18:17:02 <RRSAgent> RRSAgent has joined #dnta
18:17:02 <RRSAgent> logging to http://www.w3.org/2013/02/11-dnta-irc
18:21:33 <wseltzer> wseltzer has joined #dnta
18:21:37 <wseltzer> wseltzer has left #dnta
18:21:42 <wseltzer> wseltzer has joined #dnta
18:28:13 <fielding> fielding has joined #dnta
18:31:01 <amyc_> amyc_ has joined #dnta
18:33:27 <haakonfb> haakonfb has joined #dnta
18:35:09 <npdoty> npdoty has joined #dnta
18:36:24 <justin> justin has joined #dnta
18:36:32 <justin> Hello all!
18:36:52 <haakonfb> +1.617.761.6200, conference code 26631
18:37:46 <Chapell> Chapell has joined #dnta
18:39:17 <justin> scribenick: haakonfb
18:39:48 <afowler> afowler has joined #dnta
18:39:49 <haakonfb> Justin: I was not aware until moments ago. Peter emailed me a bunch of questions for us to explore
18:39:58 <Brooks> Brooks has joined #dnta
18:40:18 <haakonfb> … related to the last slide he was talking about - reading pseudonymously
18:40:48 <haakonfb> … first key question. Our lifetime browsing history can be collected by third parties
18:41:04 <haakonfb> … collection of all the stuff we do over time
18:41:37 <haakonfb> … your ISP collects all your URIs throughout your history
18:41:56 <haakonfb> Alan: What can collect all of all of your web browsing history
18:42:29 <haakonfb> Justin: Like buttons can get the most. No one can collect lifetime browsing history
18:42:46 <haakonfb> Chris: The data collected by one entity
18:43:07 <justin> q?
18:43:21 <haakonfb> Brooke Dobbs: Who can keep track over a substantial amount of time
18:44:11 <haakonfb> Justin: Someone can see a bunch of you. About third parties that can se a bunch of you
18:44:28 <tlr> tlr has joined #dnta
18:44:45 <haakonfb> Chris: Conversation with Peter. He talked about complete browsing history potential sensitive information
18:45:17 <haakonfb> Justin: A browsing history over substantial time can be privacy sensitive
18:45:40 <haakonfb> Chris: Someone passes on email address etc inline in the URI
18:46:13 <haakonfb> … or triangulate different pieces of data that individually are non-personal
18:46:20 <justin> q?
18:46:40 <haakonfb> Amy: Identifiable vs getting down to a list of fewer of 10 people.
18:47:08 <haakonfb> … public library reading history. Could get to that this is probably Amy.
18:47:39 <haakonfb> Alex: Just as background. Research over last six month on stored browser history with users.
18:47:54 <haakonfb> … perception of sensitivity vs personal identifiable information
18:48:28 <haakonfb> … not possible to link to identifiable persons, but topics of sensitivity. People feel uncomfortable that this is collected.
18:48:55 <haakonfb> Justin: Just the fact that a third party has a record that their computer records they visited a site is sensitive?
18:49:50 <haakonfb> Alex: People provided data under double opt-in. 10-20 users provided their complete browsing history. The most visited sites were related to them in a way they felt sensitive
18:50:05 <haakonfb> … lot of concerns if this data was to be used for anything.
18:51:10 <haakonfb> Chris: There is the idea that someone collects information that cannot be linked to a user, but risk of re-association.
18:51:34 <haakonfb> … Peter were probing about: If we would limit the retention period, is this a win for privacy?
18:51:55 <haakonfb> Justin: But security reasons for keeping the URL
18:52:46 <haakonfb> Chris: Information + how it is accessed. Security and fraud detection teams want to keep all log data to audit for security reasons.
18:53:05 <haakonfb> … this is a very controlled environment
18:53:29 <haakonfb> … need to decouple this from online advertising where we deliver an add based on profile
18:53:52 <haakonfb> … how do we get bad actors out of the ecosystem. Need to use forensic data to keep bad actors out.
18:54:16 <haakonfb> Justin: Data can be accessed by the government.
18:54:37 <haakonfb> Chris: Government access to URI information. Will not get that from publishers.
18:54:49 <haakonfb> Justin: DNT will apply for sites relevant for governments
18:54:59 <haakonfb> Alex: number of blog posts about this.
18:55:55 <peterswire> peterswire has joined #dnta
18:56:12 <haakonfb> … certainly are ways URIs can be kept client side and exposed via APIs. Make server side profiles redundant. Already testing with publishers. Future innovation as relates to browsing history.
18:56:46 <peterswire> rrsagent, make record world
18:56:53 <haakonfb> Chris: Reality - trading building trillion of dollars on a system that is server side. It takes time to get that innovation in the marketplace.
18:57:27 <haakonfb> Justin: we are not there now or at the time DNT is deployed. We will still need to handle server side collection
18:58:39 <haakonfb> Chris: Change in a big revenue factor has to be taken cautiously.
18:59:51 <haakonfb> Justin: The wish not to be watched is independent of the purpose of the collection.
19:00:33 <haakonfb> Brooks: It is a fundamental thing. When you consume something from a publisher but there is a fundamental value exchange.
19:00:47 <haakonfb> Justin: Let's call it interest - not right
19:01:02 <haakonfb> Brooks: Is it a fair assumption. There will always be a value exchange.
19:01:42 <haakonfb> Amy: Come up with something that preserve user interests but does not alter the value proposition.
19:02:24 <haakonfb> Chris: Users have already has an expectation on reading and receiving adds that are relevant for them
19:02:50 <haakonfb> … It's creepy because it happens. But lot of things users are not concerned about
19:03:26 <haakonfb> … when you turn on the television set (free to air television). Free television as exchange for adds
19:03:27 <BillScannell> BillScannell has joined #dnta
19:03:34 <haakonfb> Justin: Adds yes - data: no
19:04:08 <haakonfb> Brooks: Miscommunication - value exchange - seen the add OR seen the add AND the data
19:05:25 <haakonfb> Rick: From a consumer perspective: I can't tell you unless re-targeted.
19:05:53 <justin> s/adds/ads
19:06:10 <haakonfb> … mentality that this is the "crap" direct marketing industry.
19:06:44 <haakonfb> Chris: One thing is confused: Some think that ads are served to an individual person.
19:06:58 <haakonfb> … ads are served in buckets/segments
19:08:07 <haakonfb> Alex: Your folks might think they interact with CNN etc, but in addition there is the third parties.
19:08:24 <haakonfb> … the third party dimension changes the value exchange
19:08:58 <haakonfb> … the third parties provide value to publishers and users, but not accountable towards users
19:09:29 <haakonfb> Chris: DAA program: Accountable towards users in a transparent way.
19:10:39 <haakonfb> Alex: Two dimensions: 1) Is a consumer aware that there is multiple parties. Awareness is not part of the mental model of the consumers. Want to make sure that a consumers is aware of the total picture
19:11:28 <haakonfb> Chris: The press writes about it. The story is getting to the surface. How can DNT get the message to the users
19:11:51 <haakonfb> Alan: We are way off original question.
19:12:15 <peterswire> peterswire has joined #dnta
19:12:15 <haakonfb> … what happens if DNT means you cannot collect these URLs for advertisement purposes
19:13:17 <haakonfb> Chris: let's assume that holding this long list of full URIs is negative?
19:13:38 <haakonfb> Brooks: Why do we think that collecting URIs has something to do with tracking.
19:14:19 <haakonfb> … if I'm Levis and pay for reaching women in Spocana, Washington, I need this as evidence I get what I paid for.
19:14:37 <haakonfb> … we can solve this targeting problem, but it is needed for financial reports.
19:14:56 <haakonfb> Justin: 1) How long need to keep? 2) What do you do with Apple devices
19:15:32 <haakonfb> Brooks: Don't serve the ads to Apple devices (don't serve if you can't make reports)
19:16:08 <haakonfb> … how long depends how big campaign, and how strict the ads purchaser is.
19:16:49 <haakonfb> Chris: from a publisher perspective - from targeting perspective - don't need it for long.
19:18:29 <haakonfb> Alan: Is there a way to roll up this to the domain level?
19:18:37 <haakonfb> Brooks: Depends upon what's sold.
19:18:48 <haakonfb> Justin: Low-entropy cookies will not fix this
19:19:44 <haakonfb> Chris: one year for logs?
19:20:00 <haakonfb> Brooks: Not the industry - the individual purchasers of ads
19:20:16 <haakonfb> Chris: IRS - keep records for 7 years.
19:20:21 <peterswire> global
19:20:35 <peterswire> sorry, disregard
19:21:15 <haakonfb> Justin: EFF has given in on IP-addresses. Keep IP-addresses for these purposes.
19:22:11 <justin> scribenick: chapell
19:22:51 <Chapell> Chris - on the buy thru, its a first party relationship at that point, the user has clicked thru
19:23:02 <peterswire> peterswire has joined #dnta
19:23:08 <Chapell> brooks - talking about impression fraud
19:23:42 <Chapell> brooks: need to have DoubleVerify in the discussion
19:24:04 <Chapell> Chris: two diff practices  --- 1. targeting and 2. verifying that what I bought is what I got
19:24:15 <Chapell> rick: ebay looks at fraud a bit more broadly
19:26:17 <Chapell> Chris: if you buy on an MRC accredited source, a publisher, then the auditor has checked to see that you are filtering bot traffic.
19:27:29 <Chapell> Justin: still want to collect info for limited buckets... no targeting, but other uses might be ok... but once you go down that route, and you define fraud too broadly, then the exception swallows the rule
19:28:10 <Chapell> Brooks: Do we care that Levi's keeps a record of everywhere that they saw you?
19:28:32 <Chapell> Brooks: its the advertiser, and not just the ad networks
19:28:55 <Chapell> Brooks: ad networks have similar needs to advertisers
19:30:01 <Chapell> Justin: is there a logical distinction between retention periods for different players?
19:30:47 <Chapell> Justin: the goal here is to find practical ways to forestall the scenario where DNT results in the exact same amount of info as no DNT
19:31:34 <Chapell> Brooks: 65% of the $40 billion ad spend is performance marketing
19:32:18 <Chapell> Justin: users don't have a broken experience on apple devices.
19:32:39 <Chapell> Brooks: that's not the question... the question is "what happens if everyone is significantly more difficult to measure"?
19:33:24 <Chapell> Brooks: what if all browsers did the same thing as safari? How does that impact the ability to measure and trust one's ad buy (as an advertiser or ad network)?
19:34:22 <Chapell> Afowler: Is there an alternative approach where one could still have the record that one needs to proove that they got what they delivered?
19:34:49 <Chapell> Brooks: is there a third party we can trust who DOES have that info? (and then others don't need that info)
19:35:50 <Chapell> Justin: retention has some inherent risks, but they can be minimized (potentially - but pretty difficult)
19:36:37 <Chapell> HaaKon: in the balancing of things the idea of some retention could be ok, but we need to minimize the hit to the ecosystem
19:37:08 <Chapell> Justin: a few trusted parties having some info is better than all parties having all (or nearly all) of the data
19:38:49 <Chapell> Chris: MRC call --- some confusion --- accredidation against the MRC standards is different than an audit... they won't accredit against things that don't meet their guidelines
19:39:12 <Chapell> Brooks: you want some proof that you have received something for your $$$$
19:40:44 <Chapell> Chris: MRC accredidation process.... what is being baught versus what is being sold is something that is done on a year to year basis
19:41:06 <schunter> schunter has joined #dnta
19:41:52 <Chapell> Brooks: buyers feel better about inventory because they have their own independent means of verifying their ad spend
19:44:33 <Chapell> Justin: at some point, the descriptor can be so specific that there is no distinction between the URI and the category segment
19:45:49 <Chapell> Justin: the attributes - when combined - at some point become identifiable
19:48:56 <Chapell> Amyc: the key might be to roll up the data post collection --
19:50:13 <Chapell> Justin: the threat model is not limited to the collection of URIs, the threat is the compilation of categories (based upon the URI) that is tied to a UID
19:51:27 <Chapell> Chris: Once someone starts visiting sensitive websites and having those segments tied to you (e.g., HIV, STD) , if industry agrees to NOT touch those segments or URIs, then isn't that a meaningful step forward?
19:51:53 <Chapell> Haakon: URI and sensitivity of segments are really important
19:54:11 <Chapell> Justin: can we strip out traditional PII from the data stream as well?
19:54:38 <Chapell> Justin: can we strip out traditional PII from the data stream as well?
19:56:18 <hwest> hwest has joined #dnta
19:58:16 <amyc_> had to drop off for another call
19:58:21 <amyc_> great discussion
19:58:44 <justin> scribenick: brooks
19:59:51 <Brooks> Justin: does DAA prohibit retargeting?
19:59:57 <afowler> I dropped off, too. I'll be back in in an hour or so.
20:00:05 <Brooks> Chris: Retargeting not Behavioral
20:00:06 <peterswire> peterswire has joined #dnta
20:00:49 <Brooks> Chris: should there be "good practices" for retargeting?
20:01:12 <Brooks> Chris: education component needs to be improved
20:01:39 <Brooks> Chris: there  could be standards on user education
20:02:05 <Brooks> Chris: more transparent we are, the less opt-out we are seeing
20:02:33 <Brooks> Justin: harm is the lifetime history
20:03:06 <Brooks> Justin: DNT is supposed to fix original problem of cookie opt out fragility
20:04:05 <Brooks> Chris: Assurance that buy side got what it bought is important
20:07:46 <Brooks> Haakoin: we should be able to limit purpose and come to some kind of retention limit
20:30:44 <afowler> afowler has joined #dnta
20:36:22 <fielding> rrsagent, list attendees
20:36:22 <RRSAgent> I'm logging. I don't understand 'list attendees', fielding.  Try /msg RRSAgent help
20:36:45 <fielding> rrsagent, draft minutes
20:36:45 <RRSAgent> I have made the request to generate http://www.w3.org/2013/02/11-dnta-minutes.html fielding
20:36:54 <npdoty> Zakim, list attendees
20:36:54 <Zakim> sorry, npdoty, I don't know what conference this is
20:37:10 <npdoty> Zakim, this is 26631
20:37:10 <Zakim> ok, npdoty; that matches Team_(dnta)18:30Z
20:37:13 <npdoty> Zakim, list attendees
20:37:13 <Zakim> As of this point the attendees have been [Mozilla], [Microsoft], MIT-G451
20:37:27 <npdoty> rrsagent, draft minutes
20:37:27 <RRSAgent> I have made the request to generate http://www.w3.org/2013/02/11-dnta-minutes.html npdoty
20:42:00 <haakonfb> haakonfb has joined #dnta
20:55:01 <Zakim> disconnecting the lone participant, MIT-G451, in Team_(dnta)18:30Z
20:55:03 <Zakim> Team_(dnta)18:30Z has ended
20:55:03 <Zakim> Attendees were [Mozilla], [Microsoft], MIT-G451
20:56:01 <peterswire> peterswire has joined #dnta
21:04:17 <haakonfb> haakonfb has left #dnta
21:16:49 <schunter> schunter has joined #dnta
21:27:27 <afowler> afowler has joined #dnta
21:27:48 <afowler> afowler has joined #dnta
21:33:15 <schunter> schunter has joined #dnta
21:38:56 <tlr> rrsagent, draft minutes
21:38:56 <RRSAgent> I have made the request to generate http://www.w3.org/2013/02/11-dnta-minutes.html tlr
21:54:27 <peterswire> peterswire has joined #dnta
22:04:56 <schunter> schunter has joined #dnta
22:58:17 <afowler> afowler has joined #dnta
23:05:04 <afowler> afowler has left #dnta
23:06:54 <Zakim> Zakim has left #dnta