IRC log of dnt on 2013-03-20

Timestamps are in UTC.

15:52:01 [RRSAgent]
RRSAgent has joined #dnt
15:52:01 [RRSAgent]
logging to
15:52:03 [trackbot]
RRSAgent, make logs world
15:52:03 [Zakim]
Zakim has joined #dnt
15:52:05 [trackbot]
Zakim, this will be
15:52:05 [Zakim]
I don't understand 'this will be', trackbot
15:52:06 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
15:52:06 [trackbot]
Date: 20 March 2013
15:52:10 [npdoty]
Zakim, this will be 87225
15:52:11 [Zakim]
ok, npdoty; I see T&S_Track(dnt)12:00PM scheduled to start in 8 minutes
15:52:32 [Yianni]
Yianni has joined #DNT
15:52:35 [eberkower]
Zakim, 6466548941 is eberkower
15:52:37 [Zakim]
sorry, eberkower, I do not recognize a party named '6466548941'
15:52:48 [Marc_]
Marc_ has joined #dnt
15:52:58 [prestia]
prestia has joined #dnt
15:53:05 [efelten]
efelten has joined #dnt
15:53:13 [npdoty]
eberkower, please see:
15:53:59 [eberkower]
Nick, I frequently call from different numbers
15:54:17 [npdoty]
Zakim, who is on the phone?
15:54:17 [Zakim]
T&S_Track(dnt)12:00PM has not yet started, npdoty
15:54:18 [Zakim]
On IRC I see efelten, prestia, Marc_, Yianni, Zakim, RRSAgent, adrianba, robsherman, rigo, npdoty, eberkower, dstark, dsinger, hober, mischat, Walter, wseltzer, tlr, trackbot
15:54:24 [Marc_]
(202) 347-7305 is Marc at NAI
15:54:46 [npdoty]
eberkower, in that case, it would be great to learn the Zakim syntax, which refers just to the last four anonymized letters after you're called in
15:55:03 [prestia]
Zakim, 2023477305 is prestia
15:55:03 [Zakim]
sorry, prestia, I do not recognize a party named '2023477305'
15:55:11 [npdoty]
Zakim, who is on the phone?
15:55:11 [Zakim]
T&S_Track(dnt)12:00PM has not yet started, npdoty
15:55:13 [Zakim]
On IRC I see efelten, prestia, Marc_, Yianni, Zakim, RRSAgent, adrianba, robsherman, rigo, npdoty, eberkower, dstark, dsinger, hober, mischat, Walter, wseltzer, tlr, trackbot
15:55:33 [npdoty]
Zakim, who is on the phone?
15:55:34 [Zakim]
T&S_Track(dnt)12:00PM has not yet started, npdoty
15:55:34 [Zakim]
On IRC I see efelten, prestia, Marc_, Yianni, Zakim, RRSAgent, adrianba, robsherman, rigo, npdoty, eberkower, dstark, dsinger, hober, mischat, Walter, wseltzer, tlr, trackbot
15:55:50 [fielding]
fielding has joined #dnt
15:56:11 [npdoty]
Zakim, who is on the phone?
15:56:11 [Zakim]
T&S_Track(dnt)12:00PM has not yet started, npdoty
15:56:13 [Zakim]
On IRC I see fielding, efelten, prestia, Marc_, Yianni, Zakim, RRSAgent, adrianba, robsherman, rigo, npdoty, eberkower, dstark, dsinger, hober, mischat, Walter, wseltzer, tlr,
15:56:13 [Zakim]
... trackbot
15:56:26 [fielding]
npdoty, can you change the irc topic?
15:57:19 [npdoty]
npdoty has changed the topic to: call today, March 20th
15:57:28 [peterswire]
peterswire has joined #dnt
15:58:07 [npdoty]
Zakim, who is on the phone?
15:58:07 [Zakim]
T&S_Track(dnt)12:00PM has not yet started, npdoty
15:58:08 [Zakim]
On IRC I see peterswire, fielding, efelten, prestia, Marc_, Yianni, Zakim, RRSAgent, adrianba, robsherman, rigo, npdoty, eberkower, dstark, dsinger, hober, mischat, Walter,
15:58:08 [Zakim]
... wseltzer, tlr, trackbot
15:58:11 [fielding]
15:58:17 [npdoty]
chair: peterswire
15:58:20 [dwainberg]
dwainberg has joined #dnt
15:58:39 [peterswire]
rob sherman -- work for you to scribe today?
15:58:51 [Richard_comScore]
Richard_comScore has joined #dnt
15:58:53 [robsherman]
Yes, dialing in now.
15:59:07 [npdoty]
scribenick: robsherman
15:59:20 [npdoty]
Zakim, who is on the phone?
15:59:20 [Zakim]
T&S_Track(dnt)12:00PM has not yet started, npdoty
15:59:22 [Zakim]
On IRC I see Richard_comScore, dwainberg, peterswire, fielding, efelten, prestia, Marc_, Yianni, Zakim, RRSAgent, adrianba, robsherman, rigo, npdoty, eberkower, dstark, dsinger,
15:59:22 [Zakim]
... hober, mischat, Walter, wseltzer, tlr, trackbot
15:59:23 [susanisrael]
susanisrael has joined #dnt
15:59:52 [jchester2]
jchester2 has joined #dnt
16:00:08 [vinay]
vinay has joined #dnt
16:00:08 [sidstamm]
sidstamm has joined #dnt
16:00:24 [Zakim]
16:00:24 [Zakim]
16:00:29 [npdoty]
Zakim, who is on the phone?
16:00:29 [Zakim]
On the phone I see +1.646.654.aaaa, npdoty, +1.202.347.aabb, +1.609.258.aacc, +1.202.587.aadd, dwainberg, Fielding, RichardWeaver, +1.212.896.aaee, SusanIsrael, +1.650.391.aaff,
16:00:29 [Zakim]
... ??P54, [Apple]
16:00:32 [Zakim]
+ +1.917.934.aagg
16:00:34 [Zakim]
16:00:36 [efelten]
Zakim, aacc is me
16:00:37 [Zakim]
+efelten; got it
16:00:38 [jchester2]
zakim, mute me
16:00:38 [robsherman]
zakim, aaff is robsherman
16:00:39 [vinay]
zakim, aagg is vinay
16:00:40 [Zakim]
jchester2 should now be muted
16:00:40 [Zakim]
+robsherman; got it
16:00:40 [Zakim]
+vinay; got it
16:00:45 [Zakim]
16:00:53 [dsinger]
zakim, [apple] has dsinger
16:00:54 [Zakim]
+dsinger; got it
16:00:57 [Zakim]
16:00:59 [sidstamm]
Zakim, Mozilla has sidstamm
16:00:59 [Zakim]
+sidstamm; got it
16:00:59 [prestia]
Zakim, aabb is prestia
16:01:01 [Zakim]
+prestia; got it
16:01:01 [justin]
justin has joined #dnt
16:01:15 [npdoty]
Zakim, aaaa is eberkower
16:01:15 [Zakim]
+eberkower; got it
16:01:27 [schunter]
schunter has joined #dnt
16:01:29 [CraigSpiezle]
CraigSpiezle has joined #dnt
16:01:48 [kj]
kj has joined #dnt
16:01:49 [Zakim]
16:02:33 [robsherman]
npdoty: Update on F2f.
16:02:33 [Ralph]
Ralph has joined #dnt
16:02:37 [peder23263538]
peder23263538 has joined #dnt
16:02:41 [Zakim]
+ +1.647.274.aahh
16:02:43 [schunter]
Zakim, who is on the phone
16:02:43 [Zakim]
I don't understand 'who is on the phone', schunter
16:02:48 [schunter]
Zakim, who is online
16:02:48 [Zakim]
I don't understand 'who is online', schunter
16:02:57 [Zakim]
16:03:10 [robsherman]
… F2F hosted at Apple in Sunnyvale — will send details to the list.
16:03:16 [JC]
JC has joined #DNT
16:03:19 [schunter]
Zakim, ??P54 is schunter
16:03:19 [Zakim]
+schunter; got it
16:03:19 [robsherman]
… 2.5 days starting May 6.
16:03:27 [Zakim]
16:03:31 [Zakim]
+ +31.20.420.aaii
16:03:33 [robsherman]
peterswire: Thanks to Nick and to David Singer.
16:03:38 [Wileys]
Wileys has joined #dnt
16:03:43 [Zakim]
16:04:07 [npdoty]
Zakim, aahh is dstark
16:04:07 [Zakim]
+dstark; got it
16:04:13 [Zakim]
16:04:16 [robsherman]
… Upcoming discussion of UI and user education. This is the subject of some controversy within the group, and I've had some discussions about this.
16:04:18 [Zakim]
16:04:29 [Brooks]
Brooks has joined #dnt
16:04:33 [Zakim]
+ +
16:04:41 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
16:04:51 [kulick]
kulick has joined #dnt
16:04:53 [vincent]
vincent has joined #dnt
16:05:15 [Zakim]
- +1.212.896.aaee
16:05:15 [robsherman]
… Tentative date is 4/10 to do a call on the topic. A variety of people have wanted to raise UI-related issues. The charter says we can't specify particular UI, so the idea is to give people time to consider how to have constructive discussions.
16:05:16 [efelten]
Is this about user interface for UAs only, or for all parties?
16:05:36 [Ralph]
Ralph has left #dnt
16:05:44 [robsherman]
… If you have proposals around UI, please circulate them by the end of March.
16:05:48 [Zakim]
16:05:56 [Zakim]
+ +1.408.836.aakk
16:05:57 [Zakim]
16:06:00 [adrianba]
zakim, [Microsoft.a] is me
16:06:01 [Zakim]
+adrianba; got it
16:06:06 [adrianba]
zakim, mute me
16:06:06 [Zakim]
adrianba should now be muted
16:06:08 [rigo]
zakim, mute me
16:06:08 [Zakim]
Rigo should now be muted
16:06:13 [efelten]
16:06:14 [robsherman]
… Comments or questions on this?
16:06:16 [Zakim]
16:06:26 [robsherman]
ack efelten
16:06:27 [npdoty]
Zakim, who is on the phone?
16:06:27 [peterswire]
16:06:28 [Zakim]
On the phone I see eberkower, npdoty, prestia, efelten, +1.202.587.aadd, dwainberg, Fielding, RichardWeaver, SusanIsrael, robsherman, schunter, [Apple], vinay, jchester2 (muted),
16:06:28 [Zakim]
... Peder_Magee, [Mozilla], Amy_Colando, dstark, Craig_Spiezle, [CDT], +31.20.420.aaii, [Microsoft], Chris_Pedigo, Brooks, +, adrianba (muted), +1.408.836.aakk, Rigo
16:06:28 [Zakim]
... (muted), WileyS
16:06:28 [Zakim]
[Apple] has dsinger
16:06:29 [Zakim]
[Mozilla] has sidstamm
16:06:36 [Zakim]
+ +1.646.666.aall
16:06:37 [Joanne]
Joanne has joined #DNT
16:06:38 [robsherman]
efelten: Is this about UI for UAs only, or about UAs for all parties?
16:06:41 [npdoty]
Zakim, aaii is kathyjoe
16:06:41 [Zakim]
+kathyjoe; got it
16:06:46 [robsherman]
peterswire: What does "all parties" mean?
16:06:48 [vincent]
zakim, aajj si vincent
16:06:49 [Zakim]
16:06:49 [Zakim]
I don't understand 'aajj si vincent', vincent
16:06:52 [robsherman]
efelten: Including server-side UI.
16:06:55 [vincent]
zakim, aajj is vincent
16:06:55 [Zakim]
+vincent; got it
16:06:56 [rigo]
+1 to ed, this is interface for exception mechanism
16:06:59 [Chapell]
Chapell has joined #DNT
16:07:01 [robsherman]
peterswire: No view on this.
16:07:04 [justin]
Same as browser
16:07:20 [dsinger]
I'd like that on the table also; we should decide where the line is generally...
16:07:29 [hwest]
hwest has joined #dnt
16:07:29 [rigo]
I would include unless the browser makers scream :)
16:07:33 [npdoty]
seems like the same (still limited) scope, to me
16:07:34 [robsherman]
… My inclination is that we should include server-side UI as a part of this discussion.
16:07:35 [peterswire]
16:07:43 [justin]
We have previously agreed as a group that prescriptiveness on consent to turn on DNT is tied to consent for exceptions, etc.
16:08:00 [justin]
Same level on prescriptiveness is appropriate.
16:08:29 [robsherman]
… For compliance spec, want to focus on dependencies within the document. People say, "My ability to agree on x depends on resolution of y."
16:09:07 [cOlsen]
cOlsen has joined #dnt
16:09:10 [robsherman]
… My sense from talking to people is that getting people to agree that something is "closed" is an obstacle. People may not have anything more to say on a particular issue "right now" but might want to preserve the ability to object to the inclusion of a particular concept.
16:09:23 [robsherman]
… This level of dependency happens more frequently than other standards.
16:09:42 [Zakim]
16:09:50 [johnsimpson]
johnsimpson has joined #dnt
16:10:13 [npdoty]
Zakim, aadd is probably Yianni
16:10:13 [Zakim]
+Yianni?; got it
16:10:18 [robsherman]
…. For compliance spec only, propose that we use "PENDING REVIEW" to mean "we have a stable text that is more or less settled, no other proposal on the table, would require an affirmative proposal with meaningful support for the issue to be brought back to discussion"
16:10:26 [robsherman]
… Looks like there is nothing PENDING REVIEW right now on Compliance.
16:10:53 [Zakim]
16:11:11 [robsherman]
… The down side of this is that one big benefit in the W3C context is that getting things "CLOSED" helps, and people know what that means.
16:11:27 [peterswire]
16:11:28 [peterswire]
16:11:29 [robsherman]
… But people may be more willing to put issues into the "PENDING REVIEW" parking lot than to "CLOSE" issues with open dependencies.
16:11:33 [fielding]
16:11:39 [robsherman]
… Any objections or lack of clarity on this?
16:11:42 [robsherman]
ack fielding
16:11:51 [robsherman]
fielding: I don't understand the goal of this. If you make "PENDING REVIEW
16:12:11 [robsherman]
… the new CLOSED, then when the editors add text to the Editors Draft, which has not yet been reviewed by the Working Group, what do we call it?
16:12:44 [robsherman]
peterswire: One difference from the current state is that I understand CLOSED as meaning that it takes new information not previously available to the group as a criterion to reopen.
16:12:49 [robsherman]
… Is that correct?
16:13:03 [hefferjr]
hefferjr has joined #dnt
16:13:06 [robsherman]
fielding: Yes, but "new information" could be "new text" if the "new text" is substantially different from the closed text.
16:13:15 [Zakim]
16:13:58 [dsinger]
seems like we'll have pending-review-A (into the draft, people haven't read it, needs flagging in the document) and pending-review-B (we're tentatively OK, flag in the document comes out).
16:14:03 [robsherman]
peterswire: Two reactions. (1) W3C nomenclature for CLOSED is not well understood outside of W3C, and I've heard people be hesitant to allow something to be CLOSED because they will be seen to have signed off on it as an acceptable thing in the standard.
16:14:42 [robsherman]
… Ex: we've been discussing multiple first parties. We may polish the language to the point that it's as polished as it is going to get, but peoples' view on whether to accept it may depend on whether other language that we haven't resolved is included in the spec.
16:14:53 [rigo]
I think chairs can always re-open an issue. "Closed" for me just means you have to convince the chairs to re-open
16:15:18 [robsherman]
… I am seeking some way to avoid this problem. We need language to say, "We understand that what goes in at the end is going to depend on interdependencies."
16:15:36 [dsinger]
we can always open new issues, and we would need to, if the document is no longer consistent...
16:15:41 [robsherman]
fielding: In terms of the list of categories we have for issues, we could configure it and create a new category between PENDING REVIEW and CLOSED.
16:15:42 [johnsimpson]
16:15:55 [fielding]
16:16:08 [robsherman]
peterswire: That would address the concern.
16:16:14 [rigo]
+1 to fielding
16:16:26 [peterswire]
16:16:45 [dsinger]
so, how do we edit <>?
16:16:48 [robsherman]
… I'll amend my suggestion to create a new category. I'll come up to the group by next week with a specific proposal that would avoid "CLOSED" but shows stability.
16:16:55 [fielding]
maybe stable or blocked
16:17:10 [npdoty]
dsinger, fielding, I think it'll be up to me to figure that out :)
16:17:16 [robsherman]
… [reviews agenda]
16:17:22 [fielding]
npdoty, yep
16:17:53 [dsinger]
to npdoty: I have emailed the mighty dino asking him.
16:18:03 [npdoty]
Zakim, who is on the phone?
16:18:03 [Zakim]
On the phone I see eberkower, npdoty, prestia, efelten, Yianni?, dwainberg, Fielding, RichardWeaver, SusanIsrael, robsherman, schunter, [Apple], vinay, jchester2 (muted),
16:18:07 [Zakim]
... Peder_Magee, [Mozilla], Amy_Colando, dstark, Craig_Spiezle, [CDT], kathyjoe, [Microsoft], Chris_Pedigo, Brooks, vincent, adrianba (muted), +1.408.836.aakk, Rigo (muted),
16:18:07 [Zakim]
... WileyS, +1.646.666.aall, hwest, [FTC], johnsimpson, hefferjr
16:18:07 [Zakim]
[Apple] has dsinger
16:18:07 [Zakim]
[Mozilla] has sidstamm
16:18:22 [Chapell]
zakim, aall is chapell
16:18:23 [Zakim]
+chapell; got it
16:18:24 [robsherman]
… So let's first turn to audience measurement. This is a more detailed proposal than we've had before.
16:18:45 [npdoty]
If you're calling from (408), please let us know in IRC, or you may be dropped from the call.
16:18:46 [robsherman]
… Since this came out just before the meeting, this is an initial opportunity to understand the next but we are not seeking to reach a conclusion.
16:18:51 [peterswire]
16:19:19 [jchester2]
can we have link to the text?
16:19:19 [robsherman]
dstark: Since everyone is familiar with the previous version that we'd submitted, comment we'd received is to better distinguish between normative and non-normative.
16:19:45 [robsherman]
… We've added text around the idea that a third party would be subject to an independent certification process.
16:19:52 [Zakim]
16:20:04 [Zakim]
16:20:05 [dsinger]
I assume this is <>?
16:20:07 [justin]
jchester2, link:
16:20:11 [npdoty]
16:20:17 [npdoty]
Zakim, who is making noise?
16:20:19 [jchester2]
16:20:28 [dwainber_]
dwainber_ has joined #dnt
16:20:29 [robsherman]
… Basic requirements: pseudonym, not shared without deidentification, deleted/deidentified as early as possible, in jursidctions where there is an MRC or similar body, cannot retain data longer than 53 weeks.
16:20:29 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: Fielding (5%)
16:21:18 [robsherman]
peterswire: Is independent certification widely used today?
16:21:45 [robsherman]
dstark: MRC exists. At ESOMAR, we're thinking about the fact that market research firms need a transparent way to communicate with users about how we protect data, etc.
16:21:58 [robsherman]
… In the US, we have the DAA program and the AdChoices icon.
16:22:06 [robsherman]
… That's what we're looking toward doing for the market research industry.
16:22:19 [robsherman]
… But because we're just discussing it now, it's hard to get into specifics now.
16:22:32 [jchester2]
I haven't reviewed yet. But question. Will this research be used in any way for the user targeting function, inc. lookalike modeling?
16:22:32 [robsherman]
peterswire: Have large companies previously talked about this publicly, or is this just getting started?
16:22:55 [robsherman]
dstark: Just discussing now. It's hard to get companies to understand the initiative and the need for it, but we're hopeful about a public announcement in a few months.
16:23:15 [robsherman]
peterswire: When you say "de-identified," do you understand that the same way that we're using the term elsewhere in the draft?
16:23:17 [robsherman]
dstark: Yes.
16:23:27 [moneill2]
moneill2 has joined #dnt
16:23:31 [robsherman]
peterswire: We haven't used the term "pseudonymized" in this document before. How would you define this?
16:23:41 [npdoty]
right, we've avoided getting into "pseudonymous" (and more importantly, "anonymous") -- that would require a new definition, yeah?
16:24:02 [johnsimpson]
16:24:09 [robsherman]
dstark: The presentation we had about the German telemedia law made the point that pseudonymized is a waystation between the "identifiable" state and the "de-identified" state.
16:24:10 [justin]
We would certainly need to define "pseudonymous"
16:24:39 [justin]
Something along the lines of "tied to a device but not traditional PII" I think is what they're going for.
16:24:39 [robsherman]
… It's a way for organizations to work with data while it is being aggregated but at the same time minimizing risk of harm to individuals.
16:25:11 [robsherman]
peterswire: That's helpful. When the text says "must be pseudonymized," do you envision that would happen instantaneously? In a short time?
16:25:20 [justin]
The raw data has to be pseudonymous.
16:25:26 [robsherman]
… Do you mean that you can't do any measurement work until you pseudonymize?
16:25:26 [npdoty]
Zakim, aakk may be kulick
16:25:26 [Zakim]
+kulick?; got it
16:25:48 [robsherman]
Richard_comScore: The ID that is assigned to the measurement is pseudonymized before statistical work happens?
16:25:53 [robsherman]
16:25:55 [Zakim]
+ +1.650.365.aamm
16:25:57 [robsherman]
16:26:31 [robsherman]
peterswire: Next question is around the permission to collect, retain, and use data for measurement where it is used to calibrate or otherwise support data from opt-in panels.
16:26:37 [npdoty]
Zakim, aamm may be david_macmillan
16:26:37 [Zakim]
+david_macmillan?; got it
16:26:39 [David_MacMillan]
David_MacMillan has joined #dnt
16:26:45 [kulick]
aakk is kulick... sorry
16:27:02 [robsherman]
… I understand this to mean that, to qualify for the permitted use, this is supplementary to opt-in panels. Basically, the permitted use is broad enough to support opt-in panels but would not be permitted if not connected to opt-in panels.
16:27:11 [efelten]
So you're required to have opt-in panels if you want to take advantage of this exception?
16:27:20 [justin]
efelten, yes
16:27:22 [robsherman]
dstark: Correct. This is a significant change from the previous proposal, which used opt-in panels as an example but did not limit scope.
16:27:28 [peterswire]
16:27:41 [efelten]
You're required to collect more data? About identifiable individuals?
16:28:14 [jchester2]
16:28:18 [jchester2]
zakim, unmute me
16:28:18 [Zakim]
jchester2 should no longer be muted
16:28:33 [robsherman]
peterswire: Could you give us a sense of who participated in the drafting of your text?
16:28:46 [peterswire]
16:29:03 [robsherman]
dstark: WPP, ESOMAR, comScore, Nielsen, plus me.
16:29:15 [npdoty]
q+ to ask about additional opt-out
16:29:23 [robsherman]
ack jchester
16:29:42 [npdoty]
16:29:49 [robsherman]
jchester: Interesting proposal. Glad to see movement on the part of the research industry. I haven't reviewed the text, but can you say whether the data will be used to target individuals?
16:29:52 [justin]
Target no, model yes.
16:29:57 [Zakim]
16:30:05 [peterswire]
16:30:11 [Zakim]
16:30:50 [npdoty]
q+ to ask about additional opt-out
16:31:01 [robsherman]
dstark: When companies commission research, the learnings are applied to a broader population. We haven't historically been about 1:1 targeting. But we're like the census: we aggregate data and report it in demographic buckets.
16:31:41 [robsherman]
… Someone might take the demographic data and say, "We think this is useful information, and we're going to use these findings for future advertising," that's how a company may use research. But the intent is not to collect data from an individual and use the data to market to them directly.
16:32:08 [robsherman]
jchester: I need to look at what ESOMAR is doing, but many members do individual targeting.
16:32:10 [jchester2]
zakim, mute me
16:32:10 [Zakim]
jchester2 should now be muted
16:32:41 [robsherman]
peterswire: "Must not be used for any other independent purpose" is part of the language here. DAA similarly says that data collected "shall not be used for targeting back to individuals" or similar language.
16:32:44 [moneill2]
npdoty, I dont get any reply on the telephone number
16:32:52 [johnsimpson]
16:32:55 [JC]
16:32:57 [robsherman]
… Maybe we could solve Jeff's concern by saying "may not be used for targeting back to individuals."
16:33:06 [robsherman]
dstark: That sounds good.
16:33:23 [peterswire]
16:33:29 [schunter1]
schunter1 has joined #dnt
16:33:29 [rvaneijk]
rvaneijk has joined #dnt
16:33:29 [robsherman]
peterswire: We should consider using the text in the DAA Principles to link into something that DAA members have already agreed to be onboard for.
16:33:32 [robsherman]
ack npdoty
16:33:32 [Zakim]
npdoty, you wanted to ask about additional opt-out
16:34:06 [robsherman]
npdoty: There seems to still be a requirement that, if you use this permitted use, you provide some way for the user to opt out. Why does this distinction matter? Is it necessary?
16:34:28 [Yianni]
DAA language: "Thus, the term “market research” does not include sales, promotional, or marketing activities directed at a specific computer or device."
16:35:02 [robsherman]
dstark: Research firms today do offer an opt-out today. What we're talking about is, on an industry-wide basis, creating a web platform that would provide greater transparency.
16:35:12 [justin]
It wouldn't be indusry wide, it would be industry organzation-wide.
16:35:21 [justin]
16:35:50 [robsherman]
… Problem for industry is that if opt-out rates get high, then we have a significant non-response bias.
16:35:55 [rigo]
16:36:22 [robsherman]
npdoty: If you think it's valuable for opt-out rate to be low, why have one at all?
16:36:31 [peterswire]
16:36:47 [robsherman]
dstark: We think that if we provide a broader platform that educates people about how research works, why it's important, how data will be used, you'd want to have it be an informed decision.
16:36:52 [robsherman]
ack johnsimpson
16:37:10 [robsherman]
johnsimpson: I'm puzzled by this because we thought that DNT was intended to be a persistent opt-out.
16:37:22 [npdoty]
maybe that gets to the user education point; dstark, does that imply that you'd be fine with DNT as an opt-out if users were provided additional context or information?
16:37:30 [Zakim]
16:37:48 [rigo]
I see: DNT works too good as an opt-out, so it wrecks our measurements and calibration. hmmm
16:37:48 [robsherman]
… Under the current proposal, if you have de-identified data, can't you do what's necessary for research?
16:38:04 [robsherman]
dstark: We need raw data to analyze and aggregate data — to make sense of it before we de-identify it.
16:38:13 [dsinger]
but that can be covered under the short-term raw data exception, no?
16:38:27 [npdoty]
dsinger, the request is for the data to be kept for 53 weeks
16:38:37 [rigo]
dsinger: they want 53 weeks, which is not a short period of time :)
16:38:38 [dsinger]
that's not short term, ok
16:38:58 [rigo]
identified in a store to show that the calibration was ok
16:39:03 [Zakim]
16:39:07 [npdoty]
in fact, we've already considered that regarding DAA opt-out cookies
16:39:14 [jchester2]
Not sure that the opt-out as presently designed is effective at all.
16:39:14 [robsherman]
peterswire: How the specific opt-out that already exists interacts with DNT and the permitted use is a new issue. It's possible as discussion goes forward that they might work together in different ways.
16:39:18 [npdoty]
... WileyS provided text on what to do when you have a DNT header and a cookie both
16:39:21 [robsherman]
… Sounds like this question raises some puzzlement.
16:39:23 [robsherman]
ack jc
16:39:24 [peterswire]
16:39:31 [jchester2]
zakim, unmute me
16:39:31 [Zakim]
jchester2 was not muted, jchester2
16:39:42 [moneill2]
zakim, mute me
16:39:42 [Zakim]
sorry, moneill2, I do not know which phone connection belongs to you
16:39:51 [rigo]
rvaneijk: try again
16:39:58 [robsherman]
JC: jchester, if research showed that people searching for beer also liked to buy t-shirts, could we show t-shirt ads to people who search for beer?
16:40:03 [npdoty]
... with the understanding that DNT:1 without an opt-out cookie should act as an opt-out
16:40:10 [robsherman]
jchester: Using market research?
16:40:11 [robsherman]
JC: Yes.
16:40:12 [moneill2]
zakim,Mike0 is me
16:40:12 [Zakim]
sorry, moneill2, I do not recognize a party named 'Mike0'
16:40:24 [Zakim]
+ +31.65.141.aann
16:40:28 [rvaneijk]
Zakim, aann is me
16:40:30 [Zakim]
+rvaneijk; got it
16:40:41 [robsherman]
… If Person A has DNT on and Person B has DNT off.
16:40:59 [peterswire]
16:41:01 [robsherman]
jchester: I would say that if Person A has DNT on then you cannot use information to advertise to Person B, even if Person B has DNT off.
16:41:22 [npdoty]
Zakim, MikeO is moneill2
16:41:22 [Zakim]
+moneill2; got it
16:41:36 [Brooks]
So is the question - can you do a look alike to someone who has DNT:1 on?
16:41:40 [peterswire]
16:41:42 [robsherman]
ack rigo
16:41:42 [jchester2]
zakim, mute me
16:41:43 [Zakim]
jchester2 should now be muted
16:42:27 [johnsimpson]
16:42:29 [robsherman]
rigo: Two points. (1) To dstark, do you suspect that DNT might be too successful for the system to work? You're going for a system that says, "We have a permitted use, but we allow an opt-out." Seems like a logic break.
16:42:39 [moneill2]
zakim, mute me
16:42:39 [Zakim]
moneill2 should now be muted
16:42:46 [robsherman]
… (2) How does market research organize the opt-out or opt-in in the offline world where there's no method for passive monitoring?
16:43:59 [Zakim]
16:44:12 [robsherman]
rigo: You're saying, "By using a permitted use, we don't accept DNT as a valid opt-out mechanism."
16:44:44 [susanisrael]
Note that they are talking about audience measurement, centered around measuring the viewing of specific pieces of content, as opposed to building profiles of individuals and their activities over a period of time
16:44:49 [robsherman]
dstark: This ties in with the browser defaults question. If we have to honor default-on, that alone would substantially undermine the integrity of research.
16:45:00 [justin]
If there was any hard data on any of this, it would be useful to share with the group.
16:45:07 [robsherman]
peterswire: If DNT is <5%, you're less worried. If it turns out to be big, then it's a problem. Right?
16:45:09 [robsherman]
dstark: Yes.
16:45:26 [robsherman]
rigo: So are you saying that if your opt-out system is too successful because it's usable, you would make it less usable?
16:45:36 [peterswire]
16:45:37 [npdoty]
speculatively, what fraction of your users clear cookies or block cookies at some point? doesn't that affect calibration?
16:45:58 [Zakim]
16:46:00 [johnsimpson]
16:46:01 [robsherman]
dstark: If someone visited a platform to exercise choice about market research, they would be able to make an informed choice. But this platform hasn't been built, so it's too early to speculate about how much or little people would use this.
16:46:07 [fielding]
Rigo, don't be argumentative about irrelevant points
16:46:17 [dsinger]
but if your platform were popular as an opt-out, you'd have the same problem.
16:46:52 [Zakim]
16:47:22 [robsherman]
peterswire: To wrap this up, the proposal has a number of new proposals from the industry. There clearly are a lot of questions about this, so we'll be following up on this.
16:48:25 [robsherman]
… Turning back to our previous discussion about CLOSED, PENDING REVIEW, etc., we've been working with the editors to come up with a new comprehensive draft that could be reviewed by the group. Wanted to give people a heads up that this is coming and that we would like to be really clear about status of specific text.
16:48:40 [robsherman]
… Next week, we'll have a presentation for the last 30 minutes of the call on financial auditing.
16:48:49 [npdoty]
Topic: TPE Issues
16:48:55 [susanisrael]
Rigo, I'm not sure why, if DNT is not yet in effect, it is an issue that DNT has not been the way that they have implemented opt out up to now?
16:49:01 [robsherman]
schunter: Peter's email included some issues I'd like to discuss.
16:49:04 [dsinger]
16:49:04 [trackbot]
ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- open
16:49:04 [trackbot]
16:49:20 [adrianba]
16:49:24 [robsherman]
… ISSUE-112. In exception API, we express desire to use wildcards and similar mechanisms to express scope of an exception.
16:49:28 [Yianni]
Zakim, mute me
16:49:28 [Zakim]
Yianni? should now be muted
16:49:40 [Zakim]
16:49:50 [robsherman]
… adrianba said that he could use cookie matching engine. I don't know that we have an action to translate this into proposed text.
16:50:10 [robsherman]
dsinger: We do have ACTION-??? on this.
16:50:11 [dsinger]
16:50:11 [trackbot]
ACTION-355 -- David Singer to propose changes to the spec to reflect our tentative agreement on cookie-like behavior -- due 2013-01-28 -- CLOSED
16:50:11 [trackbot]
16:50:16 [rigo]
susanisrael, I just wanted to know why they fear that DNT will be too successful and why their own system will not be
16:50:16 [robsherman]
16:50:19 [robsherman]
16:50:28 [eberkower]
Is there a problem with the audio
16:50:30 [eberkower]
16:50:58 [robsherman]
dsinger: Reviewing these actions to understand the history. This action shouldn't be CLOSED.
16:51:06 [npdoty]
16:51:15 [npdoty]
adrianba dsinger is that the text to add to the spec?
16:51:18 [robsherman]
schunter: Let's just remind you that we need to put text in the spec.
16:51:21 [adrianba]
16:51:31 [schunter1]
ack adrianba
16:51:33 [robsherman]
dsinger: I'll review this. Does adrianba have input?
16:51:33 [rigo]
susanisrael, because we don't know yet how DNT will develop. So saying DNT will be too successful is a similar speculation than saying the ESOMAR opt-out will be not successful enough
16:51:55 [Zakim]
16:52:14 [robsherman]
adrianba: I don't recall that being a precise action. I think we agreed on what the text should be but I'm happy to take an action to draft some specific text.
16:52:28 [rigo]
+1 to code re-use
16:52:42 [robsherman]
schunter: dsinger and adrianba to discuss this, and adrianba will do a revision.
16:52:43 [npdoty]
action: adrian to propose specific text on cookie-like exceptions
16:52:44 [trackbot]
Created ACTION-385 - Propose specific text on cookie-like exceptions [on Adrian Bateman - due 2013-03-27].
16:53:02 [npdoty]
action-385: this text from dsinger might be relevant:
16:53:02 [trackbot]
Notes added to ACTION-385 Propose specific text on cookie-like exceptions.
16:53:17 [robsherman]
adrianba: Will summarize options and status to the list as a part of this proposal.
16:53:29 [robsherman]
schunter: Don't expect this to be controversial — just debugging the API.
16:53:34 [adrianba]
for example the spec still refers to navigator.doNotTrack
16:53:36 [dsinger]
16:53:38 [schunter1]
16:53:48 [adrianba]
instead of window.doNotTrack
16:53:51 [dsinger]
zakim, who is making noise?
16:53:54 [robsherman]
16:53:54 [trackbot]
ISSUE-163 -- How in the spec should we ensure user agents don't twist a user preference one way or another? -- raised
16:53:54 [trackbot]
16:54:01 [Zakim]
dsinger, listening for 10 seconds I heard sound from the following: eberkower (38%), schunter (97%)
16:54:05 [fielding]
16:54:08 [Zakim]
16:54:19 [dsinger]
16:54:19 [trackbot]
ACTION-366 -- David Singer to draft text on another non-compliant/ignoring the expressed preference (by suggestion of WileyS) -- due 2013-02-20 -- OPEN
16:54:19 [trackbot]
16:54:26 [robsherman]
schunter: During F2F, we discussed ACTION-366. dsinger, can you summarize?
16:54:27 [rigo]
zakim, mute eberkower
16:54:27 [Zakim]
eberkower should now be muted
16:54:31 [fielding]
I don't think we intended to use ! for that -- a new TSV instead
16:54:37 [rigo]
zakim, unmute eberkower
16:54:37 [Zakim]
eberkower should no longer be muted
16:54:48 [rigo]
zakim, who is making noise?
16:54:58 [Zakim]
rigo, listening for 10 seconds I heard sound from the following: schunter (99%)
16:55:00 [npdoty]
I thought fielding intended "!" to be used for "beta" rather than "I refuse"
16:55:11 [robsherman]
dsinger: I suggested that if you're unwilling or unable to listen to a user's preference, use the "!" status to convey that that's happening and provide a link in the well-known resource about what's happening and how the user can correct it.
16:55:14 [amyc]
amyc has joined #dnt
16:55:16 [justin]
Agree with @npdoty --- there are two very different use cases here.
16:55:20 [adrianba]
David's proposal ->
16:55:28 [susanisrael]
Rigo, I understand what you are saying as a going forward principle, but the existing opt-out was in place before the DNT effort began.
16:55:29 [robsherman]
… No idea whether you are compliant under these circumstances.
16:55:31 [Wileys]
@Nick, that is where we started but it is now being suggested to a multi-purpose signal
16:55:42 [Zakim]
16:55:43 [Wileys]
s/to/to be
16:55:45 [johnsimpson]
16:55:53 [schunter1]
16:55:53 [robsherman]
… For example, if you have a court order requiring tracking, you'd be compliant with the standard but would be tracking because you have to comply with your legal obligation.
16:55:56 [npdoty]
ack fielding
16:56:09 [robsherman]
fielding: We weren't proposing "!". David's proposal was "l".
16:56:25 [Wileys]
Roy, could we lump them together or do you feel they should be separate?
16:56:37 [johnsimpson]
16:56:38 [schunter1]
16:56:48 [Wileys]
Roy, nevermind - so a new signal is being requested
16:56:53 [robsherman]
… Do we need to combine them or can we lump them together?
16:56:56 [schunter1]
16:57:05 [schunter1]
ack johnsimpson
16:57:08 [kulick]
kulick has joined #dnt
16:57:13 [rigo]
susanisrael, there were many opt-outs in place long before this effort began. It is one thing to say: "We do not honor DNT and do only our own" and saying "we want an exception in DNT, so we do claim to do DNT, but we don't"
16:57:28 [robsherman]
dsinger: "I'm under construction" is fundamentally different from "I'm not able or willing to listen to your preference." Goal is to promote transparency.
16:57:30 [Zakim]
16:57:34 [npdoty]
16:57:36 [Wileys]
David, I agree - a separate signal is appropriate with a required resource link to explain the situation to the user
16:57:51 [Zakim]
16:57:55 [Wileys]
John, yes.
16:58:05 [robsherman]
johnsimpson: Is this intended to cover a case where the server has decided to disregard a DNT:1 signal for a particular browser? If so, what would happen?
16:58:06 [justin]
That would be up to the user agent.
16:58:13 [fielding]
This is proposed as "L" in
16:58:25 [susanisrael]
rigo, i'm not sure i understand them to be saying that but happy to discuss offline.
16:58:26 [dstark]
Thank you, all, for your questions and input on audience measurement research and ESOMAR's revised text. We appreciate your feedback and will take it into account. Unfortunately, I have to jump off now. Regards, David Stark
16:58:31 [Zakim]
16:58:38 [npdoty]
thanks, dstark!
16:58:41 [rigo]
susan, good idea to discuss that offline
16:58:44 [robsherman]
dsinger: That's one possibility. Browser would notice "not listening," and there would be a mandatory link to a page that explains why. In this example, the page would say, "You're using a UA that I don't feel like I can listen to. If you want your DNT:1 preference to be respected, you should use a different UA."
16:59:03 [schunter1]
16:59:04 [robsherman]
… Not expressing a view on whether that is a good idea. But I am saying that if that is happening there should be transparency about it.
16:59:09 [schunter1]
ack npdoty
16:59:28 [Zakim]
+ +44.772.301.aaoo
16:59:28 [dsinger]
"The conformance of the not-listening response is indeterminate, depending on the reason.
16:59:29 [dsinger]
16:59:43 [phildpearce]
phildpearce has joined #dnt
16:59:44 [robsherman]
npdoty: Do we intend for this to be a "compliant" or "non-compliant" signal? There are some cases — say, legal obligation — where you would be compliant but still retain data in an exceptional way.
17:00:17 [robsherman]
dsinger: I think it's impossible to say whether you're "compliant" under these circumstances because it depends on the specific circumstances.
17:00:18 [schunter1]
17:00:22 [justin]
Many jurisdictions would probably prohibit a transparent signal . . .
17:00:32 [robsherman]
npdoty: We're assuming that "1" and "3" mean "compliant." Does "l" mean the same thing?
17:00:34 [dsinger]
…running away, sorry
17:00:37 [Zakim]
17:00:53 [robsherman]
schunter: "1" and "3" say "compliant and honoring signal." "l" means "did not honor the signal" and does not express a position with regard to compliance.
17:01:02 [dwainber_]
17:01:17 [Marc_]
I honestly don't understand what we mean by "not listening" - disregarding?
17:01:17 [robsherman]
… This is purely a transparency mechanism for the user.
17:01:26 [rvaneijk]
Zakim, aaoo is ChrisPedigoOPA
17:01:26 [Zakim]
+ChrisPedigoOPA; got it
17:01:30 [schunter1]
17:01:35 [schunter1]
ack dw
17:01:37 [kulick]
kulick has joined #dnt
17:01:46 [justin]
L is just "no." I think a site should say "L" if they're required to maintain by a court order (?!), but they could still be technically compliant if they were ordered by govt not to send the signal.
17:02:15 [robsherman]
dwainberg: This seems to be getting really complicated with so many permutations. Could we say that if the server is doing anything other than complying with the spec, they would respond with only a policy link that describes what they are doing or not doing and why?
17:02:17 [schunter1]
17:02:17 [justin]
marc_, right, L is "I'm disregarding the signal."
17:02:26 [Zakim]
17:02:32 [rigo]
17:02:34 [npdoty]
Marc, I believe the suggestion is to indicate to the user when a site isn't complying with the expressed preference
17:02:37 [robsherman]
ack rigo
17:02:50 [fielding]
we could make it a "D" instead ;-)
17:03:08 [npdoty]
to dwainberg's point, do we need it to be distinct from "!", even if conceptually they're different?
17:03:14 [robsherman]
rigo: I think this signal is needed because you could have multiple valid reasons, and we can either be transparent about this or not tell the user. I prefer to be transparent.
17:03:16 [dsinger__]
dsinger__ has joined #dnt
17:03:27 [npdoty]
or if there are cases where it makes a difference to the user/user agent, then we should keep them separate
17:03:40 [robsherman]
… I think the explanation should be optional. If we make it mandatory then we create a new URI for more legal text.
17:03:46 [Marc_]
Is this different than "I do not honor DNT:1"?
17:03:47 [schunter1]
17:04:08 [justin]
Marc_, it's a way to message that on a granular basis.
17:04:15 [npdoty]
Marc_, I think it does imply "I do not honor this DNT:1"
17:04:21 [robsherman]
schunter: My sense is that most people are okay with this signal, even if it can be used to reject certain UAs.
17:04:28 [fielding]
17:04:36 [dsinger__]
I am not listening and won't tell you why?
17:04:40 [schunter1]
17:04:40 [Marc_]
This is optional or required? It's a "may?"
17:05:05 [robsherman]
fielding: I suggest "D" for "disregard" rather than "L" for "not listening" because it's a weird double negative.
17:05:11 [dsinger__]
IF you ignore me you MUST tell me so and why...
17:05:14 [schunter1]
17:05:17 [robsherman]
schunter: Agree.
17:05:20 [justin]
marc_, it's mandatory if you're disregarding a signal
17:05:23 [fielding]
17:05:31 [johnsimpson]
D makes sense. Do we still have the "!"
17:05:32 [fielding]
17:05:37 [robsherman]
… Can fielding add text on this to the spec?
17:05:42 [justin]
Indifferent on whether explanation should be required.
17:05:52 [robsherman]
17:05:52 [trackbot]
ISSUE-137 -- Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) -- pending review
17:05:52 [trackbot]
17:05:53 [npdoty]
well, if you're replying with D/L, you're already non-compliant, right? so additional requirements may not mean much
17:06:06 [npdoty]
for example, you could just reply with no Tk: header
17:06:12 [robsherman]
schunter: On ISSUE-137, we've had a longstanding disagreement about whether or not we need a "service provider" singal.
17:06:23 [robsherman]
… David has suggested that this is no longer relevant.
17:06:38 [Zakim]
17:06:39 [dsinger__]
Compliant to compliance spec and conformant to protocol are different
17:06:47 [npdoty]
action: fielding to add disregard/"D" response value to TPE draft
17:06:47 [trackbot]
Created ACTION-386 - Add disregard/"D" response value to TPE draft [on Roy Fielding - due 2013-03-27].
17:06:54 [robsherman]
dsinger: I read the text and did not have a concern.
17:06:58 [justin]
@npdoty, a site could maintain that they are compliant because the signal did not reflect user intent. However, this signal is necessary for accountability and transparency.
17:07:25 [robsherman]
… We can eliminate the "service provider" flag. It's addressed in what's currently called the "first party array" but would be changed to "data controller array."
17:07:46 [robsherman]
schunter: Any contrary views?
17:07:50 [efelten]
I think the people with the strongest feelings in favor of transparency here are not on the call.
17:07:51 [dsinger__]
My only question on 137 is whether we need the examples somewhere?
17:08:04 [npdoty]
justin, I don't think they're compliant in any case when they're not responding to DNT:1
17:08:10 [robsherman]
… aleecia was a proponent of having a service provider flag.
17:08:42 [dsinger__]
She had this text for review before the group did
17:08:44 [justin]
@npdoty, It's an open question in the text.
17:08:55 [johnsimpson]
Where is the text now?
17:09:05 [fielding]
My point was that a single letter "s" doesn't add transparency in any meaningful way, whereas the solution in TPE does.
17:09:16 [robsherman]
17:09:16 [trackbot]
ISSUE-164 -- To what extent should the "same-party" attribute of tracking status resource be required -- open
17:09:16 [trackbot]
17:09:24 [dsinger__]
My email confirms Roy.
17:09:27 [robsherman]
schunter: Rigo proposed text.
17:09:54 [npdoty]
action: aleecia to review David Singer's most recent suggestion on service provider flag to see if it addresses the concern (with jmayer?)
17:09:54 [trackbot]
Created ACTION-387 - Review David Singer's most recent suggestion on service provider flag to see if it addresses the concern (with jmayer?) [on Aleecia McDonald - due 2013-03-27].
17:09:56 [robsherman]
… You explained why "should" is the right approach for the same-party attribute.
17:09:59 [npdoty]
Zakim, who is making noise?
17:10:11 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: Fielding (9%), Rigo (60%)
17:10:14 [Zakim]
17:10:21 [schunter]
schunter has joined #dnt
17:10:29 [schunter]
17:10:35 [rigo]
17:10:35 [trackbot]
ACTION-258 -- Rigo Wenning to propose 'should' for same-party and why -- due 2012-12-12 -- CLOSED
17:10:35 [trackbot]
17:10:36 [johnsimpson]
17:10:39 [schunter]
17:10:53 [dsinger__]
dsinger__ has joined #dnt
17:10:58 [rigo]
17:10:59 [hefferjr]
Zakim, mute me
17:10:59 [Zakim]
hefferjr should now be muted
17:11:12 [robsherman]
rigo: [reads proposed text]
17:11:33 [robsherman]
… The only difference is changing "may" into "should."
17:11:38 [schunter]
17:12:02 [robsherman]
… You don't have to declare same-party, but if you don't then the first party is the only one that can claim first-party status.
17:12:21 [fielding]
I am opposed to making it a SHOULD because it is not required for interop and would be a burden on implementors when there is no actual usage in practice. If it turns out to be useful (browsers are coded to use the array for verification), then that alone is sufficient to encourage sites to provide the array.
17:12:33 [npdoty]
"optional" and "should" are incompatible terms, aren't they? (or does "should" correctly note that the member is not "mandatory" and therefore "optional"?)
17:12:45 [Zakim]
17:12:48 [Zakim]
17:13:29 [schunter]
17:14:03 [schunter]
17:14:04 [adrianba]
17:14:06 [robsherman]
… adrianba says there is no plan to implement this. Tricky to propose wording that may not be implemented. One compromise is to remain with the old text and add non-normative text encouraging browsers to consider other parties as third parties unless they're in the first-party element.
17:14:07 [Zakim]
17:14:11 [robsherman]
17:14:36 [robsherman]
schunter: One alternative is to require parties to express whether they are following first or third party obligations.
17:15:00 [robsherman]
… By having same-party attribute, you can identify other elements that belong to you, which will make browsers not suspicious if they see other elements claiming first-party status.
17:15:30 [schunter]
17:15:35 [schunter]
ack adrianba
17:15:36 [robsherman]
ack adrianba
17:15:58 [fielding]
17:16:23 [robsherman]
adrianba: I'm okay with including text to encourage sites to consider providing the information in the well-known resource. I don't think a requirement to encourage browsers do anything. Everyday-use browsers won't be making any judgment about this.
17:16:47 [rigo]
17:16:49 [robsherman]
… Ultimately, this information will be used for research, some form of auditing, so up to site owners to make a judgment about whether consequences of including or not including the information justifies the cost.
17:17:03 [robsherman]
… So I am okay with text talking about the value of including the information, just not a requirement that people do it.
17:17:15 [schunter]
17:17:24 [schunter]
ack fi
17:17:56 [robsherman]
fielding: Same comment as adrianba on the server side. If this is a useful resource, servers will provide the information. It isn't necessary for interoperability so we shouldn't make it a "should."
17:18:10 [robsherman]
… My experience is that nobody will be using an actively verifying browser.
17:18:10 [schunter]
17:18:16 [schunter]
ack ri
17:18:22 [robsherman]
… I'd like to minimize the burden of complying with something that will never actually be deployed.
17:18:40 [robsherman]
rigo: Interesting. If nobody is implementing the tracking status, that undermines legal foundation of DNT.
17:18:46 [adrianba]
17:19:09 [robsherman]
… Why have the tracking status resource in the first place if nobody is interested?
17:19:20 [adrianba]
17:19:25 [adrianba]
+1 to what roy said
17:19:40 [robsherman]
fielding: I brought that up originally. Maybe only one person uses a verifying browser, and it's useful to that person. But I don't think normal people will use this.
17:20:01 [schunter]
17:20:43 [robsherman]
rigo: So it is clear to me that if the browser isn't verifying anything, then it is not better than browsers that just spawn DNT:1 headers. It's not a communication mechanism in that case. Why can you ignore default DNT? If it disregards status, then it will only react with exceptions, which turns into a normal cookie store.
17:21:12 [robsherman]
fielding: This isn't about whether the communications happen, or whether the server makes a commitment. This is just about what additional information server may, should, or will provide to satisfy a verifying browser that may never exist.
17:21:40 [robsherman]
… If we require that the server provide information that is only ever used by a regulator, we are creating a huge cost for something a regulator would be able to determine on their own, without an additional protocol.
17:21:50 [tlr]
My recommendation: Specify the feature, go experiment with it, and see what happens around LC or CR.
17:21:56 [robsherman]
… If I am wrong about this, and there is a mass-market browser that does verifying, then sites are naturally encouraged to provide more information for that browser.
17:22:24 [npdoty]
I think dsinger has already written the non-normative text expressing some reasons a server may be interested
17:22:24 [robsherman]
… Just because you can use an active verification browser, and because the protocol can support it, does not mean we should burden implementations with fully supporting it.
17:22:56 [robsherman]
rigo: I can provide non-normative text that describes this use case.
17:23:36 [Zakim]
17:23:37 [robsherman]
… If Adrian sends a message saying "I'm the same party" and I consider myself the same party, I could just store an exception.
17:23:43 [johnsimpson]
17:23:49 [fielding]
Yes, I was responding to the agenda item … I have not seen the non-normative text yet so I would expect that might be okay if it is clear that active verification is not required of browsers.
17:23:50 [robsherman]
… This is totally different from that.
17:24:00 [adrianba]
the exception API requires to be done at the point of consent - not when the site feels like it
17:24:08 [robsherman]
… Using exception mechanism to solve same-party problem is not a good idea.
17:24:17 [robsherman]
schunter: Rigo should propose non-normative text on this.
17:24:24 [Zakim]
17:24:37 [fielding]
it makes a good use case
17:25:16 [robsherman]
… Sympathetic to not requiring it. If no browser looks at this field, no consequence to not providing it. If browsers start looking at it, sites will do so because they will have consequences for not.
17:25:19 [robsherman]
… Okay with everyone?
17:25:20 [adrianba]
17:25:44 [npdoty]
action: rigo to draft non-normative text for why it's useful for a server to provide same-party members
17:25:44 [trackbot]
Created ACTION-388 - Draft non-normative text for why it's useful for a server to provide same-party members [on Rigo Wenning - due 2013-03-27].
17:25:50 [robsherman]
… I see potential that user agents and users are confused by the same entity that has multiple independent URLs.
17:25:55 [npdoty]
action-388: you may want to check with dsinger on action-317
17:25:55 [trackbot]
Notes added to ACTION-388 Draft non-normative text for why it's useful for a server to provide same-party members.
17:26:06 [Yianni]
ack yianni
17:26:24 [npdoty]
Topic: Next week
17:26:32 [robsherman]
peterswire: Next week, last half-hour will have a financial auditing presentation.
17:26:33 [johnsimpson]
Can we please recap any details on next F2F?
17:26:52 [robsherman]
… Beyond that, I don't have other details. Pushing to get text finalized by Friday or Monday.
17:26:59 [npdoty]
johnsimpson, I'm sending email to the group today
17:27:09 [johnsimpson]
thanks, Nick
17:27:13 [schunter]
17:27:23 [Zakim]
17:27:35 [npdoty]
17:27:37 [johnsimpson]
Thank you
17:27:40 [Wileys]
Address and hotels coming out soon?
17:27:40 [robsherman]
… [recaps F2F arrangements, to be sent to mailing list today]
17:27:42 [Zakim]
17:27:43 [Zakim]
17:27:44 [Zakim]
17:27:46 [phildpearce]
Suggestion: Could /crossdomain.xml for sharing "same-party" status be used as a parallel example?
17:27:47 [Zakim]
17:27:48 [Zakim]
17:27:49 [Zakim]
17:27:50 [Zakim]
17:27:51 [Zakim]
17:27:51 [phildpearce]
17:27:51 [Zakim]
17:27:52 [Zakim]
17:27:52 [Zakim]
17:27:53 [Zakim]
17:27:53 [Zakim]
17:27:53 [Zakim]
17:27:53 [Zakim]
17:27:53 [Zakim]
17:27:55 [Zakim]
17:27:56 [Zakim]
17:27:57 [Zakim]
17:27:57 [Zakim]
17:28:02 [Zakim]
17:28:03 [Zakim]
17:28:10 [phildpearce]
Question: would browsers running in "Verification/Regulator mode" lead to browsers cloaking? (e.g. different content displayed to "Verification mode" vs normal browser - same as GoogleBot SEO cloaking).
17:28:13 [Zakim]
17:28:17 [Zakim]
17:28:54 [npdoty]
rrsagent, please draft the minutes
17:28:54 [RRSAgent]
I have made the request to generate npdoty
17:28:57 [npdoty]
Zakim, list attendees
17:28:57 [Zakim]
As of this point the attendees have been +1.646.654.aaaa, npdoty, +1.202.347.aabb, +1.609.258.aacc, +1.202.587.aadd, dwainberg, Fielding, RichardWeaver, +1.212.896.aaee,
17:29:00 [Zakim]
... SusanIsrael, +1.650.391.aaff, +1.917.934.aagg, jchester2, efelten, robsherman, vinay, Peder_Magee, dsinger, sidstamm, prestia, eberkower, Amy_Colando, +1.647.274.aahh,
17:29:00 [Zakim]
... Craig_Spiezle, schunter, [CDT], +31.20.420.aaii, [Microsoft], dstark, Chris_Pedigo, Brooks, +, +1.408.836.aakk, Rigo, adrianba, WileyS, +1.646.666.aall,
17:29:04 [johnsimpson]
johnsimpson has left #dnt
17:29:05 [Zakim]
... kathyjoe, hwest, vincent, [FTC], Yianni?, johnsimpson, hefferjr, chapell, kulick?, +1.650.365.aamm, david_macmillan?, +31.65.141.aann, rvaneijk, moneill2, +44.772.301.aaoo,
17:29:05 [Zakim]
... ChrisPedigoOPA
17:29:46 [Zakim]
17:30:53 [Zakim]
17:33:23 [Zakim]
17:36:22 [kulick_]
kulick_ has joined #dnt
18:04:02 [kulick]
kulick has joined #dnt
18:04:34 [Zakim]
T&S_Track(dnt)12:00PM has ended
18:04:36 [Zakim]
Attendees were +1.646.654.aaaa, npdoty, +1.202.347.aabb, +1.609.258.aacc, +1.202.587.aadd, dwainberg, Fielding, RichardWeaver, +1.212.896.aaee, SusanIsrael, +1.650.391.aaff,
18:04:36 [Zakim]
... +1.917.934.aagg, jchester2, efelten, robsherman, vinay, Peder_Magee, dsinger, sidstamm, prestia, eberkower, Amy_Colando, +1.647.274.aahh, Craig_Spiezle, schunter, [CDT],
18:04:40 [Zakim]
... +31.20.420.aaii, [Microsoft], dstark, Chris_Pedigo, Brooks, +, +1.408.836.aakk, Rigo, adrianba, WileyS, +1.646.666.aall, kathyjoe, hwest, vincent, [FTC],
18:04:40 [Zakim]
... Yianni?, johnsimpson, hefferjr, chapell, kulick?, +1.650.365.aamm, david_macmillan?, +31.65.141.aann, rvaneijk, moneill2, +44.772.301.aaoo, ChrisPedigoOPA
18:05:55 [npdoty]
rrsagent, bye
18:05:55 [RRSAgent]
I see 4 open action items saved in :
18:05:55 [RRSAgent]
ACTION: adrian to propose specific text on cookie-like exceptions [1]
18:05:55 [RRSAgent]
recorded in
18:05:55 [RRSAgent]
ACTION: fielding to add disregard/"D" response value to TPE draft [2]
18:05:55 [RRSAgent]
recorded in
18:05:55 [RRSAgent]
ACTION: aleecia to review David Singer's most recent suggestion on service provider flag to see if it addresses the concern (with jmayer?) [3]
18:05:55 [RRSAgent]
recorded in
18:05:55 [RRSAgent]
ACTION: rigo to draft non-normative text for why it's useful for a server to provide same-party members [4]
18:05:55 [RRSAgent]
recorded in
18:06:02 [npdoty]
Zakim, bye
18:06:02 [Zakim]
Zakim has left #dnt