See also: IRC log
<justin> Hello all!
<haakonfb> +1.617.761.6200, conference code 26631
<justin> scribenick: haakonfb
Justin: I was not aware until moments ago. Peter emailed me a bunch of questions for us to explore
… related to the last slide he was talking about - reading pseudonymously
… first key question. Our lifetime browsing history can be collected by third parties
… collection of all the stuff we do over time
… your ISP collects all your URIs throughout your history
Alan: What can collect all of all of your web browsing history
Justin: Like buttons can get the most. No one can collect lifetime browsing history
Chris: The data collected by one entity
Brooke Dobbs: Who can keep track over a substantial amount of time
Justin: Someone can see a bunch of you. About third parties that can se a bunch of you
Chris: Conversation with Peter. He talked about complete browsing history potential sensitive information
Justin: A browsing history over substantial time can be privacy sensitive
Chris: Someone passes on email address etc inline in the URI
… or triangulate different pieces of data that individually are non-personal
Amy: Identifiable vs getting down to a list of fewer of 10 people.
… public library reading history. Could get to that this is probably Amy.
Alex: Just as background. Research over last six month on stored browser history with users.
… perception of sensitivity vs personal identifiable information
… not possible to link to identifiable persons, but topics of sensitivity. People feel uncomfortable that this is collected.
Justin: Just the fact that a third party has a record that their computer records they visited a site is sensitive?
Alex: People provided data under double opt-in. 10-20 users provided their complete browsing history. The most visited sites were related to them in a way they felt sensitive
… lot of concerns if this data was to be used for anything.
Chris: There is the idea that someone collects information that cannot be linked to a user, but risk of re-association.
… Peter were probing about: If we would limit the retention period, is this a win for privacy?
Justin: But security reasons for keeping the URL
Chris: Information + how it is accessed. Security and fraud detection teams want to keep all log data to audit for security reasons.
… this is a very controlled environment
… need to decouple this from online advertising where we deliver an add based on profile
… how do we get bad actors out of the ecosystem. Need to use forensic data to keep bad actors out.
Justin: Data can be accessed by the government.
Chris: Government access to URI information. Will not get that from publishers.
Justin: DNT will apply for sites relevant for governments
Alex: number of blog posts about this.
… certainly are ways URIs can be kept client side and exposed via APIs. Make server side profiles redundant. Already testing with publishers. Future innovation as relates to browsing history.
Chris: Reality - trading building trillion of dollars on a system that is server side. It takes time to get that innovation in the marketplace.
Justin: we are not there now or at the time DNT is deployed. We will still need to handle server side collection
Chris: Change in a big revenue factor has to be taken cautiously.
Justin: The wish not to be watched is independent of the purpose of the collection.
Brooks: It is a fundamental thing. When you consume something from a publisher but there is a fundamental value exchange.
Justin: Let's call it interest - not right
Brooks: Is it a fair assumption. There will always be a value exchange.
Amy: Come up with something that preserve user interests but does not alter the value proposition.
Chris: Users have already has an expectation on reading and receiving adds that are relevant for them
… It's creepy because it happens. But lot of things users are not concerned about
… when you turn on the television set (free to air television). Free television as exchange for ads
Justin: Adds yes - data: no
Brooks: Miscommunication - value exchange - seen the add OR seen the add AND the data
Rick: From a consumer perspective: I can't tell you unless re-targeted.
… mentality that this is the "crap" direct marketing industry.
Chris: One thing is confused: Some think that ads are served to an individual person.
… ads are served in buckets/segments
Alex: Your folks might think they interact with CNN etc, but in addition there is the third parties.
… the third party dimension changes the value exchange
… the third parties provide value to publishers and users, but not accountable towards users
Chris: DAA program: Accountable towards users in a transparent way.
Alex: Two dimensions: 1) Is a consumer aware that there is multiple parties. Awareness is not part of the mental model of the consumers. Want to make sure that a consumers is aware of the total picture
Chris: The press writes about it. The story is getting to the surface. How can DNT get the message to the users
Alan: We are way off original question.
… what happens if DNT means you cannot collect these URLs for advertisement purposes
Chris: let's assume that holding this long list of full URIs is negative?
Brooks: Why do we think that collecting URIs has something to do with tracking.
… if I'm Levis and pay for reaching women in Spocana, Washington, I need this as evidence I get what I paid for.
… we can solve this targeting problem, but it is needed for financial reports.
Justin: 1) How long need to keep? 2) What do you do with Apple devices
Brooks: Don't serve the ads to Apple devices (don't serve if you can't make reports)
… how long depends how big campaign, and how strict the ads purchaser is.
Chris: from a publisher perspective - from targeting perspective - don't need it for long.
Alan: Is there a way to roll up this to the domain level?
Brooks: Depends upon what's sold.
Justin: Low-entropy cookies will not fix this
Chris: one year for logs?
Brooks: Not the industry - the individual purchasers of ads
Chris: IRS - keep records for 7 years.
<peterswire> global
<peterswire> sorry, disregard
Justin: EFF has given in on IP-addresses. Keep IP-addresses for these purposes.
<justin> scribenick: chapell
Chris - on the buy thru, its a first party relationship at that point, the user has clicked thru
brooks - talking about impression fraud
brooks: need to have DoubleVerify in the discussion
Chris: two diff practices --- 1. targeting and 2. verifying that what I bought is what I got
rick: ebay looks at fraud a bit more broadly
Chris: if you buy on an MRC accredited source, a publisher, then the auditor has checked to see that you are filtering bot traffic.
Justin: still want to collect info for limited buckets... no targeting, but other uses might be ok... but once you go down that route, and you define fraud too broadly, then the exception swallows the rule
Brooks: Do we care that Levi's
keeps a record of everywhere that they saw you?
... its the advertiser, and not just the ad networks
... ad networks have similar needs to advertisers
Justin: is there a logical
distinction between retention periods for different
players?
... the goal here is to find practical ways to forestall the
scenario where DNT results in the exact same amount of info as
no DNT
Brooks: 65% of the $40 billion ad spend is performance marketing
Justin: users don't have a broken experience on apple devices.
Brooks: that's not the
question... the question is "what happens if everyone is
significantly more difficult to measure"?
... what if all browsers did the same thing as safari? How does
that impact the ability to measure and trust one's ad buy (as
an advertiser or ad network)?
Afowler: Is there an alternative approach where one could still have the record that one needs to proove that they got what they delivered?
Brooks: is there a third party we can trust who DOES have that info? (and then others don't need that info)
Justin: retention has some inherent risks, but they can be minimized (potentially - but pretty difficult)
HaaKon: in the balancing of things the idea of some retention could be ok, but we need to minimize the hit to the ecosystem
Justin: a few trusted parties having some info is better than all parties having all (or nearly all) of the data
Chris: MRC call --- some confusion --- accredidation against the MRC standards is different than an audit... they won't accredit against things that don't meet their guidelines
Brooks: you want some proof that you have received something for your $$$$
Chris: MRC accredidation process.... what is being baught versus what is being sold is something that is done on a year to year basis
Brooks: buyers feel better about inventory because they have their own independent means of verifying their ad spend
Justin: at some point, the
descriptor can be so specific that there is no distinction
between the URI and the category segment
... the attributes - when combined - at some point become
identifiable
Amyc: the key might be to roll up the data post collection --
Justin: the threat model is not limited to the collection of URIs, the threat is the compilation of categories (based upon the URI) that is tied to a UID
Chris: Once someone starts visiting sensitive websites and having those segments tied to you (e.g., HIV, STD) , if industry agrees to NOT touch those segments or URIs, then isn't that a meaningful step forward?
Haakon: URI and sensitivity of segments are really important
Justin: can we strip out
traditional PII from the data stream as well?
... can we strip out traditional PII from the data stream as
well?
<amyc_> had to drop off for another call
<amyc_> great discussion
<justin> scribenick: brooks
Justin: does DAA prohibit retargeting?
<afowler> I dropped off, too. I'll be back in in an hour or so.
Chris: Retargeting not
Behavioral
... should there be "good practices" for retargeting?
... education component needs to be improved
... there could be standards on user education
... more transparent we are, the less opt-out we are seeing
Justin: harm is the lifetime
history
... DNT is supposed to fix original problem of cookie opt out
fragility
Chris: Assurance that buy side got what it bought is important
Haakoin: we should be able to limit purpose and come to some kind of retention limit
This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/adds/ads/ Found ScribeNick: haakonfb Found ScribeNick: chapell Found ScribeNick: brooks Inferring Scribes: haakonfb, chapell, brooks Scribes: haakonfb, chapell, brooks ScribeNicks: haakonfb, chapell, brooks WARNING: No "Topic:" lines found. Default Present: [Mozilla], [Microsoft], MIT-G451 Present: [Mozilla] [Microsoft] MIT-G451 WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Got date from IRC log name: 11 Feb 2013 Guessing minutes URL: http://www.w3.org/2013/02/11-dnta-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]