IRC log of dnt on 2013-02-27

Timestamps are in UTC.

16:49:20 [RRSAgent]
RRSAgent has joined #dnt
16:49:20 [RRSAgent]
logging to http://www.w3.org/2013/02/27-dnt-irc
16:49:22 [trackbot]
RRSAgent, make logs world
16:49:22 [Zakim]
Zakim has joined #dnt
16:49:24 [trackbot]
Zakim, this will be
16:49:24 [Zakim]
I don't understand 'this will be', trackbot
16:49:25 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
16:49:25 [trackbot]
Date: 27 February 2013
16:49:37 [tlr]
zakim, this will be TRACK
16:49:37 [Zakim]
ok, tlr; I see T&S_Track(dnt)12:00PM scheduled to start in 11 minutes
16:50:10 [npdoty]
npdoty has joined #dnt
16:51:58 [npdoty]
Zakim, agenda?
16:51:58 [Zakim]
I see nothing on the agenda
16:52:29 [eberkower]
eberkower has joined #dnt
16:52:59 [Zakim]
T&S_Track(dnt)12:00PM has now started
16:53:06 [Zakim]
+ +1.646.654.aaaa
16:53:17 [eberkower]
Zakim, aaaa is eberkower
16:53:18 [Zakim]
+eberkower; got it
16:54:12 [npdoty]
agenda+ confirmation of scribe
16:54:26 [npdoty]
agenda+ assigning action items
16:54:33 [npdoty]
agenda+ discussing assigned actions
16:54:43 [npdoty]
agenda+ presentation on mozilla patch
16:54:53 [tlr]
zakim, call thomas-781
16:54:53 [Zakim]
ok, tlr; the call is being made
16:54:55 [Zakim]
+Thomas
16:55:12 [tlr]
zakim, I am thomas
16:55:12 [Zakim]
ok, tlr, I now associate you with Thomas
16:55:14 [tlr]
zakim, mute me
16:55:14 [Zakim]
Thomas should now be muted
16:56:14 [Zakim]
+[IPcaller]
16:56:22 [moneill2]
zakim, [ipcaller] is me
16:56:22 [Zakim]
+moneill2; got it
16:56:36 [peterswire]
peterswire has joined #dnt
16:57:11 [Zakim]
+npdoty
16:57:44 [efelten]
efelten has joined #dnt
16:58:07 [Yianni]
Yianni has joined #DNT
16:58:08 [fielding]
fielding has joined #dnt
16:58:11 [jeffwilson]
jeffwilson has joined #dnt
16:58:16 [Zakim]
+peterswire
16:58:31 [rigo]
rigo has joined #dnt
16:58:41 [Zakim]
+ +1.609.258.aabb
16:58:42 [JC]
JC has joined #DNT
16:58:51 [efelten]
Zakim, aabb is me
16:58:51 [Zakim]
+efelten; got it
16:58:53 [Zakim]
+Yianni
16:59:00 [Zakim]
+ +1.202.331.aacc
16:59:03 [Zakim]
+[Microsoft]
16:59:06 [phildpearce]
phildpearce has joined #dnt
16:59:09 [rigo]
zakim, code?
16:59:09 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), rigo
16:59:12 [aleecia]
aleecia has joined #dnt
16:59:19 [Zakim]
+PhilPearce
16:59:32 [Joanne]
Joanne has joined #DNT
16:59:35 [Zakim]
-npdoty
16:59:47 [Zakim]
+Rigo
16:59:49 [Zakim]
+ +1.949.573.aadd
16:59:51 [rvaneijk]
rvaneijk has joined #dnt
16:59:56 [Yianni]
Zakim, mute Yianni
16:59:56 [Zakim]
Yianni should now be muted
16:59:56 [rigo]
zakim, mute me
16:59:57 [Zakim]
Rigo should now be muted
16:59:58 [Zakim]
+Aleecia
17:00:02 [hefferjr]
hefferjr has joined #dnt
17:00:07 [Zakim]
+Amy_Colando
17:00:08 [Zakim]
+ +1.917.934.aaee
17:00:08 [sidstamm]
sidstamm has joined #dnt
17:00:12 [fielding]
zakim, aadd is fielding
17:00:12 [Zakim]
+fielding; got it
17:00:13 [Zakim]
+npdoty
17:00:16 [Zakim]
+Joanne
17:00:19 [susanisrael]
susanisrael has joined #dnt
17:00:21 [aleecia_]
aleecia_ has joined #dnt
17:00:23 [Zakim]
+Chris_Pedigo
17:00:26 [tlr]
zakim, aaee is probably achappell
17:00:26 [Zakim]
+achappell?; got it
17:00:31 [David_MacMillan]
David_MacMillan has joined #dnt
17:00:32 [aleecia_]
Wil be heavily multitasking and not able to speak or type for large portions today's
17:00:38 [jchester2]
jchester2 has joined #dnt
17:00:49 [Zakim]
+ +1.631.803.aaff
17:00:52 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
17:01:00 [justin_]
justin_ has joined #dnt
17:01:02 [Zakim]
+[Mozilla]
17:01:05 [sidstamm]
Zakim, Mozilla has sidstamm
17:01:05 [Zakim]
+sidstamm; got it
17:01:08 [Zakim]
+ +49.172.147.aagg
17:01:08 [Zakim]
+ +1.650.787.aahh - is perhaps BillScannell
17:01:09 [npdoty]
volunteer for scribing second half of the call?
17:01:15 [Zakim]
+jchester2
17:01:16 [schunter]
Zakim, aagg is schunter
17:01:16 [Zakim]
+schunter; got it
17:01:19 [jchester2]
zakim, mute me
17:01:19 [Zakim]
jchester2 should now be muted
17:01:23 [npdoty]
Zakim, who is on the phone?
17:01:23 [Zakim]
On the phone I see eberkower, Thomas (muted), moneill2, peterswire, efelten, Yianni (muted), +1.202.331.aacc, [Microsoft], PhilPearce, Rigo (muted), fielding, Aleecia, Amy_Colando,
17:01:27 [Zakim]
... achappell?, npdoty, Joanne, Chris_Pedigo, +1.631.803.aaff, [Mozilla], BillScannell, schunter, jchester2 (muted)
17:01:27 [Zakim]
[Mozilla] has sidstamm
17:01:30 [Zakim]
+Keith_Scarborough
17:01:35 [Zakim]
+ +1.215.480.aaii
17:01:37 [schunter]
Nick/Peter: I am offline and listening only.
17:01:38 [Yianni]
Yes
17:01:39 [vinay]
vinay has joined #dnt
17:01:47 [peterswire]
yianni -- can you scribe
17:01:54 [Zakim]
+[Microsoft.a]
17:01:55 [Keith]
Keith has joined #dnt
17:01:59 [adrianba]
zakim, [Microsoft.a] is me
17:01:59 [Zakim]
+adrianba; got it
17:02:01 [npdoty]
scribenick: Yianni
17:02:01 [kulick]
kulick has joined #dnt
17:02:08 [Zakim]
+ +385345aajj
17:02:08 [Zakim]
+hefferjr
17:02:12 [vinay]
zakim, aajj is vinay
17:02:12 [Zakim]
+vinay; got it
17:02:19 [Yianni]
peter: organizational about today's call and next week's call
17:02:30 [Zakim]
+kulick
17:02:32 [Yianni]
...today's call working through agenda, assigning some action items
17:02:36 [justin_]
justin_ has joined #dnt
17:02:42 [Yianni]
...chris pedigo has a definitino of servie provider
17:02:45 [RichLaBarca]
Zakim 6318032933 is me
17:02:52 [npdoty]
Zakim, who is making noise?
17:02:53 [Yianni]
...will include definition of append and how that is handled
17:02:57 [npdoty]
Zakim, aaff is RichLaBarca
17:02:57 [Zakim]
+RichLaBarca; got it
17:03:00 [Yianni]
...will move to definition of first party
17:03:04 [Zakim]
npdoty, listening for 11 seconds I heard sound from the following: 28 (53%), BillScannell (4%), hefferjr (3%)
17:03:08 [Zakim]
+Dan_Auerbach
17:03:09 [Zakim]
+[CDT]
17:03:12 [Yianni]
...focus on clarify of writing, heather just sent a slightly altered version
17:03:28 [Zakim]
+ +1.650.465.aakk
17:03:39 [vincent]
vincent has joined #dnt
17:03:41 [Yianni]
...stan will give a breifing on the steps of the Mozilla patch on third party cookies
17:03:46 [Zakim]
+vincent
17:04:03 [npdoty]
s/stan/Sid Stamm/
17:04:10 [sidstamm]
thanks, npdoty
17:04:11 [Yianni]
...next week on wednesday is beginning of IAPP summit
17:04:16 [Yianni]
...peter will be there
17:04:24 [jmayer]
jmayer has joined #dnt
17:04:26 [Yianni]
...room at that meeting
17:04:31 [JC]
-1
17:04:34 [Zakim]
+Jonathan_Mayer
17:04:36 [Joanne]
-1
17:04:38 [eberkower]
-1
17:04:42 [justin_]
+1
17:04:44 [moneill2]
-1
17:04:45 [vinay]
-1
17:04:50 [Zakim]
+ +1.646.827.aall
17:04:51 [JC]
Will be in flight on Wednesday
17:04:53 [Yianni]
...how may people will be going to the meeting, +1 is a yes
17:04:54 [ChrisPedigoOPA]
+1
17:04:56 [sidstamm]
-1
17:05:10 [Yianni]
...item 3 of agenda is to assign action items
17:05:13 [AN]
AN has joined #dnt
17:05:15 [kulick]
-1 for wed, +1 for thurs & fri
17:05:17 [Yianni]
...would be glad to have volunteers
17:05:17 [dsinger]
dsinger has joined #dnt
17:05:38 [Zakim]
+[Apple]
17:05:38 [Yianni]
...pretty far toward permitted uses: frequency capping, security, debugging
17:05:46 [Zakim]
+hwest
17:05:49 [dsinger]
zakim, [apple] has dsinger
17:05:49 [Zakim]
+dsinger; got it
17:05:53 [Yianni]
...could do with editor's, want people to agree to action items for these
17:05:58 [AdamT]
AdamT has joined #dnt
17:05:59 [dsinger]
zakim, who is here?
17:05:59 [Zakim]
On the phone I see eberkower, Thomas (muted), moneill2, peterswire, efelten, Yianni (muted), +1.202.331.aacc, [Microsoft], PhilPearce, Rigo (muted), fielding, Aleecia, Amy_Colando,
17:06:02 [Zakim]
... achappell?, npdoty, Joanne, Chris_Pedigo, RichLaBarca, [Mozilla], BillScannell, schunter, jchester2 (muted), Keith_Scarborough, +1.215.480.aaii, adrianba, vinay, hefferjr,
17:06:02 [Zakim]
... kulick, [CDT], Dan_Auerbach, +1.650.465.aakk, vincent, Jonathan_Mayer, +1.646.827.aall, [Apple], hwest
17:06:02 [Zakim]
[Apple] has dsinger
17:06:02 [Zakim]
[Mozilla] has sidstamm
17:06:06 [Zakim]
On IRC I see AdamT, dsinger, AN, jmayer, vincent, justin_, kulick, Keith, vinay, ChrisPedigoOPA, jchester2, David_MacMillan, aleecia, susanisrael, sidstamm, hefferjr, rvaneijk,
17:06:06 [Zakim]
... Joanne, phildpearce, JC, rigo, fielding, Yianni, efelten, peterswire
17:06:12 [Yianni]
...does anyone agree to frequency capping action item?
17:06:21 [Yianni]
...will move to editor's for language
17:06:24 [npdoty]
I believe I've proposed text on frequency capping in an earlier round
17:06:29 [Zakim]
+chapell
17:06:44 [Yianni]
...for security and fraud prevention, Callas found he was comfortable with language
17:06:47 [johnsimpson]
johnsimpson has joined #dnt
17:06:49 [kj]
kj has joined #dnt
17:06:55 [Yianni]
...does anyone want to come forward with text on that issue?
17:07:14 [Yianni]
...third: debugging, does anoyone want to take an action item?
17:07:24 [Yianni]
...peter will work with Editors for language next week
17:07:33 [Zakim]
+johnsimpson
17:07:38 [Yianni]
...general approach is to sllim down number of open issues
17:07:59 [Yianni]
...next item on list is chris pedigo has circulated updated definition of service provider or processor
17:08:14 [Yianni]
...context from peter: this is language that has not been closed
17:08:36 [Yianni]
...want to look at language from chris, then people may want to raise related issue of appending data
17:08:57 [Yianni]
chris: Vinay and chris worked on language
17:09:02 [tlr]
topic: service provider / data processor language
17:09:14 [Yianni]
...allow an enitty to work on behalf of another company as long as certain conditions are met
17:09:20 [tlr]
http://lists.w3.org/Archives/Public/public-tracking/2013Feb/0138.html
17:09:31 [Yianni]
...seperate data, only use data as directed, and there has to be a contract that stipulates that
17:09:53 [Yianni]
...included sentence at bottom, service provider still subject to same restriction of original party
17:10:02 [Yianni]
...permitted uses should still apply for service providers
17:10:08 [Yianni]
...Rigo said that would not fly in the EU
17:10:12 [efelten]
Is this new language, or an attempt to consolidate the pre-existing proposed language?
17:10:22 [Yianni]
...not really appropriate in US either
17:10:36 [Yianni]
...some discussion about data append, happy to get into later
17:10:38 [rigo]
q+
17:10:44 [Yianni]
Peter: any questions or comments from the floor
17:10:47 [peterswire]
q?
17:10:48 [johnsimpson]
q?
17:10:48 [tlr]
q+ amyc
17:10:48 [npdoty]
q+ amyc
17:10:49 [hwest]
hwest has joined #dnt
17:10:49 [jchester2]
I think the data append issues are inextricably linked to this definition. so we understand the parameters.
17:10:52 [rigo]
ack ri
17:10:53 [dsinger]
this came out while I was commuting; I'll need to read it and discuss it with my colleagues, alas
17:10:57 [Chapell]
Chapell has joined #DNT
17:11:02 [rigo]
unmute rigo
17:11:06 [dsinger]
zakim, unmute rigo
17:11:06 [Zakim]
Rigo should no longer be muted
17:11:17 [ChrisPedigoOPA]
ed, this is an attempt to consolidate
17:11:29 [efelten]
Thanks, Chris.
17:11:40 [Yianni]
Rigo: chris already mentioned exchange, valid point that data processor that processes on behalf of another party
17:11:47 [npdoty]
Zakim, aaii is probably [Comcast]
17:11:47 [Zakim]
+[Comcast]?; got it
17:11:49 [fielding]
q+
17:11:50 [Yianni]
...they still have to secure their services, still have to do debugging
17:11:59 [Yianni]
...thought it was clear
17:12:20 [Yianni]
...adds explanation that is worthwhiled
17:12:35 [Yianni]
...in Europe good understanding of data processor
17:12:35 [susanisrael]
*Zakim, Comcast person may by Walt Michel
17:12:43 [Yianni]
...in US not as good an understanding
17:13:12 [Yianni]
Peter: within Europe, certain approved processing, security and debugging
17:13:24 [hwest]
hwest has left #dnt
17:13:26 [Yianni]
...in explanatory text in US, it would make sense to do what?
17:13:31 [hwest]
hwest has joined #dnt
17:13:54 [peterswire]
q?
17:13:55 [Yianni]
Rigo: peter understands correctly, we should not change definition but add explanatory text
17:14:03 [npdoty]
Zakim, aall might be dwainberg
17:14:03 [Zakim]
I don't understand 'aall might be dwainberg', npdoty
17:14:10 [npdoty]
Zakim, aall is probably dwainberg
17:14:10 [Zakim]
+dwainberg?; got it
17:14:22 [Yianni]
...all those permitted uses must be clear in the container of the contract to the data controller
17:14:38 [npdoty]
ack amyc
17:14:40 [peterswire]
q?
17:14:48 [Yianni]
Amy: I like the text
17:14:54 [Yianni]
...like the additional detail
17:14:56 [susanisrael]
+1
17:15:14 [Yianni]
...we as a publisher, use vendors to help us detect fraud
17:15:31 [Yianni]
...we typically allow them to detect threats to apply their learnings from working with other companies
17:15:41 [Yianni]
...this is a suspicious IP address or angle of attack
17:15:53 [Yianni]
...can that kind of scenario be addressed?
17:16:03 [Yianni]
Peter: Is that permitted under EU law and practice
17:16:09 [Chris_IAB]
Chris_IAB has joined #dnt
17:16:14 [Yianni]
Rigo: I would like Rob's oppinion
17:16:14 [peterswire]
q?
17:16:18 [dwainberg]
dwainberg has joined #dnt
17:16:28 [Zakim]
+dwainberg.a
17:16:29 [Yianni]
...there is a specific security exception in all data protection laws
17:16:47 [Yianni]
...if you collect for security and store forever and distribute forever
17:17:09 [tlr]
I guess the question is whether it's third party + permitted use, or service provider.
17:17:09 [susanisrael]
I think making the exception for learnings about security risks makes sense. But other service providers would not get any independent rights to the data itself.
17:17:20 [Yianni]
...if we apply the normal exception for security, we have a general rule of use and retention limitation for as long as neccesary
17:17:30 [Yianni]
...if you apply this to service providers, DPA could swallow that
17:17:40 [fielding]
specific comments: remove "in a specific network interaction"; remove the last sentence (self-contradiction); don't use a bulleted list; don't use ambiguous targets like "other party" (be specific).
17:17:41 [peterswire]
q?
17:17:47 [npdoty]
ack fielding
17:17:50 [Yianni]
Roy: few specific comments
17:18:14 [Yianni]
...generally focus seems fine, could work on log data 2 weeks after network interaction
17:18:28 [Yianni]
...last sentence in description is self contradictory
17:18:40 [rigo]
fielding; remove "in a specific network interaction"
17:18:54 [Yianni]
...the last thing is there are ambiguous references to other party, replace with data controller
17:19:00 [npdoty]
q+ to ask how this differs from "Option 1"
17:19:01 [kulick]
kulick has joined #dnt
17:19:08 [Yianni]
...all are editorial, caution to use word data controller
17:19:25 [Yianni]
Peter: data controller has legal connotation, may use party providing service
17:19:37 [Yianni]
...does last sentence cause any problems
17:19:55 [Yianni]
Roy: no mischief
17:20:04 [aleecia]
Q+
17:20:13 [Zakim]
- +1.202.331.aacc
17:20:15 [peterswire]
q?
17:20:19 [Yianni]
Peter: why is the language in there about specific network interactions
17:20:19 [vinay]
So, I added that following the form of previous definitions
17:20:24 [vinay]
I'm fine with Roy's edits
17:20:29 [Yianni]
Chris: not sure why it is in there
17:20:38 [Yianni]
...did not want to exclude others working on log files
17:20:53 [tlr]
q+ to note that the single network interaciton doesn't make technical sense
17:21:09 [Yianni]
Peter: data processor for that time has all of these things, shifting between roles
17:21:22 [Yianni]
...language that says that someone might act as data processor for some and not all activities
17:21:26 [Zakim]
+ +1.678.492.aamm
17:21:28 [susanisrael]
I am happy to work with Chris and Vinay on cleaning up language. I think peter is right about where language came from
17:21:38 [susanisrael]
peter, yes, I think you are right.
17:21:58 [aleecia]
Q later
17:22:07 [aleecia]
Grn
17:22:09 [tlr]
queue=npdoty,thomas,aleecia
17:22:16 [aleecia]
Thanks
17:22:19 [Yianni]
Chris: data being seperated sort of addresses Peter's concern
17:22:20 [rigo]
fielding; remove "in a specific network interaction"*In a specific network interaction"
17:22:24 [rigo]
q+
17:22:26 [vinay]
fine by me, too
17:22:28 [Yianni]
Peter: motion to take out clause specific network interaction
17:22:34 [Yianni]
Chris: fine by me
17:22:36 [johnsimpson]
q?
17:22:46 [Yianni]
Rigo: you would also have to remove from first party definition
17:22:56 [tlr]
errrm, no
17:23:01 [Yianni]
...data processor is logically dependent on first party definition
17:23:11 [npdoty]
Zakim, who is making noise?
17:23:16 [Zakim]
-schunter
17:23:21 [dsinger]
but taking it out of 1st party means we could no longer distinguish 1st and 3rd, which is all contextual on the interaction...
17:23:22 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: BillScannell (10%)
17:23:26 [justin_]
It makes sense in the definition of first party --- because it's distinguishing first from third. Don't need it for service provider.
17:23:42 [fielding]
another note: it says "separated", but not separated from what … it should be siloed by first party.
17:23:52 [Yianni]
Peter: Rigo, specific network interaction, processor could have different roles
17:23:56 [susanisrael]
+1 to siloed by first party
17:24:00 [Yianni]
...seems you could keep for first party and not here
17:24:08 [peterswire]
q?
17:24:25 [Yianni]
Nick: ask about the differences from option 1
17:24:34 [Yianni]
...might be easier to review if we compare to option 1
17:24:52 [Yianni]
...different I see: 1st bullet seperated by is a little less clear
17:25:02 [Yianni]
...is it seperate from each data controller, or other seperation?
17:25:30 [Yianni]
...2nd bullet, more concern with other party, seems to be a little too open ended
17:25:32 [susanisrael]
q+
17:25:49 [Yianni]
...if I contract you to build a profile, is that a service provider relationship
17:25:53 [fielding]
"A Data Processor is subject to the same restrictions as the other party."
17:26:02 [Yianni]
Chris: if you pair with same restrictions of other party that gets to the restrictions
17:26:04 [Chris_IAB]
FYI- I can't join via phone today, only IRC. If you need something from me, please ping me here.
17:26:13 [Yianni]
...so they could not share the data because it is restricted
17:26:20 [Yianni]
...no sharing with any third party
17:26:44 [Yianni]
Peter: will get to first party sharing with third party later
17:26:51 [tlr]
q-
17:26:56 [tlr]
ack npdoty
17:27:00 [npdoty]
q-
17:27:03 [peterswire]
q?
17:27:05 [Yianni]
Nick: first parties will share information, facebook sharing information with friends
17:27:15 [susanisrael]
Npdoty, i would argue that you, not facebook, are sharing when you post
17:27:19 [Yianni]
Chris: no intent to create a loophole
17:27:23 [johnsimpson]
q?
17:27:24 [npdoty]
ack aleecia
17:27:41 [rigo]
zakim, q-
17:27:41 [Zakim]
I see susanisrael on the speaker queue
17:27:42 [dsinger]
the first party restriction is fairly clear: "The First Party must not pass information about this transaction to non-service provider third parties who could not collect the data themselves under this Recommendation."
17:27:46 [Yianni]
Aleecia: couple things: 1 - great to see text
17:28:04 [Yianni]
...2: think I am hearing that there is no permitted uses except for security
17:28:11 [npdoty]
ChrisPedigoOPA, I didn't mean to imply that you were intending to create a loophole! I just wanted to think through the implications of that bullet
17:28:19 [Yianni]
...from Amy, we may need to change the way we are thinking about the security permitted use
17:28:37 [Yianni]
...a note of need to look at how we look at security
17:28:55 [Yianni]
...we need transparancy with the third parties, including with service providers
17:28:59 [jchester2]
+1
17:29:02 [rigo]
I think security will only work with a use-limitation (security as finality)
17:29:04 [susanisrael]
q-
17:29:08 [fielding]
Just as shoon as you have transparency regarding employee names ..
17:29:08 [peterswire]
q?
17:29:16 [susanisrael]
q+
17:29:16 [Yianni]
...could use with header response, we could do with discoverability beyond we have affiliates
17:29:28 [peterswire]
q?
17:29:30 [Yianni]
...we need someway to tell users where there data went
17:29:34 [npdoty]
dsinger, I think we have lingering uncertainty about when first parties can share data (like the intentional sharing-on-Facebook case)
17:29:41 [npdoty]
ack susanisrael
17:30:04 [Yianni]
Susan: listening to Aleecia, transparancy for service providers with no right to use data is different than affiliates
17:30:17 [Yianni]
...we expect first parties to disclose affiliates who have rights to the data
17:30:17 [jchester2]
+q
17:30:23 [jchester2]
zakim, unmute me
17:30:23 [Zakim]
jchester2 should no longer be muted
17:30:33 [Yianni]
...service providers are different, some service providers cannot be disclosed and change frequently
17:30:36 [dsinger]
npdoty: I think we're talking in this definition about passing data to services. clearly if I publish something on my first-party site, I have no control over who reads it...
17:30:38 [Zakim]
+schunter
17:30:51 [aleecia]
Agree there's nothing new here. My view remains unchanged: no secret databases
17:30:58 [peterswire]
q?
17:31:02 [Yianni]
...whole idea of their role, as publisher who uses service providers, we would not want service providers to use data independently
17:31:11 [npdoty]
ack jchester
17:31:23 [Yianni]
Jeff Chester: talking about whole different class of service providers
17:31:32 [Yianni]
...very important for users to understand where their data is going
17:31:34 [susanisrael]
Aleecia, we are not talking about secret databases. We are talking about entities that are NOT permitted to use and keep data to build databases.
17:31:37 [robsherman]
robsherman has joined #dnt
17:31:40 [rigo]
Aleecia, a data processors are bound anyway. There can't be secret databases
17:31:43 [peterswire]
q?
17:31:46 [Zakim]
+ +1.650.308.aann
17:31:49 [jchester2]
zakim, mute me
17:31:49 [Zakim]
jchester2 should now be muted
17:31:50 [Yianni]
...we could classify service providers dealing with data integration and targeting, but users need to know
17:31:55 [Zakim]
-Amy_Colando
17:31:58 [Yianni]
Peter: summarize some of what he has heard
17:31:58 [robsherman]
zakim, aann is robsherman
17:31:58 [Zakim]
+robsherman; got it
17:32:06 [Yianni]
...moderate number of fine tuning of text
17:32:21 [susanisrael]
I am willing to work with Chris, Vinay and Rigo to refine and clarify the text
17:32:32 [aleecia]
Users don't know where their data went. And it goes into a database of course. So yes, these are secret databases
17:32:32 [vinay]
Thanks susanisrael
17:32:33 [Yianni]
...ask Chris without changing substance to come back with addressing language
17:32:37 [Yianni]
Chris: happy to do that
17:32:58 [Yianni]
Peter: another piece, a transparancy question, aware of varying views on that
17:33:03 [fielding]
A service provider is a contractor. The notion that users need transparency of service providers and not the identity of every employee that might ever touch the data as a first party has no basis, whether or not people want to know that information. In most cases, it won't even be known at the time of interaction.
17:33:17 [Yianni]
...have there been specific proposals that are currently open for what the transparacy requirements would look like
17:33:21 [aleecia]
Q+
17:33:23 [ChrisPedigoOPA]
+1 to roy
17:33:25 [Yianni]
...anyone with the history
17:33:27 [npdoty]
ack aleecia
17:33:41 [rvaneijk]
rvaneijk has joined #dnt
17:33:41 [susanisrael]
+1 to fielding
17:33:52 [Yianni]
Aleecia: could have affiliates and service providers send header back
17:33:59 [rigo]
q+
17:33:59 [Yianni]
...that is the minority view
17:34:02 [tlr]
q+ to ask a clarifying question
17:34:11 [rigo]
q- later
17:34:11 [Yianni]
...have not discussed any other mechanisms
17:34:19 [npdoty]
have we ever had a proposal in the Compliance doc that had such a transparency requirement?
17:34:34 [npdoty]
I don't see one in any of the three Service Provider definitions, for example
17:35:21 [susanisrael]
I think it's legitimate for users to know a first party's affiliates--different from service providers
17:35:27 [Yianni]
Aleecia: privacy policies use the word affiliates, probably best to drop the use of the word affiliate
17:35:34 [dsinger]
to npdoty: It's never been proposed that service-provider flags be obligatory, just available to enable SPs to clarify their status if they wish (and it's only about end-points of HTTP transactions, as well -- what the HTTP spec. calls servers)
17:35:42 [Yianni]
...talked about third parties sending a header response as identifying themselves as being different
17:35:52 [Yianni]
...we have had that discussion in the past
17:36:06 [Yianni]
Peter: minority view with strong feelings on the transparacy side
17:36:19 [Yianni]
...in terms of the language we have, chris will work on fine tuning
17:36:29 [Yianni]
...we have a tricky question about security
17:36:38 [npdoty]
thanks dsinger; maybe we need to ask for alternative compliance text from aleecia or others that would specify transparency
17:36:54 [kulick]
kulick has joined #dnt
17:36:59 [aleecia]
Could well be. I'll need three weeks
17:37:13 [Yianni]
...Amy, would you be willing to, looking at the security permitted use, add language addressing the practice of sharing IP addresses from attacks
17:37:14 [Zakim]
+ +31.65.141.aaoo
17:37:22 [aleecia]
But I would be happy to contribute a new fairly small sectio
17:37:23 [rvaneijk]
zakim, aa00 is me
17:37:23 [Zakim]
sorry, rvaneijk, I do not recognize a party named 'aa00'
17:37:31 [tlr]
zakim, aaoo is rvaneijk
17:37:31 [Zakim]
+rvaneijk; got it
17:37:31 [rvaneijk]
zakim, aaoo is me
17:37:32 [Zakim]
sorry, rvaneijk, I do not recognize a party named 'aaoo'
17:37:42 [npdoty]
Zakim, who is making noise?
17:37:43 [Yianni]
...someone else with that concern who would propose language?
17:37:53 [Zakim]
npdoty, listening for 10 seconds I could not identify any sounds
17:37:58 [Yianni]
...common practice that security vendors learn security concerns from multiple places
17:38:15 [Yianni]
...we have a possible tension between actual practice and the current language
17:38:15 [dwainberg]
Is that not also the same case for debugging?
17:38:15 [npdoty]
Zakim, who is on the phone?
17:38:15 [Zakim]
On the phone I see eberkower, Thomas (muted), moneill2, peterswire, efelten, Yianni (muted), [Microsoft], PhilPearce, Rigo, fielding, Aleecia, achappell?, npdoty, Joanne,
17:38:16 [tlr]
q-
17:38:19 [Zakim]
... Chris_Pedigo, RichLaBarca, [Mozilla], BillScannell, jchester2 (muted), Keith_Scarborough, [Comcast]?, adrianba, vinay, hefferjr, kulick, [CDT], Dan_Auerbach, +1.650.465.aakk,
17:38:19 [Zakim]
... vincent, Jonathan_Mayer, dwainberg?, [Apple], hwest, chapell, johnsimpson, dwainberg.a, +1.678.492.aamm, schunter, robsherman, rvaneijk
17:38:19 [Zakim]
[Apple] has dsinger
17:38:19 [Zakim]
[Mozilla] has sidstamm
17:38:28 [Yianni]
David: happy to take on language
17:38:34 [WaltM_CC]
WaltM_CC has joined #dnt
17:38:44 [Yianni]
Peter: have some language, and try to understanding European standard
17:38:52 [rigo]
David, just send me email. There is a specific article
17:39:00 [dwainberg]
ok, rigo
17:39:11 [Yianni]
David: similar issue with respect to debugging?
17:39:30 [susanisrael]
*Yianni, just let me know when you want me to take over, or I will start at 12:45
17:39:43 [Yianni]
Peter: I thin you could come up with language but it would be helping to get input from debugging
17:39:55 [Yianni]
taking over at 12:45 works
17:40:03 [dsinger]
on the SP flagging, I rather suspect that the new first-party (could be data-controller) well-known resource might serve; I was hoping to spend time with Roy in Cambridge understanding what's possible, and making sure that clarity was *possible* but not required (it's not always desired). that conversation is still pending
17:40:17 [Yianni]
Peter: assign an action item to david on security and debugging
17:40:21 [npdoty]
action: wainberg to propose language on security vendors as service providers sharing/combining data
17:40:21 [trackbot]
Created ACTION-372 - Propose language on security vendors as service providers sharing/combining data [on David Wainberg - due 2013-03-06].
17:40:31 [Yianni]
...if you do debugging actual practices would be helpful
17:40:44 [rigo]
David, look at Article 4 of 2002/58/EC http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:NOT
17:41:04 [Yianni]
...request that if you add facts to debugging language
17:41:07 [Yianni]
...2 weeks
17:41:15 [jchester2]
zakim, unmute me
17:41:15 [Zakim]
jchester2 should no longer be muted
17:41:20 [jchester2]
+q
17:41:21 [Yianni]
Peter: moving to related issue of append, Jeff do you have any comments
17:41:26 [npdoty]
Zakim, aaww is probably Brooks
17:41:26 [Zakim]
sorry, npdoty, I do not understand your question
17:41:34 [Yianni]
...use cases that Chris sent around show a variety of situations for append
17:41:41 [npdoty]
Zakim, aamm is probably Brooks
17:41:41 [Zakim]
+Brooks?; got it
17:41:44 [Yianni]
...some concerns are addressed by keeping information siloed
17:41:54 [Yianni]
...might be other concerns of data flowing from service provider to first party
17:41:55 [rigo]
q- later
17:42:00 [peterswire]
q?
17:42:04 [npdoty]
ack jchester
17:42:07 [aleecia]
I'm going to walk into a mtg w the dean at 10 am, will not be able to listen after but will watch irc
17:42:10 [tlr]
zakim, mute me
17:42:10 [Zakim]
Thomas was already muted, tlr
17:42:33 [Yianni]
Jeff: data append, i think a user that has sent a DNT:1, would not understand the array of data that is used for the profiling and tracking function
17:42:50 [peterswire]
q?
17:42:51 [Yianni]
...I think this is a really problem and guts peoples concept of do not track
17:42:53 [ChrisPedigoOPA]
+q
17:43:02 [jchester2]
zakim, mute me
17:43:02 [Zakim]
jchester2 should now be muted
17:43:03 [Yianni]
...all this third party data is being integrated and used and you have no say
17:43:14 [npdoty]
ack rigo
17:43:14 [rigo]
ack ri
17:43:20 [johnsimpson]
q?
17:43:33 [Yianni]
Rigo: in response to Aleecia, we have already discussed the serviec provider flag
17:43:54 [Yianni]
...service provider can only act as contained by first party
17:44:02 [peterswire]
q?
17:44:02 [aleecia]
Once more: sustained disagreement
17:44:04 [susanisrael]
+1 to Rigo
17:44:36 [Yianni]
...incentive to declare service providers that are used, so we do not have to be so strict on this
17:45:01 [Yianni]
Peter: will follow up with Aleecia on acknowledgment flags
17:45:02 [peterswire]
q?
17:45:05 [aleecia]
Q+
17:45:10 [adrianba]
adrianba has joined #dnt
17:45:11 [rigo]
ack ChrisPedigoOPA
17:45:16 [Yianni]
Chris: Data append, hear Jeff's concern, users do not want to be profiled
17:45:22 [Yianni]
...DNT is about limiting data profiling
17:45:28 [aleecia]
Note follow up with Peter, perhaps at IIAP
17:45:32 [Yianni]
...third parties will not be able to track data about a user
17:45:47 [Yianni]
...I think it is completely acceptable for first party to learn more about their customers
17:45:59 [peterswire]
q?
17:46:00 [Yianni]
...or modify the contents of site about what they know about the user
17:46:06 [jchester2]
using 3rd party data that would otherwise would be prohibited via DNT: 1 It's not modify--its intensive databroker targeting
17:46:14 [dsinger]
dsinger has joined #dnt
17:46:17 [Yianni]
...other point: in DNT world, data brokers will not have profilers about DNT 1 users
17:46:27 [susanisrael]
data appends may be used by a first party site to learn about users in aggregate, rather t han to build individual profiles
17:46:32 [Yianni]
...will be able to attain information offline or with consent
17:46:38 [peterswire]
q?
17:46:42 [npdoty]
ack aleecia
17:46:42 [Yianni]
Susan, want to take over?
17:46:44 [jchester2]
The First party will be able to collect a wide range of data on a user, even when DNT: 1 is being used. And we shouldn't permit it.
17:46:47 [susanisrael]
scribenick: susanisrael
17:47:20 [susanisrael]
aleecia: even prohibition on 1st party sharing should not permit data append
17:47:23 [susanisrael]
q+
17:47:36 [npdoty]
as I understand it, there are cryptographic techniques that would allow a first party and third party to match data without the first party revealing their customer list to the third party
17:47:52 [susanisrael]
npdoty, yes, I think so
17:48:01 [tlr]
q?
17:48:01 [jchester2]
I will work with Aleecia
17:48:20 [aleecia]
Nick, good point
17:48:34 [aleecia]
You are correct
17:48:41 [rigo]
npdoty: yep, anon credentials come to my mind
17:48:45 [aleecia]
We did not mention that prior
17:49:25 [rigo]
yep
17:49:27 [npdoty]
action: aleecia to propose text prohibiting data append (because it requires sharing, or otherwise; with jchester)
17:49:27 [trackbot]
Created ACTION-373 - Propose text prohibiting data append (because it requires sharing, or otherwise; with jchester) [on Aleecia McDonald - due 2013-03-06].
17:49:39 [tlr]
action-373 due 2013-03-20
17:49:39 [trackbot]
Set ACTION-373 Propose text prohibiting data append (because it requires sharing, or otherwise; with jchester) due date to 2013-03-20.
17:49:51 [npdoty]
susanisrael: when a service provider doesn't have rights to use data but manipulates it on behalf of the first party, we wouldn't consider that sharing
17:50:03 [susanisrael]
scribenick: susanisrael again
17:50:07 [moneill2]
1st party would have to identify the user (to the 3rd party) i.e. they share user id/instance of user visit to web site
17:50:20 [susanisrael]
Peterswire: move to justin to introduce merged definition of first party
17:50:21 [tlr]
topic: merged first party definition
17:50:44 [aleecia]
(when people ask "what is new info that hasn't come before the group?" and want to know wigat that would look like -- Nick just demonstrated :-) not that is is closed, but if it were, that would be a great reason to revisit)
17:50:47 [susanisrael]
Justin: maybe better defintiion is the one heather sent at 11:52. a party with which user interacts is first party
17:51:03 [tlr]
Heather's text: http://lists.w3.org/Archives/Public/public-tracking/2013Feb/0152.html
17:51:03 [susanisrael]
justin: talked about embedded widgets
17:51:16 [peterswire]
q?
17:51:24 [susanisrael]
....tried to take 3 defnitions
17:51:28 [susanisrael]
q-
17:51:43 [vincent]
so it includes redirects?
17:51:54 [susanisrael]
Justin: tried to make it straightforward.....
17:51:57 [justin_]
In a specific network interaction, a party with which the user interacts is the <dfn>First Party</dfn>. In most cases on a traditional web browser, the first party will be the party that owns and operates the domain visible in the address bar. The party that owns and operates or has control over an (branded/labelled?) embedded widget, search box, or similar service with which a user intentionally interacts is also considered a First Party. If a user merely m[CUT]
17:52:02 [peterswire]
q?
17:52:14 [justin_]
mouses over, closes, or mutes such content, that is not sufficient interaction to render the party a first party. Non-First Party entities on the site are considered Third Parties.
17:52:40 [aleecia]
Trouble: redirects
17:52:46 [susanisrael]
peterswire: looking at heather's email, "a party with whom users interact is a first party" which is designed to get away from hard to understand intent
17:52:53 [npdoty]
yeah, I assume this is just a typo
17:52:58 [fielding]
I suggest using "user intentionally interacts" in the first sentence -- it is used later but is fundamental.
17:53:09 [susanisrael]
...concern is that users interact with third parties also, how do you distinguish....
17:53:15 [aleecia]
Roy++
17:53:28 [peterswire]
q?
17:53:32 [fielding]
q+
17:53:39 [susanisrael]
peterswire: thought you could make some judgment about intended....
17:53:44 [justin_]
fine with fielding's suggestion, though hwest wanted to stay away from judging "intent"
17:54:01 [susanisrael]
hwest: it is intentionally intended to allow third party elements of a website to be treated as first party
17:54:09 [npdoty]
but we are including intent, no definition has ever gotten us away from that
17:54:19 [peterswire]
q?
17:54:44 [susanisrael]
hwest: re: "high probabability website knows intent," it's really hard to engineer to...better to stay with technical definition of first party...
17:54:56 [aleecia]
Would expect rather than intend help at all?
17:55:13 [dsinger]
the whole question of machine-testability is thorny
17:55:24 [rigo]
+1 to fielding
17:55:34 [peterswire]
q?
17:55:42 [susanisrael]
fielding: no use for heavy/high probability wording...not something a server intendes, but def should reflect intentional interaction
17:56:09 [susanisrael]
fielding: what i did not like was idea of server determining this re: probablistic means, have no way to determine this
17:56:23 [dsinger]
there is a gap between what the TPE says ('expected to be used in a first-party context') and the 'high probability' text
17:56:25 [peterswire]
q?
17:56:27 [dwainberg]
q+
17:56:32 [susanisrael]
peterswire: let's turn to rest of the sentences. any objections or concerns with rest of definition
17:56:42 [aleecia]
Has it changed?
17:56:43 [npdoty]
q+ to ask about redirects
17:56:45 [npdoty]
ack fielding
17:56:46 [fielding]
I think judging intent should be removed … but having intent is important to distinguish from other interactions.
17:57:24 [susanisrael]
dwainberg: similar to problem with first sentence, for a party embedded in page, how can that party know that user has interacted in a way to expect it to be first party
17:57:29 [peterswire]
q?
17:57:38 [justin_]
What's your alternative dwainberg?
17:57:57 [susanisrael]
dwainberg: qu is how party knows user is intentionally interacting with it
17:58:02 [peterswire]
q?
17:58:24 [susanisrael]
peterswire: does mousing over = not enough help?
17:58:27 [susanisrael]
dwainberg: no
17:58:42 [susanisrael]
peterswire: any alternative language that avoids problem
17:58:45 [npdoty]
Zakim, who is making noise?
17:58:47 [peterswire]
q?
17:58:56 [Zakim]
npdoty, listening for 11 seconds I heard sound from the following: peterswire (4%), BillScannell (12%), hwest (63%)
17:59:03 [susanisrael]
hwest: we might think about some guidance, but idea was that it's a bit of a judgment call
17:59:05 [npdoty]
"conscious interaction" sounds great; similar to "intentionally"
17:59:13 [tlr]
I'd also like to hear david's proposed change.
17:59:18 [Zakim]
-Keith_Scarborough
17:59:22 [hwest]
I like "conscious interaction" better than intent
17:59:38 [peterswire]
q?
17:59:39 [susanisrael]
npdoty: I think there are some real advantages to ahving party running widgets figure out when it has been interacted with........
17:59:45 [eberkower]
Does this require the Turing test?
17:59:48 [tlr]
ack npdoty
17:59:48 [Zakim]
npdoty, you wanted to ask about redirects
18:00:08 [susanisrael]
npdoty: if someone clicks like button i (fb) am in good position to know if interaction
18:00:35 [susanisrael]
npdoty: would [......] be considered first party? [url shorteners?]
18:00:39 [justin_]
Yes, there is existing language on url shorterners, but we were going to move to appendix.
18:01:00 [justin_]
But it's also not consensus --- Google disagreed with my (our?) suggestion.
18:01:13 [susanisrael]
peterswire: nick might have additional language, support from roy for keeping third sentence/from justin for first
18:01:33 [susanisrael]
...propose taking that text and nick have action item around language he just proposed.....
18:01:38 [Zakim]
-dwainberg?
18:01:51 [dsinger]
q+ to comment
18:01:53 [susanisrael]
....david and heather have concerns re: intentional, could propose other language. any objections?
18:01:54 [peterswire]
q?
18:02:04 [dwainberg]
ack dwainberg
18:02:08 [susanisrael]
justin: so should i put idea of intention in first sentence as well?
18:02:21 [npdoty]
action: doty to suggest how redirection proposals can factor in to the first party definition
18:02:22 [trackbot]
Created ACTION-374 - Suggest how redirection proposals can factor in to the first party definition [on Nick Doty - due 2013-03-06].
18:02:28 [susanisrael]
peterswire: yes, that's one approach, other is for heather or david or others to propose other language
18:02:29 [tlr]
q?
18:02:37 [npdoty]
ack dsinger
18:02:38 [Zakim]
dsinger, you wanted to comment
18:03:06 [rigo]
+1 to dsinger
18:03:20 [susanisrael]
dsinger: want to point out what fielding wrote in tpe..."designed to be used as a first party resource" then maybe that affects these definitions, eliminates need to think about intent
18:03:26 [dsinger]
q-
18:03:44 [npdoty]
topic: mozilla presentation
18:04:13 [susanisrael]
peterswire: thank you sidstamm for being here, I thank sid for being a brave and good person and briefing us on Mozilla patch on third party cookies. Goal in call is to get factual understanding...,.
18:04:24 [peterswire]
q?
18:04:34 [susanisrael]
I hope everyone will speak respectfully and in professional way
18:04:54 [susanisrael]
sid: i may be assuming knowledge, so don't be shy to ask questions about how this works...
18:05:18 [susanisrael]
we have been trying to think of ways to close gap between what happens on web and what people think happens.
18:05:37 [susanisrael]
...it's how we approach privacy. Users are concerned about cookies and tracking. ...
18:05:43 [fielding]
http://allthingsd.com/20130224/mozilla-to-block-third-party-cookies-in-firefox/
18:05:47 [Zakim]
-Aleecia
18:05:55 [fielding]
https://wiki.mozilla.org/SecurityEngineering/ThirdPartyCookies
18:06:12 [susanisrael]
not new, safari has been doing it. allow first party cookies and used to allow third parties, but now will permit them only if cookie already set on device....,
18:06:40 [susanisrael]
idea is that if people have established relationship in first party context they can continue to interact with the entity in third party context.....
18:06:46 [Zakim]
-npdoty
18:06:53 [ChrisPedigoOPA_]
ChrisPedigoOPA_ has joined #dnt
18:07:07 [susanisrael]
it's in our nightly build, fairly long release cycle, then graduate to alpha, beta, then release channel...
18:07:09 [Zakim]
+npdoty
18:07:15 [susanisrael]
in each channel there is different set of users....
18:07:39 [susanisrael]
we have time to experiment with really early adopters in nightly, mostly developers.
18:08:18 [susanisrael]
....until we feel confident we won't move forward. You can get involved by joining discussions on privacy, or testing firefox on nightly and see how it works for you....
18:08:21 [ChrisPedigoOPA_]
q+
18:08:23 [npdoty]
q+
18:08:25 [dwainberg]
q+
18:08:27 [peterswire]
q?
18:08:31 [susanisrael]
jonathan did i miss anything since you wrote the code......
18:09:15 [susanisrael]
chrispedigo: thanks sid for brief description. I am not a technologist. 2 questions from members: different from safari? what happens to analytics?
18:09:33 [susanisrael]
sid: if analytics provider uses 1st party cookies, no problem
18:09:53 [rigo]
q+
18:10:11 [moneill2]
safari just allows 3p cookies on POST vferb
18:10:19 [susanisrael]
jmayer: when safari checks to see if first party content has cookie permission: [jmayer, can you clarify this or can someone help report it?]
18:10:45 [npdoty]
safari does its check based on whether cookies were sent in the outgoing HTTP request
18:10:53 [peterswire]
q?
18:10:58 [susanisrael]
ex: if you go to a. foo.com, get a cookie for b.foo.com, there is embedded content for c. foo.com
18:11:07 [susanisrael]
*npdoty, thanks
18:11:13 [npdoty]
while Firefox instead checks whether there is a cookie permission for something on the top-level domain
18:11:49 [susanisrael]
jmayer: under firefox approach both a and c .foo.com would have cookie permission. It's a corner case, in practice unlikely that difference matters
18:11:58 [npdoty]
q-
18:11:59 [aleecia]
Is there a practical diff or just imp diff?
18:12:14 [dwainberg]
q-
18:12:28 [sidstamm]
aleecia, it was just an implementation convenience and a minor diff
18:12:31 [susanisrael]
...jmayer in practice safari practice is more stringent, but effect similar,
18:12:31 [ChrisPedigoOPA_]
q-
18:12:38 [npdoty]
ack rigo
18:12:42 [aleecia]
Thanks, sorry I cannot be on the call
18:12:42 [npdoty]
Zakim, who is making noise?
18:12:46 [dsinger]
zakim, who is making noise?
18:12:50 [ChrisPedigoOPA_]
Sid and Jonathan, thanks for the explanation
18:12:51 [susanisrael]
[*sorry interrupted for a min-missed end of jmayer]
18:12:53 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: 37 (93%), [Mozilla] (5%), Jonathan_Mayer (66%)
18:13:03 [npdoty]
jmayer, can you mute?
18:13:04 [Zakim]
dsinger, listening for 10 seconds I heard sound from the following: Jonathan_Mayer (33%)
18:13:06 [susanisrael]
rigo: any plan to have mechanism open up again?
18:13:08 [peterswire]
someone is typing without mute
18:13:38 [susanisrael]
....some third parties need to set cookie, and won't have a nother chance. I have complaints from developers. Any plans for exception handling?
18:13:40 [peterswire]
q?
18:14:04 [susanisrael]
sid: no concrete plans right now but i agree there should be a way for trusted sites to have third party cookie users...
18:14:06 [jmayer]
Better example: you get an a.foo.com first-party cookie, then visit bar.com which embeds third-party b.foo.com content. Safari would not allow cookie permissions for b.foo.com, Firefox would.
18:14:34 [susanisrael]
as we still believe in dnt, maybe there is a way for sites that respect dnt to get third party cookie access
18:15:02 [dsinger]
perhaps worth saying that we (at least) are interested in DNT as it's a consensus solution, rather than one-sided (like cookie or ad blocking)
18:15:05 [susanisrael]
peterswire: end of call, but if you will be at iapp, pls email me so i can get sense of count and what kind of room we would need
18:15:08 [Zakim]
-efelten
18:15:09 [johnsimpson]
johnsimpson has left #dnt
18:15:09 [Zakim]
-robsherman
18:15:09 [Zakim]
-Jonathan_Mayer
18:15:10 [Zakim]
-peterswire
18:15:10 [Zakim]
-Chris_Pedigo
18:15:12 [Zakim]
-dwainberg.a
18:15:12 [Zakim]
-[Microsoft]
18:15:13 [Zakim]
-RichLaBarca
18:15:13 [Zakim]
-eberkower
18:15:13 [Zakim]
-[Apple]
18:15:13 [Zakim]
-Rigo
18:15:13 [Zakim]
-johnsimpson
18:15:13 [Zakim]
-Joanne
18:15:14 [Zakim]
-[Mozilla]
18:15:14 [Zakim]
-moneill2
18:15:15 [Zakim]
-kulick
18:15:15 [Zakim]
-hwest
18:15:16 [Zakim]
-chapell
18:15:16 [Zakim]
-adrianba
18:15:16 [Zakim]
-vincent
18:15:18 [Zakim]
- +1.650.465.aakk
18:15:18 [Zakim]
-vinay
18:15:18 [npdoty]
I think third-party servers with a satisfactory ./well-known/dnt would be a great time to relax the cookie restriction
18:15:19 [Zakim]
-Yianni
18:15:20 [susanisrael]
peterswire: thanks everyone, and we will be in touch fgor next wednesday
18:15:20 [peterswire]
peterswire has left #dnt
18:15:21 [Zakim]
-Brooks?
18:15:21 [Zakim]
-Thomas
18:15:21 [npdoty]
Zakim, list attendees
18:15:22 [Zakim]
As of this point the attendees have been +1.646.654.aaaa, eberkower, Thomas, moneill2, npdoty, peterswire, +1.609.258.aabb, efelten, Yianni, +1.202.331.aacc, [Microsoft],
18:15:22 [Zakim]
... PhilPearce, Rigo, +1.949.573.aadd, Aleecia, Amy_Colando, +1.917.934.aaee, fielding, Joanne, Chris_Pedigo, achappell?, +1.631.803.aaff, sidstamm, +49.172.147.aagg,
18:15:26 [Zakim]
... +1.650.787.aahh, jchester2, schunter, Keith_Scarborough, +1.215.480.aaii, adrianba, +385345aajj, hefferjr, vinay, kulick, RichLaBarca, Dan_Auerbach, [CDT], +1.650.465.aakk,
18:15:26 [Zakim]
... vincent, Jonathan_Mayer, +1.646.827.aall, hwest, dsinger, chapell, johnsimpson, [Comcast]?, dwainberg?, dwainberg, +1.678.492.aamm, +1.650.308.aann, robsherman,
18:15:26 [Zakim]
... +31.65.141.aaoo, rvaneijk, Brooks?
18:15:32 [npdoty]
rrsagent, please draft the minutes
18:15:33 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/27-dnt-minutes.html npdoty
18:15:35 [Zakim]
-[CDT]
18:15:38 [Zakim]
-schunter
18:15:39 [Zakim]
-[Comcast]?
18:15:43 [Zakim]
-BillScannell
18:15:45 [Zakim]
-fielding
18:15:52 [npdoty]
rssagent, make logs public
18:15:58 [Zakim]
-jchester2
18:16:01 [Zakim]
-npdoty
18:16:25 [npdoty]
chair: peterswire
18:16:31 [npdoty]
rrsagent, please draft the minutes
18:16:31 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/27-dnt-minutes.html npdoty
18:16:52 [moneill2]
npdoty, that was how p3p cp was supposed to work but it was too easy to fool
18:16:59 [Zakim]
-rvaneijk
18:17:17 [npdoty]
moneill2, I understand, and I recognize the problems we had with that on IE
18:17:55 [npdoty]
... but if we're actively using DNT (and regulators or self-regulatory bodies do enforce promises) then I think that would be a key difference
18:18:00 [moneill2]
npdoty, best would be ss uge, dnt:0, explicit indication of consent
18:18:51 [Zakim]
-Dan_Auerbach
18:18:53 [npdoty]
moneill2, you're right, the exceptions api approach would be a clear indication
18:18:54 [Zakim]
+schunter
18:19:01 [Zakim]
-schunter
18:19:20 [moneill2]
npdoty, thanks
18:20:32 [Zakim]
-achappell?
18:24:01 [Zakim]
-PhilPearce
18:29:50 [Zakim]
-hefferjr
18:29:51 [Zakim]
T&S_Track(dnt)12:00PM has ended
18:29:51 [Zakim]
Attendees were +1.646.654.aaaa, eberkower, Thomas, moneill2, npdoty, peterswire, +1.609.258.aabb, efelten, Yianni, +1.202.331.aacc, [Microsoft], PhilPearce, Rigo, +1.949.573.aadd,
18:29:51 [Zakim]
... Aleecia, Amy_Colando, +1.917.934.aaee, fielding, Joanne, Chris_Pedigo, achappell?, +1.631.803.aaff, sidstamm, +49.172.147.aagg, +1.650.787.aahh, jchester2, schunter,
18:29:52 [Zakim]
... Keith_Scarborough, +1.215.480.aaii, adrianba, +385345aajj, hefferjr, vinay, kulick, RichLaBarca, Dan_Auerbach, [CDT], +1.650.465.aakk, vincent, Jonathan_Mayer, +1.646.827.aall,
18:29:52 [Zakim]
... hwest, dsinger, chapell, johnsimpson, [Comcast]?, dwainberg?, dwainberg, +1.678.492.aamm, +1.650.308.aann, robsherman, +31.65.141.aaoo, rvaneijk, Brooks?
18:37:58 [schunter]
schunter has joined #dnt