W3C

- DRAFT -

SV_MEETING_TITLE

11 Feb 2013

See also: IRC log

Attendees

Present
[Mozilla], [Microsoft], MIT-G451
Regrets
Chair
SV_MEETING_CHAIR
Scribe
haakonfb, chapell, brooks

Contents

<justin> Hello all!

<haakonfb> +1.617.761.6200, conference code 26631

<justin> scribenick: haakonfb

Justin: I was not aware until moments ago. Peter emailed me a bunch of questions for us to explore

… related to the last slide he was talking about - reading pseudonymously

… first key question. Our lifetime browsing history can be collected by third parties

… collection of all the stuff we do over time

… your ISP collects all your URIs throughout your history

Alan: What can collect all of all of your web browsing history

Justin: Like buttons can get the most. No one can collect lifetime browsing history

Chris: The data collected by one entity

Brooke Dobbs: Who can keep track over a substantial amount of time

Justin: Someone can see a bunch of you. About third parties that can se a bunch of you

Chris: Conversation with Peter. He talked about complete browsing history potential sensitive information

Justin: A browsing history over substantial time can be privacy sensitive

Chris: Someone passes on email address etc inline in the URI

… or triangulate different pieces of data that individually are non-personal

Amy: Identifiable vs getting down to a list of fewer of 10 people.

… public library reading history. Could get to that this is probably Amy.

Alex: Just as background. Research over last six month on stored browser history with users.

… perception of sensitivity vs personal identifiable information

… not possible to link to identifiable persons, but topics of sensitivity. People feel uncomfortable that this is collected.

Justin: Just the fact that a third party has a record that their computer records they visited a site is sensitive?

Alex: People provided data under double opt-in. 10-20 users provided their complete browsing history. The most visited sites were related to them in a way they felt sensitive

… lot of concerns if this data was to be used for anything.

Chris: There is the idea that someone collects information that cannot be linked to a user, but risk of re-association.

… Peter were probing about: If we would limit the retention period, is this a win for privacy?

Justin: But security reasons for keeping the URL

Chris: Information + how it is accessed. Security and fraud detection teams want to keep all log data to audit for security reasons.

… this is a very controlled environment

… need to decouple this from online advertising where we deliver an add based on profile

… how do we get bad actors out of the ecosystem. Need to use forensic data to keep bad actors out.

Justin: Data can be accessed by the government.

Chris: Government access to URI information. Will not get that from publishers.

Justin: DNT will apply for sites relevant for governments

Alex: number of blog posts about this.

… certainly are ways URIs can be kept client side and exposed via APIs. Make server side profiles redundant. Already testing with publishers. Future innovation as relates to browsing history.

Chris: Reality - trading building trillion of dollars on a system that is server side. It takes time to get that innovation in the marketplace.

Justin: we are not there now or at the time DNT is deployed. We will still need to handle server side collection

Chris: Change in a big revenue factor has to be taken cautiously.

Justin: The wish not to be watched is independent of the purpose of the collection.

Brooks: It is a fundamental thing. When you consume something from a publisher but there is a fundamental value exchange.

Justin: Let's call it interest - not right

Brooks: Is it a fair assumption. There will always be a value exchange.

Amy: Come up with something that preserve user interests but does not alter the value proposition.

Chris: Users have already has an expectation on reading and receiving adds that are relevant for them

… It's creepy because it happens. But lot of things users are not concerned about

… when you turn on the television set (free to air television). Free television as exchange for ads

Justin: Adds yes - data: no

Brooks: Miscommunication - value exchange - seen the add OR seen the add AND the data

Rick: From a consumer perspective: I can't tell you unless re-targeted.

… mentality that this is the "crap" direct marketing industry.

Chris: One thing is confused: Some think that ads are served to an individual person.

… ads are served in buckets/segments

Alex: Your folks might think they interact with CNN etc, but in addition there is the third parties.

… the third party dimension changes the value exchange

… the third parties provide value to publishers and users, but not accountable towards users

Chris: DAA program: Accountable towards users in a transparent way.

Alex: Two dimensions: 1) Is a consumer aware that there is multiple parties. Awareness is not part of the mental model of the consumers. Want to make sure that a consumers is aware of the total picture

Chris: The press writes about it. The story is getting to the surface. How can DNT get the message to the users

Alan: We are way off original question.

… what happens if DNT means you cannot collect these URLs for advertisement purposes

Chris: let's assume that holding this long list of full URIs is negative?

Brooks: Why do we think that collecting URIs has something to do with tracking.

… if I'm Levis and pay for reaching women in Spocana, Washington, I need this as evidence I get what I paid for.

… we can solve this targeting problem, but it is needed for financial reports.

Justin: 1) How long need to keep? 2) What do you do with Apple devices

Brooks: Don't serve the ads to Apple devices (don't serve if you can't make reports)

… how long depends how big campaign, and how strict the ads purchaser is.

Chris: from a publisher perspective - from targeting perspective - don't need it for long.

Alan: Is there a way to roll up this to the domain level?

Brooks: Depends upon what's sold.

Justin: Low-entropy cookies will not fix this

Chris: one year for logs?

Brooks: Not the industry - the individual purchasers of ads

Chris: IRS - keep records for 7 years.

<peterswire> global

<peterswire> sorry, disregard

Justin: EFF has given in on IP-addresses. Keep IP-addresses for these purposes.

<justin> scribenick: chapell

Chris - on the buy thru, its a first party relationship at that point, the user has clicked thru

brooks - talking about impression fraud

brooks: need to have DoubleVerify in the discussion

Chris: two diff practices --- 1. targeting and 2. verifying that what I bought is what I got

rick: ebay looks at fraud a bit more broadly

Chris: if you buy on an MRC accredited source, a publisher, then the auditor has checked to see that you are filtering bot traffic.

Justin: still want to collect info for limited buckets... no targeting, but other uses might be ok... but once you go down that route, and you define fraud too broadly, then the exception swallows the rule

Brooks: Do we care that Levi's keeps a record of everywhere that they saw you?
... its the advertiser, and not just the ad networks
... ad networks have similar needs to advertisers

Justin: is there a logical distinction between retention periods for different players?
... the goal here is to find practical ways to forestall the scenario where DNT results in the exact same amount of info as no DNT

Brooks: 65% of the $40 billion ad spend is performance marketing

Justin: users don't have a broken experience on apple devices.

Brooks: that's not the question... the question is "what happens if everyone is significantly more difficult to measure"?
... what if all browsers did the same thing as safari? How does that impact the ability to measure and trust one's ad buy (as an advertiser or ad network)?

Afowler: Is there an alternative approach where one could still have the record that one needs to proove that they got what they delivered?

Brooks: is there a third party we can trust who DOES have that info? (and then others don't need that info)

Justin: retention has some inherent risks, but they can be minimized (potentially - but pretty difficult)

HaaKon: in the balancing of things the idea of some retention could be ok, but we need to minimize the hit to the ecosystem

Justin: a few trusted parties having some info is better than all parties having all (or nearly all) of the data

Chris: MRC call --- some confusion --- accredidation against the MRC standards is different than an audit... they won't accredit against things that don't meet their guidelines

Brooks: you want some proof that you have received something for your $$$$

Chris: MRC accredidation process.... what is being baught versus what is being sold is something that is done on a year to year basis

Brooks: buyers feel better about inventory because they have their own independent means of verifying their ad spend

Justin: at some point, the descriptor can be so specific that there is no distinction between the URI and the category segment
... the attributes - when combined - at some point become identifiable

Amyc: the key might be to roll up the data post collection --

Justin: the threat model is not limited to the collection of URIs, the threat is the compilation of categories (based upon the URI) that is tied to a UID

Chris: Once someone starts visiting sensitive websites and having those segments tied to you (e.g., HIV, STD) , if industry agrees to NOT touch those segments or URIs, then isn't that a meaningful step forward?

Haakon: URI and sensitivity of segments are really important

Justin: can we strip out traditional PII from the data stream as well?
... can we strip out traditional PII from the data stream as well?

<amyc_> had to drop off for another call

<amyc_> great discussion

<justin> scribenick: brooks

Justin: does DAA prohibit retargeting?

<afowler> I dropped off, too. I'll be back in in an hour or so.

Chris: Retargeting not Behavioral
... should there be "good practices" for retargeting?
... education component needs to be improved
... there could be standards on user education
... more transparent we are, the less opt-out we are seeing

Justin: harm is the lifetime history
... DNT is supposed to fix original problem of cookie opt out fragility

Chris: Assurance that buy side got what it bought is important

Haakoin: we should be able to limit purpose and come to some kind of retention limit

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.137 (CVS log)
$Date: 2013/02/11 21:39:31 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.137  of Date: 2012/09/20 20:19:01  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/adds/ads/
Found ScribeNick: haakonfb
Found ScribeNick: chapell
Found ScribeNick: brooks
Inferring Scribes: haakonfb, chapell, brooks
Scribes: haakonfb, chapell, brooks
ScribeNicks: haakonfb, chapell, brooks

WARNING: No "Topic:" lines found.

Default Present: [Mozilla], [Microsoft], MIT-G451
Present: [Mozilla] [Microsoft] MIT-G451

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting


WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 11 Feb 2013
Guessing minutes URL: http://www.w3.org/2013/02/11-dnta-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report
[End of scribe.perl diagnostic output]