18:17:09 <RRSAgent> RRSAgent has joined #dntb
18:17:09 <RRSAgent> logging to http://www.w3.org/2013/02/11-dntb-irc
18:17:24 <fielding> fielding has joined #dntb
18:20:17 <vinay> vinay has joined #dntb
18:20:28 <hefferjr_> hefferjr_ has joined #dntb
18:20:42 <Joanne_> Joanne_ has joined #dntb
18:21:30 <jmayer> jmayer has joined #dntb
18:21:46 <wseltzer> wseltzer has joined #dntb
18:29:48 <kulick> kulick has joined #dntb
18:31:09 <robsherman_> robsherman_ has joined #dntb
18:34:26 <jmayer> BRB
18:35:09 <npdoty> npdoty has joined #dntb
18:36:06 <npdoty> Zakim, code?
18:36:06 <Zakim> sorry, npdoty, I don't know what conference this is
18:36:11 <npdoty> Zakim, this will be 26632
18:36:11 <Zakim> ok, npdoty; I see Team_(dntb)18:30Z scheduled to start 6 minutes ago
18:36:14 <npdoty> Zakim, code?
18:36:14 <Zakim> the conference code is 26632 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), npdoty
18:36:54 <kulick> i am hearing nothing on the phone
18:37:46 <kulick> okay... just making sure... thx
18:38:08 <Joanne_> thanks Nick
18:39:34 <dwainberg> dwainberg has joined #dntb
18:39:54 <fielding> now being heard
18:40:03 <vinay> yep
18:40:20 <dwainberg> hello
18:40:30 <Joanne_> hello
18:40:58 <Paul_G> Paul_G has joined #dntb
18:41:14 <marc> marc has joined #dntb
18:42:35 <npdoty> can someone scribe this?
18:42:37 <fielding> npdoty, can you type the questions in irc when you get a chance?
18:42:46 <npdoty> “Lifetime browsing history” is a phrase that is often used, but never defined clearly. What would LBH mean as a technical matter?
18:42:52 <npdoty> In light of this definition, what technical measures would suppress or delete LBH?
18:45:44 <tlr> tlr has joined #dntb
18:45:56 <kulick> Is someone breathing heavily into their microphone? Could everyone please check if they are? It is making it difficult to hear on the phone.
18:46:08 <npdoty> Zakim, who is making noise?
18:46:08 <Zakim> sorry, npdoty, I don't know what conference this is
18:46:13 <npdoty> Zakim, this is 26632
18:46:13 <Zakim> ok, npdoty; that matches Team_(dntb)18:30Z
18:47:08 <jmayer> back
18:47:18 <npdoty> scribenick: npdoty
18:47:34 <npdoty> endpoints vs. isp's or browsers or browser plugins
18:47:42 <npdoty> dwainberg: what the concern is?
18:48:39 <npdoty> jmayer: do we have ambiguity on that point?
18:49:09 <vinay> Are we being tasked to define a hypothetical scenario?
18:49:45 <npdoty> jmayer: the URLs that a user has visited
18:49:46 <chadhage_nielsen> chadhage_nielsen has joined #dntb
18:50:23 <fielding> "URLs the user has visited"? Does that include third-party URLs? Does it include single-site knowledge vs cross-site knowledge?
18:51:00 <npdoty> jmayer: difference between URLs on a single site, and URLs across multiple sites
18:51:16 <npdoty> dwainberg: kind of new to focus on browsing history
18:51:34 <jmayer> I don't think there's anything new here.  The EFF/Mozilla/Stanford proposal focuses extensively on linkability of user activity.
18:52:27 <fielding> not relevant to this discussion
18:53:35 <fielding> s/not relevant/current discussion on phone is not relevant/
18:55:01 <npdoty> npdoty: a definition could be: "list of URLs a user visited on multiple sites"
18:55:20 <fielding> so, LBH is collection of URIs visited over time beyond the scope of a single first party?
18:55:59 <peterswire> peterswire has joined #dntb
18:56:02 <peterswire> #dntc
18:56:16 <npdoty> marc: but for a large first party (AOL owns many different publications), that party might know URLs I've visited on Huffington Post and other publications
18:56:51 <peterswire> rrsagent, make record world
18:56:59 <npdoty> jmayer: we've made progress on first vs. third party, can we agree with that?
18:57:04 <npdoty> room: yeah
18:57:15 <npdoty> paul: is the harm the transfer to a third party?
18:58:14 <fielding> assume there is no harm and solve the technical issue for the sake of not having to meet forever
18:58:39 <npdoty> jmayer: had the questions on harm already
18:58:49 <npdoty> npd: repeat of our high-level questions
18:58:49 <vinay> wouldn't LBH mean = the collection of all URLs the user visits (spanning all sites).
19:00:17 <fielding> let's assume lifetime == more than the current browsing session and less than browser product lifetime
19:00:18 <npdoty> marc: retention policies, and minimization policies
19:01:15 <kulick> agree with vinay
19:01:17 <npdoty> dwainberg: different amounts of time vs different breadths of sites -- not sure there's a quantitative limit
19:01:31 <Zakim> -Jonathan_Mayer
19:02:00 <npdoty> dwainberg: domain vs. full URI; retained in a linkable or unlinked form
19:02:51 <npdoty> npd: could we accomplish business cases with just the domain?
19:03:29 <fielding> The parts of the URI that are needed to retain depends on who is doing the collecting.
19:03:56 <BillScannell_> BillScannell_ has joined #dntb
19:04:30 <npdoty> npd: minimization of reducing just to domain (rather than path or parameters) could help with privacy concerns
19:05:05 <npdoty> dwainberg: limit to a legitimate business purpose (not disclosed publicly but to an auditor)
19:06:08 <fielding> npdoty, I'd be shocked if folks who think "what you read" is private would be willing to accept domains as "private enough".
19:08:13 <npdoty> ronan: want time limits on retention in addition to amount of data collected
19:08:54 <npdoty> dwainberg: but that could fix the maximum too high
19:09:37 <npdoty> fielding: most concerns are about domain viewing, rather than page viewing
19:10:01 <npdoty> ... technical: not save the data
19:10:11 <npdoty> ... 2) cryptographically hash the data
19:10:21 <npdoty> ... ... strong enough to not be easily broken
19:10:39 <npdoty> ... ... save categories/buckets associated with a URL, rather than the URL itself
19:12:15 <peterswire> peterswire has joined #dntb
19:12:46 <npdoty> dwainberg: for many businesses, it's true, but ability to target depends on the time collected
19:14:30 <npdoty> ... converting URLs into interest categories can be done in a very short time
19:14:46 <npdoty> ... reporting might need the domain or path for a longer period of time
19:15:34 <fielding> vinay: some ad reporting requires proof of the negative -- that a given ad did not appear next to a competitor or on a "bad" site
19:15:48 <dwainberg> (adding some notes, to be sure it's clear)
19:16:42 <dwainberg> For targeting purposes, most 3rd party biz models, have limited need for full URI to be retained -- some 2 secs, some 2 days, some not much longer. For targeting only, there is not a long term need for the URIs.
19:17:15 <dwainberg> However, for measurement, billing, etc, there is a longer term need to retain URI, or at least domain information.
19:18:57 <npdoty> npdoty: could retain full URI but not retain a user identifier
19:20:26 <npdoty> ronan: frequency capping might be a case that requires user identifer
19:20:43 <npdoty> dwainberg: attribution or conversion tracking
19:23:02 <peterswire> peterswire has joined #dntb
19:26:05 <npdoty> dwainberg: what is the harm? if it's data breach, then that requires a different set of solution
19:26:31 <fielding> it sounds like what we are saying is that the mechanical means to suppress LBH will have to differ based on the purpose and timeframe of permitted use
19:27:02 <npdoty> npdoty: concerns identified have been multiple: data breach, government access, malicious use, or just the presence/retention: why does this site know that about me? (trying to give a very brief summary)
19:31:04 <fielding> Another way to look at it … one can disassociate LBH by either 1) reduce data collected about BH; or, 2) remove association of BH with the user/agent/device
19:31:25 <npdoty> +1 to fielding
19:32:53 <npdoty> Are there any compelling use cases for retaining detailed browsing history beyond a general time limit on retention?
19:32:59 <npdoty> If so, how would you limit those use cases consistent with the goals of: (1) limiting LBH; while (2) enabling “buckets” or “low-entropy cookies”?
19:35:55 <npdoty> defining browsing history: URLs (including domain, path, parameters) across multiple sites beyond a session (or request?)
19:36:46 <fielding> Leave it as a question: what would the user find as an acceptable lifetime for their BH? Browsers keep 14 days.
19:38:55 <npdoty> fielding: common default configuration of a browser is keeping history data for 14 days
19:39:25 <npdoty> ronan: but cache could potentially be a lot longer
19:39:40 <npdoty> dwainberg: we should be vague about the length of time
19:40:40 <npdoty> ronan: history might also refer to the content
19:41:02 <schunter> schunter has joined #dntb
19:42:03 <npdoty> npdoty: similarly sensitive profile in the ads that I've seen, not just the articles I've read online
19:43:38 <fielding> I am not following the freq capping use case -- it does not mean that you keep a list of every ad seen
19:43:43 <npdoty> ronan: need to keep a list / history of all the ads he had seen
19:47:44 <npdoty> dwainberg: data isn't kept in a single list, would have to join multiple tables
19:47:57 <npdoty> npdoty: does that make a distinction for a user concern?
19:48:38 <npdoty> dwainberg: less likely for an attacker to breach multiple tables/databases at the same time
19:49:02 <npdoty> ... reduce the concern if you have good internal operational controls
19:50:17 <Joanne_> its 3:15
19:53:26 <dsinger> dsinger has joined #dntb
19:54:08 <npdoty> paul: "lifetime browsing history" a scarier term than our scoped definition
19:54:43 <npdoty> ... correctly captured the two general techniques (reducing data, or de-identifying)
19:55:53 <npdoty> ... users using multiple devices
19:56:06 <npdoty> ... most third parties don't have a Web-wide breadth
19:58:09 <npdoty> paul: can draw a bright line, but depends on purposes
20:00:06 <peterswire> peterswire has joined #dntb
20:03:13 <fielding> zakim, who is making noise?
20:03:24 <Zakim> fielding, listening for 10 seconds I heard sound from the following: hefferjr (53%), +1.617.253.aaaa (35%)
20:03:39 <fielding> zakim, mute hefferjr
20:03:39 <Zakim> hefferjr should now be muted
20:04:32 <fielding> suppressed LBH
20:05:31 <fielding> it isn't quite the same as de-identification since there is still some potential of identifying within the context (e.g., user sends their own name in submit)
20:08:12 <hefferjr_> zakim, unmute hefferjr
20:08:12 <Zakim> hefferjr should no longer be muted
20:10:03 <npdoty> third dimension of time, keeping a history for only a minute or only a hour might satisfy suppressing lifetime browsing history
20:11:20 <npdoty> regarding technical measures, can suppress on any of those three
20:11:59 <fielding> hash by site, hash by campaign, hash with limited lifetime salt
20:12:11 <npdoty> deleting data (addressing time); reducing specificity of data (so that you have less than "domain"); removing association to a user (either "de-identified" or aggregation)
20:15:35 <npdoty> dwainberg: use cases -- targeting is easier under suppressing history than financial reporting
20:17:37 <npdoty> fielding: can hash a user to a campaign rather than having a full list of ads seen by a user?
20:17:40 <fielding> more expensive to process identifier when hashed by campaign, but the process is trivially parallel (meaning it can be done at scale)
20:17:47 <npdoty> ronan: more computationally expensive to do so, though
20:18:07 <npdoty> dimensions: data -> full URI; domain & path; domain; extracted category data
20:18:25 <npdoty> assocation -> uid; de-id*; aggregate
20:18:32 <npdoty> time -> [continuous]
20:19:02 <fielding> okay
20:19:05 <Zakim> -kulick
20:19:06 <Zakim> -vinay
20:19:06 <Zakim> -Joanne
20:19:08 <Zakim> -hefferjr
20:19:08 <Zakim> -Fielding
20:19:09 <Joanne_> thanks
20:19:09 <npdoty> rrsagent, draft minutes
20:19:09 <RRSAgent> I have made the request to generate http://www.w3.org/2013/02/11-dntb-minutes.html npdoty
20:19:54 <Zakim> - +1.617.253.aaaa
20:19:55 <Zakim> Team_(dntb)18:30Z has ended
20:19:55 <Zakim> Attendees were vinay, Jonathan_Mayer, hefferjr, kulick, Joanne, Fielding, +1.617.253.aaaa
20:24:36 <dsinger> dsinger has joined #dntb
20:37:40 <npdoty> rrsagent, draft minutes
20:37:40 <RRSAgent> I have made the request to generate http://www.w3.org/2013/02/11-dntb-minutes.html npdoty
20:37:44 <npdoty> rrsagent, make logs public
20:37:48 <npdoty> rrsagent, draft minutes
20:37:48 <RRSAgent> I have made the request to generate http://www.w3.org/2013/02/11-dntb-minutes.html npdoty
20:43:58 <dsinger> dsinger has joined #dntb
20:56:01 <peterswire> peterswire has joined #dntb
21:09:05 <dsinger> dsinger has joined #dntb
21:16:49 <schunter> schunter has joined #dntb
21:33:15 <schunter> schunter has joined #dntb
21:38:47 <tlr> rrsagent, draft minutes
21:38:47 <RRSAgent> I have made the request to generate http://www.w3.org/2013/02/11-dntb-minutes.html tlr
21:54:27 <peterswire> peterswire has joined #dntb
22:04:56 <schunter> schunter has joined #dntb
22:19:38 <dsinger> dsinger has joined #dntb
22:36:49 <Zakim> Zakim has left #dntb