W3C

- DRAFT -

Tracking Protection Working Group teleconference

17 Apr 2013

See also: IRC log

Attendees

Present
+1.646.845.aaaa, +1.609.258.aabb, eberkower, jchester2, Yianni, +44.772.301.aacc, npdoty, +1.404.385.aadd, Fielding, Chris_IAB?, +1.917.934.aaee, JeffWilson, vinay, +1.202.222.aaff, RichardWeaver, phildpearce, dwainberg, schunter, [CDT], sidstamm, adrianba, +33.6.50.34.aagg, [Microsoft], vincent, +1.215.480.aahh, Aleecia, +31.65.141.aaii, rvaneijk, moneill2, +1.202.787.aajj, efelten?, WaltM_Comcast, hefferjr, SusanIsrael, +1.202.347.aakk, Brooks, prestia, +1.650.465.aall, +1.408.836.aamm, Chris_Pedigo, kulick, Rigo, David_MacMillan, Jonathan_Mayer, +49.431.98.aann, ninjamarnau, +1.646.666.aaoo, Chapell, +1.650.365.aapp, johnsimpson, Joanne, [FTC], hwest, +1.415.627.aaqq, laurengelman, peterswire?, +1.303.652.aarr
Regrets
Chair
schunter
Scribe
vincent

Contents


<Chris_IAB> just joined the call via a private number

<phildpearce> philpearce: +44.772.301

<jchester2> I can't do it today, but next week ok

<npdoty> vinay, can you scribe today?

<vinay> i can't scribe today. i need to drop soon

<vinay> (that, and i scribed 3 weeks ago)

sure

<npdoty> scribenick: vincent

schunter: first task is going through working draft and identify change needed before publication
... should be aligned with issue status
... shoudl reflect current state of the discussion
... quickly go through the document

TPE review for working draft

schunter: going chapter by chapter, say stop to go to sub-chapter

<npdoty> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#introduction

<schunter> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html

<kulick> Zakim: aamm is kulick

aleecia: ok with introduction, jsut one question around the first paragraph; not sure the language capture what we're doing
... is IE10 still compliant with DNT, not clear based on the text

<npdoty> I don't think we're asking for consensus on text to publish a Working Draft

<jmayer> +q

schunter: publishing does not mean that we have consensus on all point
... are you ok with publishing it as a WD

aleecia: ok with publishing it as a working draft

<jchester2> +1 Aleecia's points

aleecia: but want to remark that there is no consesnus and should be reflected

<npdoty> I promise to remember that publishing a Working Draft does not mean group consensus

aleecia: would be happy to help on the language, maybe we should add a note telling that there is not a consensu on everything yet
... the rest of it, was quite happy with the introduction

<adrianba> "Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress."

schunter: I changed my mind, it's an important point, if we put a disclamer we won't progress

<Chapell> +1 to Adrian's sentance

schunter: we'd better publish the document and say that when there are still open issues there is no consensus

<npdoty> +1, thanks Adrian

schunter: we put a note saying that there is not a consensus on the paragraph

dwainberg: raised issues with this previouosly, and had to wait until the discussion on the introduction

<npdoty> I don't think it's feasible to indicate every possible concern about every possible sentence depending on every possible outcome of the Working Group

<fielding> I have difficulty adding visual distinctions evry time a single member of the group has a difference of opinion … having issue markers where an issue has been raised is fine.

dwainberg: if we don't create an issue to flag it as open, it will make it harder to come back on it later
... reflect the introduction as needing revision

schunter: other question

<npdoty> in the Compliance document the editors have replaced the Introduction with a note explicitly noting that we'll have to come back to introductions

<npdoty> we also note ISSUE 136 (regarding dependencies) in the TPE introduction

rvaneijk: it will be much cleaner to have an introduciton in the compliance doc and leave it empty in the TPE

jmayer: 1 what the position of the next draft would be, caution on pushing to produce a document, not many consensus since last document

<rvaneijk> my point is not to have an introduction in the TPE due to 1. issue 136, which is about the inter dependencies., 2. Compliance doc deals with what DNT means. (This specification defines the meaning of a Do Not Track (DNT) preference and sets out practices for websites to comply with this preference. )

jmayer: not real change, concerned that people might be misunderstanding what we're adding
... just try to make it clear that all the document might change, from the last paragraph of the introduction to the specifics
... unconfortable puyblishing another working draft

<Chris_IAB> Wow

schunter: I'll go through the doc and would like to find the open issues and find how close we are
... I believe we made good progress with this document, the process is important

<fielding> The last WD was 2 October 2012. We are required to publish every three months.

schunter: I hope we can publish a working draft

<Zakim> npdoty, you wanted to review Status of the Document

npdoty: Working draft is a snapchot of the progress, showing where we are
... does not mean that there is a consensus

<jchester2> We should specify in each section where there is no consensus

npdoty: if people want to highlight where there are concern, would be happy to help with that

<fielding> cvs diff -u -r 1.170 tracking-dnt.html

npdoty: I don't think it is usefull to mention where there is no consensus, would make the document unreadable (did I capture that ?)

<adrianba> http://www.w3.org/2005/10/Process-20051014/groups.html#three-month-rule

adrianba: will echo what npdoty, we have to publish a working draft every 3 months to show tha tthe group is alive
... we should not be afraid about publishing a document
... in many WG, the draft is prpose by the editor without review of the working group

<jchester2> This is a consenus process and the editors must reflect the differences in the group.

schunter: if there is a big issue with a section then it should be mark in the document, no need to look at the consensus in detail
... the introduction need some revision

now discussion section 2

scribe: no concern

<phildpearce> Suggestion/Analogy: Regulators update their privacy policies frequently based on feedback and new information to "fine tune"...thus TPE is likely to be updated based on public feedback: http://www.changedetection.com/log/uk/gov/ico/privacy_statement_log.html

<jmayer> +q

section 3 : determin user preference, concern or open issue about that section

<Chris_IAB> May I suggest that the W3C issue a "status update" document to the world-- at least to those who are following this initiative

<Chris_IAB> that may take some "pressure" off of the working group to publish

<jmayer> The working group shouldn't publish documents just to evade pressure. It should actually make progress.

<npdoty> the protocol is not enabled, even in Europe, when no signal is being sent

<fielding> sent to mailing list 3 minutes ago

aleecia: this section need to be reworked, section reflect what would happen in the US but not in the EU

<Chris_IAB> I disagree that we are not making progress

aleecia: reflect that in different section of the world not sending DNT might have a different meaning

schunter: suggestion is to synchronize it with the compliance spec

<rvaneijk> yes, issue 136 makes sense to apply to section 3 as well

issue-136?

<trackbot> ISSUE-136 -- Resolve dependencies of the TPE on the compliance specification -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/136

<npdoty> note: regarding section 3, note possible inconsistency with the compliance spec regarding enabled/not-enabled and europe

<rvaneijk> Issue 136 also applies to section 1, ergo it is better to move the introduction as a whole to the compliance doc.

<Chris_IAB> wow, dial-up!

<JC> I hear nothing

<sidstamm> augh

<peterswire> is anyone hearing anything?

<sidstamm> I am

<hefferjr> silence

<sidstamm> okay, it gave up

<Chris_IAB> that sound is a UA that doesn't have a good UI :)

<fielding> hmm … we're back

schunter: in Section, I'm gonna mark issue 136
... anything else on section 3?

<BillScannell> Our robot overlords have completed the sending of their orders.

jmayer: don't like the mode of conversation

<fielding> I have no posted issues on this section. As such, there are no objections.

jmayer: I don't think we've made progress on section 3
... on the specific of the section, I would not be in favor of publishing a working draft without a warning

<laurengelman> thanks nick!

jmayer: last working draft we saw comanies taking action based on what was on the text

<fielding> There are no changes to this section in over a year, IIRC.

<Chapell> +1 to Jonathan's general concern. However, I'm not sure how to address? Any suggestions?

jmayer: I would want to see a very clear disclamer so there can not be misunderstading about consensus

<fielding> There are no open issues on this section.

<npdoty> we can highlight document-wide that there is not general agreement. are there existing specific issues regarding this section? (as Roy noted, we closed issues on this section.)

schunter: it's a working draft and I'd like to understand what are the concern, we have agreement that DNT should reflect user preference

<rigo> how can browser be compliant with something that isn't even a working draft?

<npdoty> we don't generally include implementation tests for all major browsers in public working drafts

<adrianba> this is a question about objections to publish a WD knowing that it is a work in progress - we already published this text as a WD - we know it isn't done but that shouldn't prevent publishing

rigo: we're are here to define a target implementation

aleecia: reading the text I'd think that IE 10 is compliant

<rigo> +1 to try for better text

<npdoty> +1 that better text is a good general goal

aleecia: having a lot of ambiguity such as that people in the group disagree in the meaning, that's not ok

<jmayer> It sounds like Aleecia and I are on the same page: we do not have agreement on how this current text about user agent DNT choice applies to the major browsers currently in use.

<rvaneijk> Matthias, I want to comment, we are not ready to move on yet

<rvaneijk> Matthias, I want to comment, we are not ready to move on yet

schunter: text is too vague, let take a not and move on

<johnsimpson> has it gone dead?

<hefferjr> silence

<johnsimpson> ?

<hefferjr> back, kind of?

johnsimpson: there was a lot of discussion about wether or not a UA should propose 3 choices

<fielding> john is referring to third para of sec 3

johnsimpson: I recall a formal objection to that standard and that making it's way through the W3C process and that should be noted in the document

Roy: formal objections are noted at the end

<johnsimpson> hearing only the xa trying to call

<fielding> bummer

<johnsimpson> is anyone speaking?

<Chris_IAB> that was fun

<fielding> weird

<npdoty> sorry, fielding, it seemed like that noise was coming from your line

<fielding> yep, I am unable to even hang up

hefferjr: we can't say we're compliant witht he spec if the spec does not say what compliance is

<schunter> rvaneijk

rvaneijk: any lanaguage about the compliance shouldgo to the compliance document, for instance the discussion about the default

<rigo> +1 to rvaneijk

<npdoty> should in general we have a pointer from this section to the corresponding Compliance section?

schunter: let's have a look on section 4, more technical

<rigo> I think we should shift the text to reflect UA interface requirements

schunter: has been stable for a long time

<npdoty> fielding, do we still need this note about cookie behavior?

schunter: javascript API has been revised

no comment on section 4?

<fielding> diff is now at http://lists.w3.org/Archives/Public/public-tracking/2013Apr/0157.html

npdoty: do we still need this comment on cookie behjavior?

fielding: David added that so ask him

<npdoty> dsinger not on the call today, unfortunately, I'll follow up via email

rigo: wether you can claim that a browser return DNT MUST accept third party cookies

the next section is section 5

rigo: wether you can claim that a browser return DNT:0 (not just DNT) MUST accept third party cookies

schunter: are there issue that are not properly highlighted?

rigo: what we are lacking is a that we can not communicate that a first party accept to be subject to the DNT:1 restriction that also apply to 3rd party, it is something that is needed in EU context

<dwainberg> Matthias -- just the issue I raised on the mailing list, and that you referenced earlier on the call: the "N" flag.

rigo: allow DPA to say if you collect data for this specific use you're fine, but if you want to collect more data, you need to receive DNT:0

schunter: I disagree

<npdoty> I'm not sure I understood rigo
...: anybody can send the '3' signal, even a first party

<npdoty> although "designed for use within a third-party context" would be inaccurate if it were a first-party context that was conforming to third-party requirements

rigo: if yoou send this, the message is ambiguous, one can send 3 because it beleives it is in the 3rd party context

<moneill2> +q

<fielding> "A tracking status value of 3 means that the origin server claims that the designated resource is designed for use within a third-party context and conforms to the requirements on a third party."

schunter: resource can not tell if it is loaded in a first or third party context

<npdoty> fielding, re:*and* -- does that mean a first-party can't use it?

schunter: you can not say anything about who was loaded in what context

<johnsimpson> ?

<fielding> npdoty, no -- it says the resource complies with the third-party requirements in Compliance

npdoty: follow up on dwainberg question, how should we be noting the issue there?

sissue-119?

<npdoty> note: add issue 119 to 5.2.1 tracking status value regarding "N"/none

hef: we also have issue 155 and 162

<npdoty> issue-152?

<trackbot> ISSUE-152 -- User Agent Compliance: feedback for out-of-band consent -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/152

<npdoty> issue-195?

<trackbot> ISSUE-195 -- Flows and signals for handling out of band consent -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/195

hef: issue 195 and 152

<npdoty> I actually think it's just 195

rvaneijk: I'd liek to echo some of rigo comment, paragraph 5.1 would be a nice place to say that this can be used at a consitent consent mechanism
... add a comment to 5.1 to echoesRigo comment: if DNT is going to play as a consent mechanism in the EU it should be mentioned explicitely

<fielding> This section is not a consent mechanism. Maybe 6?

<npdoty> rvaneijk, do you want to take an action to propose additional text?

rvaneijk: DNT is going to be a consent mechanism or a mechanism that is going to limit use

<npdoty> rvaneijk, do you want to take an action to propose additional text?

schunter: that's a good note, saying that the technology can be used to collect consent for exception

<npdoty> although I don't think this is necessary for publishing a snapshot Working Draft, I agree with the question about the third party language

moneill: just to echo what rigo said about first party responding as 3rd parties

fielding: these comments have no connection with changes on the draft or any connection to discussion in the mailing list

<justin> What fielding is saying.

fielding: if you have text changes that you want in the document, send the text to the mailing list even if it has been discussed on the phone

schunter: fully agree with fielding, if you made a comment send it to the list after the call
... moving to seciton 6, user granted exception
... in the new model, the site is responsible to collect user granted exception, and if it is certain that it get the consent, it can register the consent in the browser
... we still have to define the requirement for sites that are necessary in order to register the exception
... also fine tuning the API based on adrianba implementation experience

npdoty: could we clarify the section, remove the long option box, move the issue at the top

<adrianba> i was going to say what nick said

<jchester2> have to go to a meeting, apologies

<npdoty> I'll follow up with David or make that change myself

schunter: ok to remove the option box, in the doc issue 187 is noted as open but it is not

moneill2: question about the sub-domains, people may not realize that consent can be applied to sub-domains of a main domain
... does not solve the issue of multiple domains owned by a same data controler

<npdoty> I think per moneill2, we need to update the reference to ISSUE-112 and note the use of cookie-like rules for sub-domains as currently used in the text

<npdoty> note: update reference to issue 112 regarding subdomains and cookie rules

schunter: we completed the pass through the document, I'll do the update and depending on how the compliance document is doing we may decide to publsih another document

peterswire: I have different comemnts to make before moving to the compliance spec
... about the f2f, the meeting will begin mid-day on monday until wendseday mid afternoon

a lot of time gonna be on the compliance spec

<npdoty> f2f registration, by the way: https://www.w3.org/2002/09/wbs/49311/tpwgca2013/

scribe: offiline disucssion on financial reporting, might be either to get agreement that we had expect
... we'll have language by alan on education
... today we have a discussion on non interactive user agent

peterswire: how to proceed with the compliance spec, we recognize the issues as important
... we're trying to get to stable text
... it is important that we emerge froim the f2f of a good architecture of what the compliance spec will look like
... many of the issue of how far the document will go on the privacy side and on the 3rd party & advertiser side
... my own effort has been to play the mediator role, we're reaching a decision point
... I encourage any of you to discuss to try to find a compromise on some packages
... if we don't achieve that; then there are 2 or 3 ways the process can go
... one solution is that we'll have a compliance with the privacy side
... antoher solution is that DNT will be similar to the DAA principle
... the third solution is to have a compromise, to have support from different parts of the group
... I'm inviting you to do is to think what's an overall package we should have
... we might have some choices that are harsher that what we expect

<npdoty> ... think about what real privacy / user choices changes a proposal would made

<npdoty> ... think about what's likely to get real adoption from a critical mass

peterswire: I recognize how hard it is and that it might be hard to put a package together
... think about what an overall approach would be that could get adoption from the working group

rvaneijk: first, I appraciate the effort, my first reaction is that the two positions are two far appart
... the standard is more likely to go in one extrem direction or in the other
... I really think the two positions are too far apprt

peterswire: antoher outcome would be it's a no go in general
... I encourage you to think what the best way to build on the work that have been done so far
... one of the reason we should have a consensus is that we should avoid the arm race
... it'll result in an internet that is not useful for the user and not good for the industry (cookie mechanism broken)
... I want to chalenge you all about how far can you go on the issues, be ready to make choice when you get to that meeting

<justin> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html

Compliance draft

peterswire: justin any keypoint you'd liek to highlight

justin: not a lot of change since the barebon doc
... did not have much agreement since the boston meeting

<npdoty> we're down to single text on first parties and multiple first parties

justin: I tried to put things as option (for instance audience measurement)

<npdoty> ... put together a provisional definition of "tracking" in Section 2

thanks npdoty

<rigo> vincent, just note that Justin presents the changes

<npdoty> ... based on some conversations from Boston

justin: present changes in the compliance document

<fielding> Defining the term "tracking" is a charter requirement.

<aleecia> (sorry about today - we had another death on the tracks, which made the commute more insane than normal)

<aleecia> Roy - I'm *really* close to being able to live with Justin's text, and I think you can live with the changes I'd make.

peterswire: question to schunter, should we publish both docs at the same time, one way to go is that schunter make a pass based on today's comment and justin update the compliance doc based on email discussion

schunter: we can wait for the compliance spec to make a joint publication

<johnsimpson> aleecia, what definition would you propose?

TPE issues

schunter: I pointed 2 or 3 issues, e.g. what would be the tracking signal be

<npdoty> review those issues via email, to be discussed on a later call

schunter: people should have a look on the agenda and be prepared to discuss those issues next week

<aleecia> What I'd do is take the multi-party aspect out of the defn (strike one word) and then move to a second sentence, "While first parties can and do track users, other than (x-ref to sending a response, data append with section number, anything else, possibly the null set depending on what we do) first parties

<aleecia> right, to the mailing list

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.137 (CVS log)
$Date: 2013-04-17 18:58:42 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.137  of Date: 2012/09/20 20:19:01  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/xxx/rvaneijk/
Succeeded: s/xxx/hefferjr/
Succeeded: s/Rob/rvaneijk/
Succeeded: s/good not/good note/
Found ScribeNick: vincent
Inferring Scribes: vincent
Default Present: +1.646.845.aaaa, +1.609.258.aabb, eberkower, jchester2, Yianni, +44.772.301.aacc, npdoty, +1.404.385.aadd, Fielding, Chris_IAB?, +1.917.934.aaee, JeffWilson, vinay, +1.202.222.aaff, RichardWeaver, phildpearce, dwainberg, schunter, [CDT], sidstamm, adrianba, +33.6.50.34.aagg, [Microsoft], vincent, +1.215.480.aahh, Aleecia, +31.65.141.aaii, rvaneijk, moneill2, +1.202.787.aajj, efelten?, WaltM_Comcast, hefferjr, SusanIsrael, +1.202.347.aakk, Brooks, prestia, +1.650.465.aall, +1.408.836.aamm, Chris_Pedigo, kulick, Rigo, David_MacMillan, Jonathan_Mayer, +49.431.98.aann, ninjamarnau, +1.646.666.aaoo, Chapell, +1.650.365.aapp, johnsimpson, Joanne, [FTC], hwest, +1.415.627.aaqq, laurengelman, peterswire?, +1.303.652.aarr
Present: +1.646.845.aaaa +1.609.258.aabb eberkower jchester2 Yianni +44.772.301.aacc npdoty +1.404.385.aadd Fielding Chris_IAB? +1.917.934.aaee JeffWilson vinay +1.202.222.aaff RichardWeaver phildpearce dwainberg schunter [CDT] sidstamm adrianba +33.6.50.34.aagg [Microsoft] vincent +1.215.480.aahh Aleecia +31.65.141.aaii rvaneijk moneill2 +1.202.787.aajj efelten? WaltM_Comcast hefferjr SusanIsrael +1.202.347.aakk Brooks prestia +1.650.465.aall +1.408.836.aamm Chris_Pedigo kulick Rigo David_MacMillan Jonathan_Mayer +49.431.98.aann ninjamarnau +1.646.666.aaoo Chapell +1.650.365.aapp johnsimpson Joanne [FTC] hwest +1.415.627.aaqq laurengelman peterswire? +1.303.652.aarr
Got date from IRC log name: 17 Apr 2013
Guessing minutes URL: http://www.w3.org/2013/04/17-dnt-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]