his text to address concerns raised on the call, as he believes the text addresses them as-is.
17:10:11 [aleecia]
PROPOSAL: one of two paths.
17:10:13 [aleecia]
- Someone steps forward to offer a revised text that might address the primary concern raised. We review that text, and if it is now acceptable, we adopt. If there is still a split of strong opinions, we apply the decision process and call for objections.
17:10:17 [aleecia]
- If no one is interested in doing five minutes of further work on the action-161 text, we close it for lack of interest.
17:10:28 [sidstamm]
aleecia: the concern is that a company could no longer be a first party and not know it -- or something similar
17:10:46 [adrianba]
zakim, mute me
17:10:46 [Zakim]
adrianba should now be muted
17:11:04 [dsinger]
please note that Roy's proposed TPE language doesn't claim actual status, but intended-use status.
17:11:04 [aleecia]
17:11:35 [dsinger]
17:11:37 [sidstamm]
aleecia: is there someone willing to take the existing text and add something like "knowingly represent" that would address the concerns about accidental misrepresentation?
17:11:39 [fielding]
I volunteer in two weeks
17:11:42 [aleecia]
ack dsinger
17:12:20 [sidstamm]
dsinger: I just want to point out that the representation is "this resource is designed to be used in a [x] party context", so it's not clear that it's an issue
17:12:28 [sidstamm]
aleecia: what we have right now is two specs going in different directions
17:12:46 [sidstamm]
… in the compliance spec, the definitions involve what type the party thinks they are (first or third)
17:13:10 [sidstamm]
… I'm actually seeing the two specs not lining up
17:13:22 [sidstamm]
… and I think you're suggesting we make the specs align before we take this on
17:13:28 [sidstamm]
dsinger: I agree
17:13:38 [sidstamm]
aleecia: gonna postpone this discussion until the specs are better lined up
17:13:52 [aleecia]
(c) Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? (ISSUE-49)
17:13:53 [aleecia]
ACTION-161 on Shane Wiley: work on issue-49
17:13:54 [aleecia]
Current text is in the body of the action:
17:13:56 [aleecia]
HISTORY: we learned on the Aug 1 call that Shane intends this as a replacement for current text around service providers.
17:13:57 [aleecia]
Shane was to revise his prior text to reflect suggestions from the Aug 1 call, which included:
17:13:59 [aleecia]
Changing "operate as a First Party" to "operate under the rules for a first party" to clarify service providers have additional restrictions
17:14:00 [aleecia]
Renaming this section to "Service Provider"
17:14:02 [aleecia]
Updating to reflect there may be third parties on behalf of third parties, not just on behalf of first parties
17:14:03 [aleecia]
With the conclusion of Shane's edits, we will discuss this text on the call.
17:14:05 [aleecia]
Expected outcomes:
17:14:06 [aleecia]
- We acknowledged on the Aug 1 call that these proposals are likely to go through the decision process with a call for objections. We need alternatives we can adopt into the document.
17:14:09 [aleecia]
- Either we agree Shane's text is now complete, or there is another action item for any additional edits
17:14:11 [aleecia]
- The current text in the drafts is dated and does not reflect third parties acting on behalf of third parties. This suggests an action to update that text as well.
17:14:14 [aleecia]
- Once texts are complete, we compare them side-by-side
17:14:26 [npdoty]
editors are reminded to talk about how to align the tracking-dnt and tracking-compliance specs on design of resources for 1st/3rd
17:14:32 [sidstamm]
aleecia: action 161...
17:14:38 [aleecia]
Changed "A Third-Party MAY operate as a First Party if..." to "A Third-Party MAY operate under the rules for a first party if..."
17:14:38 [aleecia]
17:14:40 [aleecia]
A Third-Party MAY operate under the rules for a first party if the following conditions are met:
17:14:41 [aleecia]
- Data collected is separated for each First Party by technical means and organizational process, AND
17:14:42 [aleecia]
- The Third Party has no independent rights to the collected information outside of Permitted Uses (see Section X.Y), AND
17:14:43 [aleecia]
- A contractual relationship exists between the Third Party and the First Party that outlines and mandates these requirements.
17:14:44 [aleecia]
A Third-Party acting on the behalf of a First Party is subject to all of the same restrictions of a First Party.
17:14:52 [sidstamm]
aleecia: [reads paste from IRC]
17:15:15 [sidstamm]
aleecia: wileys, what is your plan with this?
17:15:47 [sidstamm]
WileyS: Ifrom the exceptions perspective, a third party representing another third party is still a third party. We can clarify, but I didn't think it was necessary.
17:15:57 [dwainberg]
How about inheritance of exceptions from 3rd pty to 3rd pty?
17:16:02 [sidstamm]
aleecia: lets clarify it, because this makes it sound like third party acting as other third party is forbidden.
17:16:11 [dwainberg]
(when the 2nd 3rd party is acting on behalf of...)
17:16:16 [fielding]
given that the definitions of party are wrong, this is kind of pointless
17:16:29 [WileyS]
Aleecia - sounds good
17:16:38 [WileyS]
Aleecia - did you see Roy's point?
17:16:40 [sidstamm]
aleecia: ok, lets leave 161 open for you to add this clarification
17:17:31 [Zakim]
17:18:19 [npdoty]
17:18:20 [WileyS]
Will do
17:18:26 [aleecia]
ack npdoty
17:18:41 [sidstamm]
npdoty: what I see in this compliance draft are two options that are similar
17:18:44 [sidstamm]
… first is longer
17:18:54 [sidstamm]
… but seems to be pretty much what shane is working on
17:18:59 [sidstamm]
aleecia: shane is rewriting it for this
17:19:05 [Zakim]
17:19:05 [WileyS]
Shane to add 3rd party acting as 3rd party - I thought that was it
17:19:07 [sidstamm]
npdoty: because of disagreement?
17:19:13 [Zakim]
- +1.678.492.aann
17:19:22 [sidstamm]
aleecia: just to clarify third party as other third party is ok
17:19:33 [WileyS]
Correction - a 3rd party operating on the behalf of another 3rd party.
17:19:43 [WileyS]
Nick, yes
17:20:16 [WileyS]
Agreed - made that change already
17:20:29 [aleecia]
(d) ISSUE-64POSTPONEDHow does site-preference management work with DNT
17:20:30 [sidstamm]
aleecia: one more thing for the next 10 minutes
17:20:30 [aleecia]
See the summary box in the issue ( -- this was about setting cookies that have non-identifiable information, for example, the user's default language. I believe we are unanimous in agreeing this is fine and does not require consent under DNT, provided the pool of users is large enough, though we are not quite agreed on final language, though pretty close.
17:20:31 [aleecia]
PROPOSAL: Move this from "postponed" to "open", and rename to "How do we describe non-identifiable data" to reflect the state of the conversation.
17:20:49 [sidstamm]
aleecia: issue 64, cookies with non-identifiable info
17:21:01 [sidstamm]
… I think we all agree this is a fine thing to do
17:21:08 [jmayer]
I think the current service provider language could be trivially edited to accomodate third party-to-third party service providers.
17:21:12 [sidstamm]
.. but aren't solid on the language or the minimums for "large enough group"
17:21:23 [sidstamm]
... but aren't solid on the language or the minimums for "large enough group"
17:21:35 [efelten]
For consistency, it's probably better to use "linkable" rather than "identifiable".
17:21:36 [sidstamm]
… but need to decide how to discern non-identifiable data
17:21:39 [tl]
tl has joined #dnt
17:21:40 [dsinger]
actions that are not 'tracking' are *out of scope* (and we should define the scope so that's clear)
17:21:54 [efelten]
17:22:02 [sidstamm]
aleecia: can't use "linkability" because in the european context it means something else
17:22:06 [efelten]
Need a definition too.
17:22:10 [BrendanIAB]
17:22:18 [sidstamm]
… but yes, this issue is for a definition as such
17:22:22 [aleecia]
ack BrendanIAB
17:22:40 [sidstamm]
BrendanIAB: just to clarify, the header from client to server just indicates the server should not collect the information to one degree or another
17:22:49 [sidstamm]
… I haven't read the text, but is there a prohibition about setting cookies?
17:22:50 [jmayer]
17:22:59 [sidstamm]
… as I understand it, it's just about not collecting cookies.
17:23:05 [efelten]
or "low-entropy"
17:23:18 [sidstamm]
aleecia: no prohibition on setting cookies, but we've agreed that it's absolutely fine to aggregate data
17:23:28 [jmayer]
17:23:32 [sidstamm]
… such as instead a unique identifier, it's a shared identifier
17:23:42 [sidstamm]
… or a language code
17:24:11 [jmayer]
There's no prohibition on setting *any* cookies, we agree on that. The EFF/Mozilla/Stanford proposal would prohibit setting certain cookies.
17:24:13 [sidstamm]
… we're pretty close I think. we all agree on the intent, but haven't nailed down the particulars.
17:24:32 [aleecia]
ack jmayer
17:24:44 [sidstamm]
jmayer: want to distinguish between "can't set any" and "can't set certain"
17:24:45 [tl]
What about -- say -- a shopping cart cookie which doesn't have anything intended to be an identifier, just the product codes for the thirty-five items in my shopping cart? It's high entropy, and it could probably be identified, but it's not an "identifier"?
17:24:57 [sidstamm]
… the question is which one
17:25:12 [dsinger]
17:25:15 [sidstamm]
… one view is that the purpose is what matters
17:25:16 [Chris_IAB]
DNT is only a preference indicator, it is NOT a cookie blocker or any kind
17:25:32 [sidstamm]
… my view is that you can set cookies, but they can't be used for identification (whether or not they are, it's about potential)
17:25:34 [WileyS]
Yes - unique IDs are the key divide
17:25:47 [sidstamm]
aleecia: yes, we're divided here
17:25:48 [WileyS]
Removing unique IDs breaks the entire Internet as currently built
17:25:53 [aleecia]
17:26:14 [sidstamm]
dsinger: I think the definition should focus on what you're allowed to do with the data
17:26:26 [jmayer]
BrendanIAB, glad we cleared that up. Will IAB now stop saying that DNT = stop all collection?
17:26:33 [sidstamm]
aleecia: not hearing disagreement with moving this to an open issue
17:26:38 [sidstamm]
… so lets do it.
17:26:48 [sidstamm]
… the next item needs more than 4 minutes
17:26:53 [dwainberg]
as dsinger was alluding to, this is more about the definition of tracking
17:26:53 [WileyS]
jmayer - removing unique IDs is THE SAME as stopping all collection
17:26:56 [sidstamm]
… a few things we didn't get to
17:27:07 [tl]
17:27:15 [sidstamm]
… one with ninja, hopefully she can join us again in the future
17:27:15 [dsinger]
17:27:17 [jmayer]
It's an adorable talking point y'all have, but it just so happens to be false.
17:27:20 [aleecia]
17:27:23 [aleecia]
17:27:25 [Chris_IAB]
jmayer, re your question to Brendan, we will do that when the compliance doc makes that point clear
17:27:40 [jmayer]
Chris_IAB, great, let's add one sentence on that. Done.
17:27:50 [WileyS]
jmayer - since we're the ones who actually operate in this space, I believe we're in a better position to define was is true or false. But nice try...
17:27:53 [Zakim]
17:28:01 [sidstamm]
aleecia: adjourned!
17:28:01 [BrendanIAB]
The "clearing up" sounds like there's lack of clarity wrt "can I set any cookie" vs "can I set only some types of cookies".
17:28:01 [Zakim]
17:28:02 [Zakim]
17:28:02 [Zakim]
17:28:02 [Zakim]
17:28:02 [Zakim]
17:28:02 [Zakim]
17:28:04 [Zakim]
17:28:04 [efelten]
efelten has left #dnt
17:28:06 [Zakim]
17:28:09 [Zakim]
17:28:10 [Zakim]
17:28:11 [jmayer]
17:28:12 [Zakim]
17:28:14 [Zakim]
17:28:18 [Zakim]
17:28:20 [Zakim]
17:28:22 [Zakim]
17:28:24 [Zakim]
17:28:26 [Zakim]
17:28:28 [Zakim]
17:28:30 [Zakim]
17:28:33 [Zakim]
17:28:35 [Zakim]
17:28:37 [Zakim]
17:28:39 [Zakim]
17:28:40 [Zakim]
17:28:42 [npdoty]
rrsagent, make logs public
17:28:44 [Zakim]
17:28:46 [Zakim]
17:28:48 [npdoty]
Zakim, list attendees
17:28:48 [Zakim]
17:28:50 [Zakim]
As of this point the attendees have been aleecia, cblouch, +1.813.358.aaaa, +1.646.654.aabb, alex, eberkower, +1.813.358.aacc, npdoty, jeffwilson, +1.646.801.aadd, dwainberg,
17:28:54 [Zakim]
... +1.813.358.aaee, BrendanIAB?, +1.813.358.aaff, efelten, suegl, [Microsoft], fielding, adrianba, +1.212.380.aagg, Damiano, Chris_IAB, ninjamarnau, johnsimpson, vinay, sidstamm,
17:28:57 [Zakim]
... +1.303.661.aahh, chapell, WileyS, dsinger, +1.206.361.aaii, +1.646.827.aajj, ifette, KevinT, hwest, amyc, +1.678.492.aakk, rvaneijk, dsriedel, tedleung, [FTC], +1.415.627.aall,
17:28:59 [Zakim]
... jmayer, schunter, Brooks, Matt_AppNexus, laurengelman, [Apple], hober, Joanne, +1.202.386.aamm, +1.678.492.aann, tl
17:29:06 [npdoty]
rrsagent, draft minutes
17:29:06 [RRSAgent]
I have made the request to generate npdoty
17:29:29 [Zakim]
17:29:31 [Zakim]
17:29:56 [Zakim]
17:32:39 [tedleung]
tedleung has left #dnt
17:34:14 [Zakim]
17:34:38 [npdoty]
rrsagent, bye
17:34:38 [RRSAgent]
I see 3 open action items saved in :
17:34:38 [RRSAgent]
ACTION: weinberg to draft proposal regarding making a public compliance commitment (with Alan, Ian) [1]
17:34:38 [RRSAgent]
recorded in
17:34:38 [RRSAgent]
ACTION: wainberg to draft proposal regarding making a public compliance commitment (with Alan, Ian) [2]
17:34:38 [RRSAgent]
recorded in
17:34:38 [RRSAgent]
ACTION: dwainberg to draft proposal regarding making a public compliance commitment (with Alan, Ian) [3]
17:34:38 [RRSAgent]
recorded in
17:34:41 [npdoty]
Zakim, bye
17:34:41 [Zakim]
leaving. As of this point the attendees were aleecia, cblouch, +1.813.358.aaaa, +1.646.654.aabb, alex, eberkower, +1.813.358.aacc, npdoty, jeffwilson, +1.646.801.aadd, dwainberg,
17:34:41 [Zakim]
Zakim has left #dnt
17:34:51 [npdoty]
trackbot, reload