13:18:46 RRSAgent has joined #fingerprint 13:18:46 logging to http://www.w3.org/2012/10/31-fingerprint-irc 13:18:50 Zakim has joined #fingerprint 13:27:42 wseltzer has joined #fingerprint 13:27:59 npdoty has joined #fingerprint 13:28:07 rrsagent, make logs public 13:30:08 KenjiBX has joined #fingerprint 13:31:07 Present+ Kenji_Baheux 13:32:31 caribou has joined #fingerprint 13:33:38 is someone available to scribe this session? 13:33:42 bradee-oh has joined #fingerprint 13:33:46 also, we better get started pretty soon here 13:34:46 adambe has joined #fingerprint 13:34:53 bhill2: Brad Hill, one of the chairs of the Web App Sec Working Group 13:35:00 dbaron has joined #fingerprint 13:35:02 fluffy has joined #fingerprint 13:35:06 annevk has joined #fingerprint 13:35:18 RRSAgent, draft minutes 13:35:18 I have made the request to generate http://www.w3.org/2012/10/31-fingerprint-minutes.html annevk 13:35:26 RRSAgent, make logs public 13:35:30 martin has joined #fingerprint 13:35:30 ... a while back when taking our spec to CR, received some feedback that it was unacceptable from a privacy point of view because it was detectable from JS, would give away characteristics about the browser 13:35:34 scribe: Josh_Soref 13:35:38 rigo has joined #fingerprint 13:35:41 scribenick: annevk 13:35:52 fwagner has joined #fingerprint 13:35:53 hta has joined #fingerprint 13:36:03 bradh: there's a view that preventing fingerprinting is a lost cause 13:36:17 ... and it quickly became apparent that there isn't such a consensus 13:36:25 bradh: ... and that we should move to alternatives like do not track 13:36:30 hsivonen has joined #fingerprint 13:36:32 anant has joined #fingerprint 13:36:32 ... to look at some of the past 13:36:37 ... what are we talking about 13:36:42 ... we aren't talking about cookies 13:36:44 tanvi has joined #fingerprint 13:36:51 ... we're talking about passive detection 13:37:00 ... panopticlick is the best example of this 13:37:06 fjh_ has joined #fingerprint 13:37:13 http://panopticlick.eff.org 13:37:14 zakim, who is here? 13:37:14 sorry, fjh_, I don't know what conference this is 13:37:15 On IRC I see fjh_, tanvi, anant, hsivonen, hta, fwagner, rigo, martin, annevk, fluffy, dbaron, adambe, bradee-oh, caribou, KenjiBX, npdoty, wseltzer, Zakim, RRSAgent, bhill2 13:37:40 ... there are 70/80 tests that can identify quirks about you 13:37:47 http://browserspy.dk 13:37:50 ... and academic projects that do microbenchmarks 13:37:57 ... to identify memory+speed 13:38:12 ... is this a problem we can solve 13:38:19 ... there's a number of asymmetries here 13:38:33 ... User constituency v. author constituency 13:38:37 ... more users, fewer authors 13:38:43 virginie_galindo_ has joined #fingerprint 13:38:43 ... obligation to users 13:38:45 I saw a project around the fingerprinting of graphics cards from using WebGL to render an image 13:38:51 ... asymmetry to make progress 13:38:59 ... how easy is it to undo that progress 13:39:05 christine has joined #fingerprint 13:39:14 http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf 13:39:15 ... once characteristics are findable, it's easy to monetize 13:39:30 dom has joined #fingerprint 13:39:32 ... there's a paradox of user control/privacy 13:39:37 ... opt in features to preserve privacy 13:39:43 ... the act of turning them on make them more unique 13:39:50 Josh_Soref has joined #fingerprint 13:39:58 ... that makes them more unique 13:40:02 ... there are ladders 13:40:02 chong has joined #fingerprint 13:40:03 q+ on some client-side fingerprinting being easier to detect/block in the browser 13:40:05 ... how much bandwidth 13:40:10 ... do these singals give 13:40:19 scribenick: Josh_Soref 13:40:22 q+ on "profiles" or standard configurations 13:40:34 ... within useragent, plugins, 13:40:38 ... whitelist of noscript 13:40:38 drogersuk has joined #fingerprint 13:40:43 q+ to ask what threat models we're using 13:40:50 ... user specific data inferable from application running in ua 13:41:03 ... there are things we advertise deliberately 13:41:07 ... apis for feature detection 13:41:11 hober has joined #fingerprint 13:41:16 ... browser is a code execution environment 13:41:20 ... thousands of api points 13:41:22 rsleevi has joined #fingerprint 13:41:33 ... paradox, public things 13:41:36 ... major version of browser 13:41:40 ... plus IP address 13:41:45 ... = unique fingerprint 13:41:49 ... where do we draw the line 13:41:58 ... privacy impact of things that maintain state 13:42:03 ... this is an IETF spec 13:42:05 wei_ has joined #fingerprint 13:42:05 ... HSTS 13:42:12 ... an HSTS super cookie 13:42:15 ... of one bit 13:42:23 ... think about explicitly as state 13:42:35 ... how do we realistically draw these lines 13:42:40 ... what's our adversary look like? 13:42:46 kboudaou_ has joined #fingerprint 13:42:53 ... an individual commercial site, trying to act w/ good intent 13:43:01 ... allow things to work ok 13:43:08 ... but commercial tracking sites 13:43:20 ... have an incentive to de-anonymize 13:43:29 ... then there are state-level actors 13:43:37 ... different consequences for these cases 13:43:39 martin has joined #fingerprint 13:43:51 ... targeted ads. v. Syrian dissident 13:44:03 ... WebAppsSec WG didn't agree w/ the UC threat 13:44:10 ... we were presented w/ a bad actor 13:44:22 ... but it ignored all existing ways bad actor could ask 13:44:30 ... if you're going to ask WGs to consider these 13:44:37 ... those kinds of norms matter 13:44:47 burn has joined #fingerprint 13:44:52 ... ietf has taken this on to some degree 13:45:00 ... Presence protocols 13:45:04 ... context matters 13:45:09 ... when designing a "new" protocol 13:45:13 ... we never really do that 13:45:20 ... we have a high bandwidth high functionality 13:45:27 ... this is very much like a Covert Channel 13:45:39 ... Lampson's "Confinement Problem" 13:45:47 ... we found it's difficult to minimize bandwidth 13:45:55 ... even when it's an explicit design criteria 13:46:09 .. we're trying to retroactively remove covert channels w/ 20+ years of history 13:46:17 ... the Private User Agent CG was chartered 13:46:34 ... not sure how approachable it is 13:46:40 ... there's also DNT effort 13:46:49 ... deal with it at Layer 9 13:46:57 ... commerce, agreements, policy, regulation 13:47:01 ... there's Incognito 13:47:11 ... this is more where the adversary is your Mom 13:47:19 ... there are UAs 13:47:32 ... designed to avoid selective fingerprint 13:47:41 selective minuting on the "mom" problem there josh ;-) 13:47:44 ... there's an approach to create a standard fignerprint 13:47:55 ... NSA using an out of date Firefox UA 13:47:59 [Torbutton design document: https://www.torproject.org/torbutton/en/design/#adversary] 13:48:02 [ slide of feedback from twitter ] 13:48:18 "it's impossible, we should try anyway" "the bread and butter of the security community" 13:48:50 http://www.techpolicy.com/Blog/Featured-Blog-Post/Users-Cannot-Win-in-a-Tech-Race-with-Advertisers-A.aspx 13:49:40 bradh: distinction between passive and active 13:49:49 ... i'll open the floor 13:49:49 q? 13:49:50 Topic: Feedback 13:49:57 RRSAgent, draft minutes 13:49:57 I have made the request to generate http://www.w3.org/2012/10/31-fingerprint-minutes.html Josh_Soref 13:49:58 q? 13:49:59 ack npdoty 13:49:59 npdoty, you wanted to comment on some client-side fingerprinting being easier to detect/block in the browser and to comment on "profiles" or standard configurations 13:50:10 q+ 13:50:20 bblfish has joined #fingerprint 13:50:24 npdoty: thanks bradh 13:50:35 ... i want to follow up on a couple of points 13:50:45 ... distinction you're pointing out re: active v. passive 13:51:05 ... it's relatively easy to detect when a web page is trying to access all of my fonts 13:51:09 ... a browser could clamp down on that 13:51:19 ... but when we add an identifiable header 13:51:23 ... they're hard to detect 13:51:30 ... and very easy to use for finger print 13:51:36 ... maybe we can make a substantial difference 13:51:40 ... i like standardized configurations 13:51:45 ... i've heard the move to mobile browsers 13:51:52 ... standardized screen sizes 13:51:57 ... updated browsers 13:52:11 ... have actually reversed the distinguishability bits 13:52:13 ... on DNT 13:52:15 q+ 13:52:20 ... rather than engaging in an Arms RAce 13:52:23 s/RAce/Race/ 13:52:30 ... DNT allows for a cooperative solution 13:52:41 ... it's explicitly focused on Cooperative 13:52:46 .. we understand there are attackers who won't 13:52:52 q+ 13:52:56 ... that's why i think it's worth persuing 13:53:05 Dewa has joined #fingerprint 13:53:05 ack wseltzer 13:53:05 wseltzer, you wanted to ask what threat models we're using 13:53:26 wseltzer: i wanted to go a bit further into questions 13:53:29 ... the threat model 13:53:33 ... and the user we're trying to defend 13:53:41 ... a user who is taking steps to protect privacy 13:53:49 ... could be aided by extra features for privacy 13:53:50 q+ to ask to hear from non-privacy advocates 13:53:59 ... even if passive user is exposing too much data to protect 13:54:02 FWIW, the way I approached this problem was by tackling small things. Removing Accept-Charset, removing bits from User-Agent, making the format of Accept-Encoding more normalized accross browsers, etc. There's a lot of bits unfortunately :/ 13:54:17 ... users vary from passive user, to incognito, to Tor in a dedicated VM 13:54:20 ... i'm interested in 13:54:40 ack drogersuk 13:54:43 drogersuk: great presentation 13:54:54 q- 13:54:57 ... i agree on threat models 13:55:02 ... in Web Crypto, and DAP 13:55:12 ... everyone avoids the difficult questions around where's the threat from 13:55:15 ... and risk quantification 13:55:21 is the great presentation somewhere available ? 13:55:31 ... if user is taking technical measures 13:55:40 ... it's a different user than child browsing internet 13:55:53 bradh: even users interested in anonymity and privacy 13:55:54 lstorset has joined #fingerprint 13:55:58 ... needs a browser that works 13:56:04 ... you could take the NSA route 13:56:14 ... "used to browse the web w/ JS off" 13:56:19 ... but that makes the web unusable 13:56:25 ... how do we keep moving? 13:56:33 ... create a profile that tries to hide things 13:56:38 ... but have that profile move forward 13:56:41 q? 13:56:45 ack dbaron 13:56:54 does the profile need to be static? or does a rotating and updating profile actually help as a defense? 13:57:05 dbaron: after speaking to various groups 13:57:11 ... i don't think we can solve this from a technical perspective 13:57:15 ... not even w/ fancy new tech 13:57:18 ... w/ tech from a long time 13:57:23 ... http-cache, redirect, cookies 13:57:36 ... give huge opportunities for tracking users 13:57:48 tlr has joined #fingerprint 13:57:51 q? 13:57:59 dbaron: go into a room asking about fingerprinting users 13:58:00 q+ 13:58:03 ... they'll come up w/ more things 13:58:11 ... if we want to fix it for really privacy concerned users 13:58:25 ... but i can't think of how to do it w/o significant degredation to UX 13:58:32 q+ 13:58:35 bradh: so, is it a lost cause that spec authors shouldn't consider? 13:58:36 q+ to ask can we ID the features, so a user can choose privacy even at the cost of breakage? 13:58:37 I think active tracking has become part of the architecture. 13:58:48 dbaron: the first casual category is relevant and worth considering 13:59:01 ... i don't think there's a realistic approach for serious attackers and average users 13:59:02 (i.e., there's client-side state that can be written and read back) 13:59:02 acak dom 13:59:06 s/acak dom/ 13:59:06 ack dom 13:59:06 dom, you wanted to ask to hear from non-privacy advocates 13:59:15 ekr has joined #fingerprint 13:59:18 q+ 13:59:19 dom: in many of the WGs i've been in, this question comes up, again and again 13:59:26 ... the question comes back, do we need to care or not? 13:59:26 q? 13:59:29 q+ 13:59:29 it may be easy, but if it's SO easy, then we wouldn't make advances towards anonymity, and it seems like we occasionally do (clearing Flash LSOs) 13:59:33 ... we've heard plenty of people who says "yes it matters" 13:59:41 ... but the cost of making it happen is so high 13:59:45 ... for the platform 13:59:50 q+ 13:59:53 ... maybe we won't have an answer today 14:00:07 ... what i'm hoping is we'll have a better understanding today, to how to go 14:00:09 q+ 14:00:13 ... if the answer is, "it's complicated" 14:00:22 ... i'd like to document various answers/things to consider 14:00:23 q+ 14:00:24 ack rigo 14:00:32 rigo: first of all 14:00:41 ... when we talk about creativity of those fingerprinting 14:00:53 ... we should talk about creativity of those trying to prevent fingerprinting 14:00:56 ... we should actually 14:01:02 ... the more info you expose, the better fingerprinting works 14:01:12 ... the better fingerpinting adaptation works 14:01:23 ... privacy in my European thread is 14:01:27 .. "is it really necessary" 14:01:32 I'm not sure the privacy position here is "no bits of entropy are allowed in new specs"; just that we should balance the fingerprinting risk and not do so egregiously since we can do better or worse on this problem 14:01:33 s/../.../ 14:01:47 ... if it's necessary in the context, then that may justify the risk 14:01:58 ... but i have some trouble w/ PeterXX's tool 14:02:03 ... if i'm one in 126k 14:02:08 ... v. 1 in 576k 14:02:24 ... what is it hindering/doing 14:02:33 dom: every WG when they hear about Fingerprinting 14:02:37 ... they say, yeah, let's think 14:02:43 ... but then we can't do this/this/that 14:02:51 ... the problem is calculating cost-benefit 14:02:53 q+ 14:02:57 ... if you ask WG, to think, they'll say yeah 14:03:02 ... but we can't do anything 14:03:05 dom, +1 on creating better metrics for calculating costs/benefits 14:03:09 rigo: WG puts its shoes of user 14:03:16 ... because it wants to decide if exposing info is good or not 14:03:23 ... after 8 years of privacy research 14:03:30 ... some sites i want to expose full details 14:03:36 ... but other sites, i'd like to expose less 14:03:41 rigo, +1 on this being about trust 14:03:50 ... ok consider risk 14:03:55 ... ok lose functionality 14:03:58 ... ok ask user 14:04:05 q? 14:04:06 ... that last one is a four letter word to browser vendors 14:04:08 ack fluffy 14:04:08 q? 14:04:16 agree with rigo 14:04:16 ack fjh 14:04:18 ack fjh 14:04:22 fjh: business driver 14:04:36 q+ fluffy(afterbblfish) 14:04:51 ... solutions may not be available technically today 14:04:53 ... but maybe tomorrow 14:05:02 ... and regulatory may appear 14:05:10 ... just saying you can't deal w/ it and discard isn't right 14:05:15 ... but try to document things 14:05:22 ... so at least you understand where things are at 14:05:28 ... and legal/regulatory catches up 14:05:30 ack ekr 14:06:00 ekr: there's an interaction between security and non-security 14:06:11 ... security says these are the unpleasant facts 14:06:21 ... and non-security says "why can't you do better"? 14:06:27 ... on WebGL fingerprinting, it's impossible 14:06:37 ... or malware/software vulnerability 14:06:43 ... attackers have way too much of an advantage 14:07:05 ... you'd need to come up w/ a plausible solution to secure existing browsers 14:07:08 I'm not sure I understand the analogy; we aren't always constantly suffering from malware even though it's a tough problem to solve entirely 14:07:16 ... there's a line in the sand between active and passive 14:07:24 ... new passive vectors need justification 14:07:30 ... new active don't worry about 14:07:32 q? 14:07:32 ack bblfish 14:07:35 ack bblfish 14:07:41 bblfish: agree w/ rigo 14:07:46 ... from identity space 14:07:50 npdoty, but if the attacker can exploit security flaws, he can often win a super-fingerprint 14:07:50 specs should indicate the risks and fingerprinting threats even if no technical solution obvious as there is a technical ands social dimension that should be understood 14:07:51 ... transparency of identity to user 14:08:02 ... safari - cert once, you never see you're sending it 14:08:14 ... i think it should be clear in UI to show what identity you're sending 14:08:15 s/technical/legal, regulatory/ 14:08:23 ... color coding 14:08:35 ... browser doesn't tell you that you're setting cookies 14:08:43 Josh_Soref: note that browsers once did show cookies 14:08:46 ... and it failed miserably 14:08:49 q? 14:08:55 bblfish: this is only solvable w/ ui designers 14:09:01 ... and crypto people, etc 14:09:01 thus when the demand for a solution results in corresponding regulation/legal mechanisms it will make it clear where technologies are impacted 14:09:08 ... aza raskin did some demos 14:09:11 ... i want more transparency 14:09:17 q? 14:09:21 so it is not a lost cause 14:09:21 ack fluffy 14:09:45 fluffy: i love the idea of having a mode 14:09:55 ... where i could run a browser in a way where i could lose some functionality 14:09:56 so that was relevant because it is feasible perhaps if you make it transparent what level you are in as a user 14:10:00 ... but i have some functionality 14:10:05 ... protect against script kiddie 14:10:08 ... not against NSA 14:10:10 ... how do we build it 14:10:15 hhalpin has joined #fingerprint 14:10:19 ... minimal functionality against weakest attacks 14:10:30 ... no one knows how to protect against timing attacks 14:10:35 ... it's a long term research problem 14:10:45 I liked nick's point that a browser could disallow large scale info collection 14:10:47 ... solve simplest attack against simplest cases 14:10:50 q? 14:10:55 ack burn 14:11:02 burn: as an individual user, i want privacy 14:11:08 .. but i agree w/ rigo, issue here is trust 14:11:16 ... if we want open web platform to be the platform for applications 14:11:22 ... same as if downloading apps for platform 14:11:33 ... for my phone, i get to look up information before i choose to download+install 14:11:38 ... am i safe? no 14:11:46 ... and once i install, it can finger print me completely 14:11:48 can we be clearer about that attack, fluffy? do we know that it's being used frequently in the wild? is it the kind of attack that works over long periods of time? why do sites still use cookies if it's so trivial? 14:11:54 ... but i made a trust distinction first 14:12:05 ... i'm not sure how we do it 14:12:13 ... i'd like to see a way to indicate your trust level in a web site 14:12:19 ... i trust X not to be bad to me 14:12:20 one approach has been reputation management 14:12:24 ... i don't trust the rest 14:12:36 ... maybe the default is that i go through tor except for ones i trust 14:12:38 q? 14:12:49 ... maybe i go through Tor for them 14:12:58 christine: i'm in IETF 14:13:00 ack christine 14:13:07 ... this is difficult 14:13:15 ... i'd be very upset if the answer is "yes, it's a lost cause" 14:13:17 s/in IETF/from the Internet Society, co-chair of the Privacy Interest Group/ 14:13:19 ... i don't think it's a lost cause 14:13:26 ... we may not solve it completely today 14:14:16 ... there's been a suggestion about developing a workshop 14:14:27 my earlier point summarised was: that was ( agreeing with Rigo I think ) that the user should be able to see his privacy level ( there is not even something for cookies currently) - there should be a principal of transparency of identity in the browser. This could allow the browser to understand how much of such passive fingerprinting could be going on. 14:14:31 hsivonen: commenting on WGs deciding if it's worth it 14:14:32 ack hsivonen 14:14:38 ... to decide if it's worth it 14:14:46 ... to make tradeoff 14:14:49 ... i think it's rather worthless 14:14:54 ... even if we started from 0 bits 14:15:04 ... after a few WGs decide they get to disclose a few bits 14:15:06 there is a tragedy of the commons problem 14:15:11 ... then at some point we reach "enough identifiable bits" 14:15:12 KenjiBX_ has joined #fingerprint 14:15:18 ... at which point the next WG say "why bother" 14:15:26 ... since each user is identifiable 14:15:31 ... so they will just expose 14:15:44 ... on the idea of using Tor for everything you don't trust 14:15:47 ... who wants that UX? 14:15:58 ... if you want to put some traffic through Tor to keep it separate from the browser 14:16:02 q? 14:16:05 ... you need to put tor in a VM 14:16:10 ... that's a shared VM image 14:16:16 ... that everyone using Tor uses the same image 14:16:18 it's precisely because a WG said "why bother" that we are in this room 14:16:19 ... and reset everything 14:16:26 ... every few minutes 14:16:31 ... you lose everything there 14:16:33 ... no bookmarks 14:16:34 or every cross-domain redirect 14:16:35 ... and if you run JS 14:16:41 TAILS: https://tails.boum.org/ (Tor on a liveCD VM) 14:16:48 ... potential attackers can see how fast your CPU is 14:16:54 ... and see your screen size 14:17:00 ... for the thing where you don't 14:17:04 ... where attacker can't run JS 14:17:04 q+ 14:17:05 or every cross domain link (anchor or embedding) 14:17:08 ... it might not be futile 14:17:26 ... so for everyone who tries to fingerprint may get caught 14:17:36 ... if you get caught, it's possible to apply legal solutions 14:17:44 ... but if you fingerprint through http headers 14:17:49 ... and send back results 14:17:55 ... there's no way to audit from outside 14:18:03 ... i think it's futile to try to make JS non fingerprintable 14:18:15 ... but it might make sense to make pure server side fingerprinting 14:18:22 ... make sure there's a risk to get caught 14:18:27 ... with social/legal consequences 14:18:29 +1 sounds interesting 14:18:40 wseltzer, you wanted to ask can we ID the features, so a user can choose privacy even at the cost of breakage? 14:18:43 ... for cache attacks, you need keys by referer origin 14:18:50 I think the detectable client-side fingerprinting also provides the possibility that a concerned user agent could detect or disable it in real-time 14:18:58 wseltzer: i wanted to make more concrete the privacy user UC 14:19:03 ... tor provides a browser bundle 14:19:10 ... with fingerprintable elements stripped out 14:19:13 ... it's based on Firefox 14:19:18 ... it's patched to remove features 14:19:20 q? 14:19:23 q+ 14:19:28 ... Tails liveCD is a VM to load the preconfigured browser+tor 14:19:36 ... for users willing to accept a degraded experience 14:19:41 ... not the rich web platform 14:19:50 ... features depending on Flash Video, scripting 14:19:58 ... but anonymous allowing them to post text to a blog 14:20:05 ... i'm hardly suggesting it be made a default 14:20:11 ... no rich video, no fonts, no user media 14:20:19 ... but are there ways we could help Tor developers and others 14:20:25 ... to make the anonymous experience 14:20:29 ... and give users the experience? 14:20:40 we're more likely to be informed by those people 14:20:41 ... could it be recommended that the feature be disablable? 14:20:48 q? 14:20:52 q+ 14:21:02 ... rather than them having someone decide for them that the rich experience is too good to pass up 14:21:02 q- 14:21:14 ack burn 14:21:24 burn: this is more about the user be able to say 14:21:38 ... there may be ways for specs to provide a way for untrusted sites to get something 14:21:47 ... to avoid users getting a 0 experience in that case 14:21:52 ack hhalpin 14:22:00 hhalpin: a year ago at identity workshop 14:22:07 ... the various anonymous browsing modes were brought up 14:22:15 ... and their various weaknesses 14:22:26 ... it might make sense to get anonymous surfing on browsers stronger 14:22:30 ... i've used Tails 14:22:36 ... but for many users, the cost is too high 14:22:51 bradh: sounds like we have a higher resolution definition of the problem set 14:22:56 ... and questions that need to be dealt with 14:23:03 ... if we want to ask spec authors 14:23:10 ... realistic profiles of users, and threat models 14:23:15 ... that's a lot of work to do 14:23:25 ... hope people are passionate to make this possible 14:23:30 ... i'll try to make the slides available 14:23:32 ... thanks everyone 14:23:41 dom: who would think this is a lost cause? 14:23:49 fluffy: with current research? 14:23:51 does browsers' privacy mode change the browser's fingerprint? 14:24:12 dom: is the state of fingerprinting in the browser with the current state so bad, tha making it is futile? 14:24:19 ... who doesn't know? 14:24:27 .... for the case where the attacker gets to run JS in your browser.... 14:24:33 tlr: my question is, which question are you asking? 14:24:42 ... hsivonen distinguished between active and passive 14:24:50 ... they're lost/non-lost in different ways 14:25:06 ... is the ability to store data on the client included/compartmentalized? 14:25:07 q? 14:25:10 q+ 14:25:21 ... there's a few questions here that depending on scope create different answers 14:25:22 q- 14:25:26 dom: thanks for the discussion 14:25:30 ... hope there's followup in PIG 14:25:38 bradh: thanks Josh_Soref for scribing 14:25:42 [ applause ] 14:25:49 not sure if the rest of the people weren't answering, or dont think its a lost cause. 14:26:01 +1, suggest that we continue discussion in PING, as it sounds like there are some possible valuable work items related 14:26:19 tanvi: or not completely lost 14:26:27 s/tanvi:/ tanvi, 14:26:54 rrsagent, make minutes 14:26:54 I have made the request to generate http://www.w3.org/2012/10/31-fingerprint-minutes.html caribou 14:26:56 lstorset has left #fingerprint 14:27:07 bhill2 has joined #fingerprint 14:27:11 RRSAgent make minutes 14:27:26 already done, Brad 14:27:26 RRSAgent, make minutes 14:27:26 I have made the request to generate http://www.w3.org/2012/10/31-fingerprint-minutes.html bhill2 14:27:31 RRSAgent, set logs public visible 14:27:46 fluffy has left #fingerprint 14:28:01 caribou has left #fingerprint 14:38:13 rsleevi has left #fingerprint 14:38:14 rsleevi has joined #fingerprint 14:38:16 rsleevi has left #fingerprint 14:43:46 annevk has left #fingerprint 14:44:45 fwagner has joined #fingerprint 14:50:05 anant has joined #fingerprint 15:00:21 bhill2 has joined #fingerprint 15:01:07 hta has joined #fingerprint 15:03:37 fwagner has joined #fingerprint 15:03:51 bradee-oh has joined #fingerprint 15:10:43 burn has joined #fingerprint 15:10:49 burn has left #fingerprint 15:15:26 fjh has joined #fingerprint 15:20:07 drogersuk has joined #fingerprint 16:03:19 tanvi has joined #fingerprint 16:03:34 tanvi1 has joined #fingerprint 16:05:19 tanvi2 has joined #fingerprint 16:05:56 tanvi2 has joined #fingerprint 16:07:24 hta has joined #fingerprint 16:08:02 fwagner has joined #fingerprint 16:19:29 Dewa has joined #fingerprint 16:31:51 tlr has joined #fingerprint 16:55:09 Zakim has left #fingerprint 18:50:12 hta has joined #fingerprint 20:26:34 fjh has joined #fingerprint