IRC log of dnt on 2013-05-07

Timestamps are in UTC.

00:00:05 [aleecia]
... offer to make the same neutral language
00:00:20 [aleecia]
Peter: additional opt out to audience measurement?
00:00:25 [peterswire]
q?
00:00:30 [rigo]
rigo has joined #dnt
00:00:39 [aleecia]
?: but we'd have audience measurement as a permitted use, this is moot. No opt out.
00:00:48 [npdoty]
s/?:/RichardW:/
00:01:17 [aleecia]
John: appreciate what David described as a neutral place, but very concerned about prescriptive attempt to dictate exact language in the UI
00:01:20 [BerinSzoka]
+Q
00:01:23 [jmayer]
Justin, does the framework allow browsers to turn to countermeasures if their DNT: 1 is ignored?
00:01:28 [npdoty]
ack johnsimpson
00:01:32 [Chapell]
q+
00:01:33 [aleecia]
... troubling from competitive point of view, potential anti-trust issues
00:01:42 [aleecia]
... if DAA says you all must do this, that's troubling
00:02:00 [aleecia]
Stu: should be clear, DAA isn't dictating what standard browsers follow. Just what the DAA would enforce against.
00:02:06 [justin]
jmayer, I don't believe the framework addresses that either way.
00:02:07 [aleecia]
... browsers can determine what they do
00:02:08 [afowler]
q+
00:02:34 [aleecia]
... hope it would be consistent. Competitive concerns in many areas, not just here.
00:02:47 [aleecia]
peterswire: I teach anti-trust.
00:03:40 [aleecia]
... My own view is with history of standards and anti-trust, and more generally, felt satisfied we were in a comfortable place
00:04:13 [aleecia]
... overall increase in user choice and higher equilibrium overall, this may be the highest and best answer for consumers
00:04:34 [aleecia]
... complexity there, but have spent a little time on this, personal view without research
00:04:38 [johnsimpson]
q?
00:04:39 [peterswire]
q?
00:04:50 [aleecia]
dsinger: guidelines about capability rather than design
00:05:18 [aleecia]
... capable of informing the user. Don't get into check mark or being prescriptive. Leave room for innovation here and compete
00:05:29 [npdoty]
maybe there's agreement on this separation: the standard would define what it means to comply with an expressed signal; sites can choose when to comply with a signal or when to disregard; DAA's self-regulatory program would bring enforcement on complying with signals at least under these set of conditions
00:05:36 [aleecia]
... Not too worried from document from the DAA
00:05:42 [aleecia]
John: document sounds fine
00:05:54 [npdoty]
ack BerinSzoka
00:05:58 [aleecia]
dsinger: every browser will get prickly if you start telling us how to design our products
00:05:58 [rvaneijk]
rvaneijk has joined #dnt
00:06:13 [aleecia]
Berin: Peter's ship and dock analogy.
00:06:35 [aleecia]
... dock owners saying "hold on, you can't tell us we need security" but of course you can.
00:06:46 [Chapell]
q-
00:06:47 [peterswire]
q?
00:06:55 [aleecia]
... the ship owners can say to the dock owners "you need a gate" so people don't free ride with a ship full of free goods
00:07:16 [aleecia]
... this happens all the time in standards. Not unreasonable or anti-trust, saying otherwise is a distraction.
00:07:22 [aleecia]
... we're here to cut a deal.
00:07:27 [Chapell]
removed myself from que -- as it seems like both Berin and DavidSinger are in favor of guidelines
00:07:29 [aleecia]
... there won't be a deal without this language.
00:07:44 [aleecia]
... this should not be about free riding, needs to work for both parties.
00:07:59 [aleecia]
... John or browsers, if you think otherwise, I'd like to here it _now_
00:08:13 [tlr]
s/here it/hear it/
00:08:31 [aleecia]
Peter: there would need to be discussion around details
00:08:37 [aleecia]
(yeesh, thank you thomas)
00:08:43 [rigo]
q?
00:08:47 [justin]
We've already agreed that we're not going to put rules on the ships' user interface . . .
00:08:54 [peterswire]
q?
00:08:59 [npdoty]
ack afowler
00:09:04 [rigo]
q+
00:09:30 [aleecia]
Alex: more color about why browsers started talking a few months ago. Not a good situation if every browser tells a different story. Many users have multiple browsers, IE and work and another at home
00:09:36 [Thomas_Schauf]
q+
00:09:57 [npdoty]
maybe like using a common RSS icon for discovery of RSS feeds
00:10:06 [adrianba]
q+
00:10:08 [aleecia]
... from UX perspective, need some consistency. We could do something constructive by providing commonality, where it's located in the browser, very practical reasons to make this neutral
00:10:12 [aleecia]
... we're already there
00:10:32 [Chapell]
q+
00:10:33 [aleecia]
... believe this is the right direction to go. We could go into crazy by being too prescriptive, but don't think that's where we're headed
00:10:36 [npdoty]
ack rigo
00:10:57 [aleecia]
Rigo: same lines, standard setting has remedies to many problems in horizontal agreements
00:11:18 [aleecia]
... be careful not to be prescriptive, mobile, internet of things, require innovative UIs
00:11:22 [peterswire]
q?
00:11:44 [aleecia]
... but in P3P 1.1, as we learn how to use it, we expect a certain reaction from software, get into a loop and that's a good thing (iterative and learning?)
00:12:02 [aleecia]
... don't want to get into do you want DNT? yes, are you sure, yes, are you really really sure, yes - not what we want
00:12:07 [npdoty]
ack Thomas_Schauf
00:12:40 [aleecia]
thomas?: if browser settings only deal with outset, don't need to be detailed
00:12:53 [aleecia]
... DNT at onset, then how to react to DNT unset is given
00:13:01 [tlr]
s/thomas?/thomasSchauf/
00:13:06 [aleecia]
... have permitted use, non-permitted use, or legal requirements
00:13:15 [rvaneijk]
s/outset/unset/
00:13:21 [rvaneijk]
s/onset/unset/
00:13:27 [aleecia]
... in the details, how to move on if we have DNT unset
00:13:34 [npdoty]
I'm confused, I thought our specs didn't speak to how recipients to handle DNT unset
00:13:48 [aleecia]
... if users take the choice can say yes or no, can deal with audience data
00:13:55 [aleecia]
can someone else help here?
00:13:57 [npdoty]
... though maybe a global considerations document could help you understand your different legal requirements
00:14:08 [aleecia]
thank you -
00:14:09 [johnsimpson]
q?
00:14:09 [susanisrael]
npdoty, i am confused too
00:14:18 [aleecia]
adrian: echo Alex,
00:14:20 [susanisrael]
aleecia, I will scribe if you need to be spelled
00:14:34 [aleecia]
... consistency is good, problematic where too prescriptive
00:14:35 [npdoty]
Thomas_Schauf, can you clarify here in IRC? susanisrael and I are a little confused about DNT unset -- don't we not have requirements in that case?
00:14:43 [npdoty]
ack adrianba
00:14:48 [aleecia]
... if exactly what the words must be is too much
00:14:57 [aleecia]
... crosses the line
00:15:03 [adrianba]
q+ hober
00:15:07 [susanisrael]
aleecia, was that what you were asking? for new scribe?
00:15:10 [Wileys]
Sounds like we're all in agreement - next issue?
00:15:13 [aleecia]
Stu: maybe just have these three concepts
00:15:21 [aleecia]
susan, i'm ok, just wasn't getting Thomas well
00:15:22 [peterswire]
q?
00:15:24 [aleecia]
thanks though
00:15:42 [npdoty]
+1, sounds like we have agreement, action item for normative text?
00:15:43 [aleecia]
sorry for typos
00:16:04 [Thomas_Schauf]
Firstly, DNT=unset is the default. So also browser manufactures should respect this default. So we need a clear language on the question: What happens if DNT signal is unset
00:16:08 [aleecia]
Alan: sounds like agreement we need some baseline standards around disclosures, without too prescriptive including exact language
00:16:15 [susanisrael]
aleecia, good, ok. Let me know if you need help
00:16:30 [aleecia]
... clarification: will group as whole take this up, or browser discussion?
00:16:44 [aleecia]
(Thomas Schauf, we have clear answers there, happy to talk at break)
00:16:53 [peterswire]
q?
00:16:59 [peterswire]
close q
00:17:05 [wseltzer]
zakim, close queue
00:17:05 [Zakim]
ok, wseltzer, the speaker queue is closed
00:17:08 [aleecia]
David: no need for it to be exclusive, but let's not have a written-by-committee disaster at the end, and not take time away from main DNT work
00:17:09 [BerinSzoka]
Remember the old joke: a camel is a horse designed by committee
00:17:11 [johnsimpson]
q?
00:17:11 [npdoty]
ack Chapell
00:17:14 [susanisrael]
Maybe browsers can offer something, and others can then offer comments
00:17:16 [aleecia]
... would be happy for additional help
00:17:21 [aleecia]
Alan: would love to be part
00:17:27 [aleecia]
dsinger: nodes
00:17:28 [rigo]
BerinSzoka, one of my favorite
00:17:30 [npdoty]
ack hober
00:17:46 [Thomas_Schauf]
aleecia: sure, but not covered seems the legal questions (EU/US)
00:18:09 [aleecia]
Increasing consistency is what we want to do. All browsers have a place we type things in, URL and sometimes search as well.
00:18:24 [aleecia]
... Mozilla is called awesome bar. Ours is unified search field or something.
00:18:33 [aleecia]
Everyone knows what it is, you type things in and something happens.
00:18:52 [Wileys]
Again - we're all in agreement on this topic - next???
00:19:01 [aleecia]
Helps if browsers explain this in a consistent way. But it's ok Mozilla calls it the awesome bar, you can switch browsers and figure it out.
00:19:11 [Wileys]
Or is everyone drawing this out to get to dinner without going to another topic? :-)
00:19:14 [aleecia]
Thomas-can't scribe & chat, but we have this covered
00:19:24 [kulick]
kulick has joined #dnt
00:19:34 [aleecia]
Peter: agenda for tomorrow, summary today, where to go for beer
00:19:51 [aleecia]
... tomorrow, Matthias & dsinger chair, technical measures in part 6 with TPE
00:19:53 [npdoty]
we have issue-172 on this topic (explanatory text requirements for UAs), and already have a few proposed pieces of text on this from Shane and Jonathan
00:19:56 [rigo]
rigo has joined #dnt
00:20:03 [aleecia]
... after lunch, John Calous (sp?) at 2 pacific
00:20:10 [wseltzer]
s/Calous/Callas/
00:20:43 [aleecia]
... well known security person, did a call with us. Follow up discussions with specific security issues in DNT realm. Update there with Q&A
00:20:52 [aleecia]
(thanks wendy!)
00:21:06 [aleecia]
Peter: will talk about unique ids and security
00:21:07 [rvaneijk]
http://lists.w3.org/Archives/Public/public-tracking/2013Feb/0123.html
00:21:26 [aleecia]
... may well have follow up on financial auditing, subgroup working on that.
00:21:40 [aleecia]
... afternoon, browser v. user agent and how we talk about it
00:21:57 [aleecia]
... that's tomorrow. wednesday is whatever else we've parked and where are we now.
00:22:03 [rigo]
rigo has joined #dnt
00:22:13 [aleecia]
... today, talked about audience measurement.
00:22:34 [aleecia]
... if audience measurement gets built in, at least compared to DAA code it's a limitation on collection
00:23:08 [aleecia]
... prior critique is hard to see limitations, overall if we have do not collect as well as do not target, that addresses concerns from FTC
00:23:20 [aleecia]
... could be an important step toward do not collect on something important
00:23:33 [aleecia]
... second, dsinger agreement on common resource with browsers open to others
00:23:53 [aleecia]
... third, Stu introduced points on the phone and we heard from browsers we are converging on item 6
00:24:21 [aleecia]
... for Monday, if we're making progress on do not collect and progress on item 6, glimmers of good things here. Tomorrow, unique IDs and framework for addressing that over time.
00:24:30 [BillScannell]
BillScannell has joined #dnt
00:24:37 [aleecia]
... link in agenda to Dinner on your own, but meet for drinks at Firehouse Brewery, 111 South Murphy.
00:24:43 [npdoty]
http://www.w3.org/2011/tracking-protection/sunnyvale/agenda.html
00:24:49 [aleecia]
... quick walk
00:24:57 [npdoty]
http://goo.gl/maps/8AbZ3
00:25:09 [johnsimpson]
johnsimpson has left #dnt
00:25:24 [npdoty]
adjourned.
00:25:25 [Zakim]
-mecallahan
00:25:26 [Zakim]
-StuIngis
00:25:29 [Zakim]
-moneill2
00:25:29 [npdoty]
Zakim, list attendees
00:25:30 [Zakim]
As of this point the attendees have been like, 40, of, us, +1.781.479.aaaa, bilcorry, Gregg_Vanderheiden, schunter, moneill2, +1.647.274.aabb, +1.215.898.aacc, Turow?,
00:25:30 [Zakim]
... +1.647.274.aadd, +1.202.257.aaee, +1.215.898.aaff, +1.408.223.aagg, +1.202.344.aahh, +1.202.257.aaii, mecallahan, StuIngis
00:25:40 [npdoty]
rrsagent, please draft the minutes
00:25:40 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/07-dnt-minutes.html npdoty
00:25:52 [wseltzer]
rrsagent, make logs public
00:26:17 [wseltzer]
chair: Peter_Swire
00:27:02 [wseltzer]
Meeting: Tracking Protection Working Group
00:27:10 [wseltzer]
rrsagent, make minutes
00:27:10 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/07-dnt-minutes.html wseltzer
00:29:11 [Zakim]
-[Apple]
00:29:12 [Zakim]
Team_(dnt)18:00Z has ended
00:29:12 [Zakim]
Attendees were like, 40, of, us, +1.781.479.aaaa, bilcorry, Gregg_Vanderheiden, schunter, moneill2, +1.647.274.aabb, +1.215.898.aacc, Turow?, +1.647.274.aadd, +1.202.257.aaee,
00:29:12 [Zakim]
... +1.215.898.aaff, +1.408.223.aagg, +1.202.344.aahh, +1.202.257.aaii, mecallahan, StuIngis
00:33:25 [robsherman]
robsherman has joined #dnt
00:42:49 [fwagner]
fwagner has joined #dnt
01:24:03 [jeff]
jeff has joined #dnt
03:37:15 [dsinger]
dsinger has joined #dnt
03:49:28 [adrianba]
adrianba has joined #dnt
04:09:15 [afowler]
afowler has joined #dnt
04:45:46 [afowler]
afowler has left #dnt
04:58:41 [kulick]
kulick has joined #dnt
05:03:12 [kulick]
kulick has left #dnt
05:42:57 [strider]
strider has joined #dnt
05:51:37 [npdoty]
npdoty has joined #dnt
06:20:50 [npdoty]
rrsagent, pointer?
06:20:50 [RRSAgent]
See http://www.w3.org/2013/05/07-dnt-irc#T06-20-50
06:50:50 [Zakim]
Zakim has left #dnt
07:47:25 [strider]
strider has joined #dnt
08:23:20 [schunter]
schunter has joined #dnt
08:44:53 [schunter]
schunter has joined #dnt
09:48:10 [strider]
strider has joined #dnt
10:06:59 [npdoty]
npdoty has joined #dnt
15:40:34 [RRSAgent]
RRSAgent has joined #dnt
15:40:34 [RRSAgent]
logging to http://www.w3.org/2013/05/07-dnt-irc
15:40:36 [trackbot]
RRSAgent, make logs world
15:40:36 [Zakim]
Zakim has joined #dnt
15:40:38 [trackbot]
Zakim, this will be
15:40:38 [Zakim]
I don't understand 'this will be', trackbot
15:40:39 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
15:40:39 [trackbot]
Date: 07 May 2013
15:40:43 [npdoty]
Zakim, this will be 87225
15:40:43 [Zakim]
ok, npdoty; I see T&S_Track(dntf2f)11:00AM scheduled to start 40 minutes ago
15:40:53 [npdoty]
Meeting: Tracking Protection Working Group f2f
15:40:57 [npdoty]
chair: schunter, peterswire
15:41:07 [npdoty]
Zakim, who is on the phone?
15:41:08 [Zakim]
T&S_Track(dntf2f)11:00AM has not yet started, npdoty
15:41:09 [Zakim]
On IRC I see RRSAgent, npdoty, rvaneijk, fwagner, dsinger, jeff, bilcorry, strider, wseltzer_cloud, schunter, MT01, moneill2, trackbot, hober, tlr, mischat, wseltzer
15:41:31 [schunter]
Zakim, who is on the phone
15:41:31 [Zakim]
I don't understand 'who is on the phone', schunter
15:45:45 [efelten]
efelten has joined #dnt
15:47:05 [hwest]
hwest has joined #dnt
15:47:09 [moneill2]
zakim, [IPCaller] is me
15:47:09 [Zakim]
sorry, moneill2, I do not recognize a party named '[IPCaller]'
15:47:33 [moneill2]
zakim, [IPCaller] is me
15:47:33 [Zakim]
sorry, moneill2, I do not recognize a party named '[IPCaller]'
15:48:48 [moneill2]
zakim, [IPCaller] is me
15:48:48 [jmayer]
jmayer has joined #dnt
15:48:48 [Joanne]
Joanne has joined #DNT
15:48:48 [Zakim]
sorry, moneill2, I do not recognize a party named '[IPCaller]'
15:49:19 [moneill2]
zakim, who is on the phone
15:49:19 [Zakim]
I don't understand 'who is on the phone', moneill2
15:49:41 [adrianba]
adrianba has joined #dnt
15:51:17 [bryan]
bryan has joined #dnt
15:53:11 [jchester2]
jchester2 has joined #dnt
15:53:55 [schunter]
Zakim, who is on the phone?
15:53:55 [Zakim]
T&S_Track(dntf2f)11:00AM has not yet started, schunter
15:53:56 [Zakim]
On IRC I see jchester2, bryan, adrianba, Joanne, jmayer, hwest, efelten, Zakim, RRSAgent, npdoty, rvaneijk, fwagner, dsinger, jeff, bilcorry, strider, wseltzer_cloud, schunter,
15:53:56 [Zakim]
... MT01, moneill2, trackbot, hober, tlr, mischat, wseltzer
15:54:30 [npdoty]
Zakim, code?
15:54:30 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), npdoty
15:54:35 [npdoty]
Zakim, who is on the phone?
15:54:35 [Zakim]
T&S_Track(dntf2f)11:00AM has not yet started, npdoty
15:54:37 [Zakim]
On IRC I see jchester2, bryan, adrianba, Joanne, jmayer, hwest, efelten, Zakim, RRSAgent, npdoty, rvaneijk, fwagner, dsinger, jeff, bilcorry, strider, wseltzer_cloud, schunter,
15:54:37 [Zakim]
... MT01, moneill2, trackbot, hober, tlr, mischat, wseltzer
15:54:43 [npdoty]
Zakim, this is dntf2f
15:54:43 [Zakim]
ok, npdoty; that matches T&S_Track(dntf2f)11:00AM
15:54:45 [Zakim]
+Jonathan_Mayer
15:54:47 [npdoty]
Zakim, who is on the phone?
15:54:48 [Zakim]
On the phone I see ??P65, [Apple], [IPcaller], bilcorry, Jonathan_Mayer
15:54:58 [bilcorry]
Zakim, mute me
15:54:58 [Zakim]
bilcorry should now be muted
15:55:00 [npdoty]
Zakim, [IPcaller] is moneill2
15:55:00 [Zakim]
+moneill2; got it
15:55:02 [schunter]
Zakim, ??P65 is schunter
15:55:03 [Zakim]
+schunter; got it
15:55:47 [PaulGlist]
PaulGlist has joined #dnt
15:55:50 [Yianni]
Yianni has joined #DNT
15:55:51 [schunter]
Zakim, who is on the phone?
15:55:51 [Zakim]
On the phone I see schunter, [Apple], moneill2, bilcorry (muted), Jonathan_Mayer
15:57:03 [jmayer]
Regrets, have to participate by the phone for morning sessions today and tomorrow, will be in person in the afternoon sessions.
15:57:32 [MarkVickers]
MarkVickers has joined #dnt
15:58:50 [schunter]
Since I am remote, too, this means that we can communicate clearly with each other ;-)
15:58:59 [prestia]
prestia has joined #dnt
15:59:39 [Joanne]
Joanne has joined #DNT
16:00:00 [adrianba_]
adrianba_ has joined #dnt
16:00:18 [chris_IAB]
chris_IAB has joined #dnt
16:00:41 [robsherman]
robsherman has joined #dnt
16:01:05 [Bin_Hu]
Bin_Hu has joined #dnt
16:01:15 [Richard_comScore]
Richard_comScore has joined #dnt
16:01:30 [Bin_Hu]
present+ Bin_Hu
16:02:03 [jackhobaugh]
jackhobaugh has joined #dnt
16:02:21 [paulohm]
paulohm has joined #dnt
16:02:37 [jeffwilson]
jeffwilson has joined #dnt
16:02:56 [AAIsham]
AAIsham has joined #dnt
16:03:27 [vinay]
vinay has joined #dnt
16:03:27 [npdoty]
scribe volunteers: Alan, JC, Rigo
16:03:32 [npdoty]
(scribing one hour at a time)
16:03:40 [wseltzer]
Chair: schunter
16:03:43 [rigo]
rigo has joined #dnt
16:03:48 [wseltzer]
Meeting: Tracking Protection Working Group
16:03:51 [Chapell]
Chapell has joined #DNT
16:03:51 [sidstamm]
sidstamm has joined #dnt
16:03:54 [WaltM_Comcast]
WaltM_Comcast has joined #DNT
16:03:58 [wseltzer]
Date: May 7, 2013
16:04:00 [dwainberg]
dwainberg has joined #dnt
16:04:10 [npdoty]
scribenick: Chapell
16:04:19 [adrianba]
adrianba has joined #dnt
16:04:42 [kulick]
kulick has joined #dnt
16:04:44 [haakonfb]
haakonfb has joined #dnt
16:04:48 [kulick]
kulick has left #dnt
16:05:40 [Chapell]
Peter: Intro...
16:05:55 [Chapell]
... we begin with....History of the weather(?)
16:06:15 [rigo]
rigo has joined #dnt
16:06:32 [kulick]
kulick has joined #dnt
16:06:34 [Chapell]
.... blizzard at MIT, and now.... rainy in (always sunny) sunnyvale...
16:06:40 [npdoty]
"weather gods have been smiling on us"
16:06:51 [sidstamm]
we're supposed to have a sunstorm today
16:06:53 [JC]
JC has joined #DNT
16:07:05 [Chapell]
.... progress made yesterday. How we can bring this together...
16:07:06 [rachel_n_thomas]
rachel_n_thomas has joined #dnt
16:07:25 [Chapell]
Consumer Groups - 2 priorities.... must be do not collect...
16:07:31 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
16:07:51 [BillScannell]
BillScannell has joined #dnt
16:08:26 [Chapell]
.... Peter and others have expressed concerns with the DAA code --- DAA has interest in addressing these concerns. If we address these concerns, we can address the concerns around do not collect
16:08:44 [tara]
tara has joined #dnt
16:08:55 [Chapell]
... 2nd concern from privacy advocates: the UID issue.
16:09:28 [Chapell]
.... If I turn DNT on, you don't set a UID --- this sounds acheivable to Peter....
16:10:01 [Chapell]
.... How do we get there? We get as far as we can this week. Understand WHY we need a UID.
16:10:27 [Chapell]
.... if we create structure where it looks like there's convergence, and credible promises, then Peter believes we have a chance to address the UID issue as well.
16:10:30 [vincent]
vincent has joined #dnt
16:10:55 [Marc]
Marc has joined #dnt
16:10:58 [justin]
justin has joined #dnt
16:11:20 [Chapell]
....Re: Advertising Industry: want's DNT default off and meaningful explanation of DNT functionality
16:12:00 [Brooks]
Brooks has joined #dnt
16:12:24 [Wileys]
Wileys has joined #dnt
16:12:34 [Chapell]
.... if it turns out that we meet priorities of both advocates and advertising industry, then that's a really good reason to come together enough tomorrow and continue....
16:12:52 [Chapell]
.... conversely, if we don't have agreement on these issues, it may not make sense to continue.
16:13:01 [Chapell]
.... re: Where is the Normative language?
16:13:13 [jmayer]
I sent an email to the list that reflects my understanding of yesterday's conversation of browser user interface. I think we have a "convergence" / "are in the ballpark" on informing users. We don't have agreement on non-browser UAs, defaults and UI specifics, and ignoring DNT: 1.
16:13:41 [Chapell]
.... All the contingencies make it difficult to close issues. This is the reason that we've gone to a framework approach. This allows a high level view. And the text will follow.
16:13:59 [npdoty]
jmayer, do we not have agreement on unset-by-default?
16:14:25 [Chapell]
.... If we have the stakeholder priorities set by Wed, then we can address on subsequent Wed calls.
16:14:51 [jmayer]
+q
16:15:04 [npdoty]
q+ Lmastria_DAA
16:15:18 [npdoty]
ack Lmastria_DAA
16:15:22 [jmayer]
Nick, I believe we have agreement on a silent default in a mainstream browser. I have not seen any indicia of agreement on other implementations, nor agreement on who decides whether a UA is noncompliant and what websites can do about it.
16:16:02 [dsinger]
q?
16:16:04 [npdoty]
q+ johnsimpson
16:16:10 [Chapell]
LouMastria: Some reason to be hopeful. The famework is more holistic. All of this is good. One of the issues discussed yesterday is the concern about cookie blocking. DAA sees this as a material issue.
16:16:12 [npdoty]
ack johnsimpson
16:16:20 [fielding]
fielding has joined #dnt
16:16:34 [justin]
Is there anything about cookie blocking in the draft framework?
16:16:38 [jchester2]
+q
16:16:48 [jmayer]
Justin, no, there isn't.
16:16:49 [npdoty]
justin, no.
16:16:55 [Chapell]
JohnSimpson: It seems to be possed that there are two sides: DAA and privacy advocates. There are many more stakeholders. He's not sure how all the other stakeholders fit in here.
16:17:04 [npdoty]
... but it's something we've heard of interest from both DAA and from browsers
16:17:29 [Chapell]
..... Moreover, the room is filled with lawyers and policy wonks --- but few implementers. That's important to consider.
16:17:44 [rvaneijk]
q+
16:18:00 [jchester2]
-q
16:18:38 [johnsimpson]
johnsimpson has joined #dnt
16:18:47 [johnsimpson]
q?
16:18:52 [fielding]
q+
16:19:11 [dsinger]
I think that last-call is where we ask for implementation and feedback, and we'll get it from implementers...
16:19:21 [Chapell]
PeterSwire: Hasn't heard of a deal breaker from other members of the ecosystem -- but has heard from advocates and DAA. Peter hopes that others will let him know if they have deal breakers.
16:19:35 [dsinger]
q?
16:19:36 [npdoty]
+1 to dsinger, Last Call and CR both are about getting more implementers and testing
16:19:39 [tlr]
q+
16:19:42 [Chapell]
.... Peter has tried to bring in many experts into the discussion in order to have a fact based approach.
16:19:50 [npdoty]
ack jmayer
16:19:56 [Chapell]
Jmayer: 3 points
16:20:10 [efelten]
+q
16:20:45 [Chapell]
.... 1. What was agreed to --- We have reaffirmation of what we've long agreed to. This is seperate from the details of browser UI, what is required of non-browser UA's and browser defaults....
16:21:16 [Chapell]
.... moreover, we haven't built consensus on what happens if the browsers send a signal that violates the standard.
16:21:48 [npdoty]
Zakim, close the queue
16:21:48 [Zakim]
ok, npdoty, the speaker queue is closed
16:22:09 [Chapell]
2. Many participants in the group put lots of brainpower into these discussions. There is a tendancy in the way that this has progressed that lack of objection = consent...
16:22:28 [Chapell]
..... many entities have expressed concerns with the framework.
16:22:45 [Chapell]
.... glossing over long-standing disagreement isn't productive
16:23:06 [afowler]
afowler has joined #dnt
16:23:17 [Chapell]
3. This framework is a giant horse trade... industry gets movement by browsers.
16:23:36 [Chapell]
... regulators and advocates get movement on permitted uses and uid's. Compromise is important.
16:23:59 [npdoty]
q?
16:24:06 [tlr]
q?
16:24:15 [Chapell]
.... given all the discussion around browser interface, JM believes there needs to be significant givebacks re: UID and permitted uses.
16:24:28 [fielding]
q=
16:24:34 [Chapell]
Matthias: Via phone (wishes he could be here)
16:24:37 [justin]
zakim, empty the queue
16:24:37 [Zakim]
I don't understand 'empty the queue', justin
16:24:51 [npdoty]
http://www.w3.org/2011/tracking-protection/sunnyvale/TPE-Discussions.pdf
16:24:54 [Chapell]
..... Slide 2: summarized the status
16:25:11 [efelten]
-q
16:25:25 [Chapell]
.... pleasantly surprised how much progress has been made.
16:25:28 [BerinSzoka]
BerinSzoka has joined #DNT
16:26:15 [JC]
Matt we lost you
16:26:15 [rigo]
continent isolated
16:26:17 [Zakim]
+[Apple.a]
16:26:23 [Zakim]
-schunter
16:26:30 [Zakim]
-[Apple]
16:26:36 [Zakim]
+??P4
16:26:47 [fielding]
you are back
16:26:51 [npdoty]
schunter, apologies, for our phone issue, we hear you again
16:27:08 [Chapell]
Matthias: 6 open issues. Plan during this meeting is to address these issues.
16:27:17 [Chapell]
.... minor issues can be addressed down the line via phone.
16:27:39 [Chapell]
.... Agenda (slide 3) structured the session in 2 parts:
16:27:58 [Chapell]
,,,, Roy will give an update on what has changed in the draft, then
16:28:01 [wseltzer]
i|schunter, |Topic: TPE|
16:28:17 [Chapell]
.... discussion of preference collection, transmission and acceptance
16:28:51 [Chapell]
.... Session 2: review pendig proposals. Discuss and assign changes.
16:29:15 [schunter]
q?
16:29:16 [Chapell]
.... then we look at item 6 of the draft framework
16:29:31 [dsinger]
zakim, empty the queue
16:29:31 [Zakim]
I don't understand 'empty the queue', dsinger
16:29:31 [tlr]
q-
16:29:34 [fielding]
q=
16:29:35 [rvaneijk]
q-
16:29:38 [wseltzer]
zakim, clear queue
16:29:38 [Zakim]
I don't understand 'clear queue', wseltzer
16:29:39 [tlr]
zakim, reopen the queue
16:29:40 [Zakim]
ok, tlr, the speaker queue is open
16:29:42 [adrianba]
zakim, queue=
16:29:42 [Zakim]
I see no one on the speaker queue
16:29:49 [dsinger]
zakim, open the queue
16:29:49 [Zakim]
ok, dsinger, the speaker queue is open
16:29:53 [dsinger]
q?
16:29:58 [Chapell]
.... Dsinger will co-moderate and manage the que
16:30:37 [schunter]
q?
16:31:08 [jmayer]
A recap of my three points: there remain deep divides on browser user interface, we cannot ignore longstanding and well-considered ISSUE positions on account of high-level framing and silence, and for the framework's horse trade to work there needs to be significant movement on collection and retention.
16:31:52 [Chapell]
Fielding: A number of changes.... slide covers the changes from previous drafts. No surprises....
16:34:02 [moneill2]
<doctypemissing again
16:34:03 [Chapell]
..... We changed the javascript property from navigator interface....
16:34:27 [Chapell]
.... trackig status values: a number of proposals were added.
16:34:57 [Chapell]
.... 5.2.2. None (N) --- left this in as an option because it wasn't clear whether we decided to keep it in
16:35:22 [Chapell]
.... most of the differences are reformatting. Very few text changes.
16:35:42 [wseltzer]
[fielding scrolling through http://www.w3.org/2011/tracking-protection/drafts/diffs/TPE-WD3-to-WD4.html ]
16:35:53 [Chapell]
... main new things are: "!" means "not-compliant, "D" disregard....
16:36:30 [sidstamm]
and P means "potential consent"
16:37:51 [dsinger]
Notes that some of the re-organizations and section movements make this look scarier than it is.
16:37:55 [Chapell]
@JC, can you take over? Some of this is beyond my tech understanding...
16:38:36 [Chapell]
Fielding: trying to address multiple first parties and indicate who is listed as the responsible data controller for that service... the domain may not indicate this
16:38:57 [schunter]
IMHO: I believe that no scribing is needed; the DIFF speaks for itself.
16:39:17 [schunter]
;-) The code is the documentation ;-)
16:39:28 [Chapell]
@schunter: works for me
16:39:45 [Chapell]
DSinger: Exceptions changes...
16:39:47 [Dominique_]
Dominique_ has joined #dnt
16:40:02 [Chapell]
.... look scarier than they are.
16:40:37 [aleecia]
aleecia has joined #dnt
16:40:57 [sidstamm]
sidstamm has joined #dnt
16:42:36 [Chapell]
.... worth repeating: the challenge of getting consent from the user lay with the site. The duty of explaining the exception is left to the site.
16:43:09 [Ari]
Ari has joined #dnt
16:44:50 [Chapell]
Fielding: list of acknowledgements at end of the document. If we missed anyone, please let us know
16:45:28 [Chapell]
Schunter: Any questions on spec?
16:45:58 [schunter]
q?
16:46:03 [Chapell]
SWiley: how do we handle c-name parties? Do we need to name them seperately?
16:46:46 [Chapell]
Fielding: use the name of the controller.
16:47:05 [Chapell]
Swiley: is controller optional or required?
16:47:08 [jmayer]
Question: are we discussing objections now?
16:47:13 [schunter]
No
16:47:15 [jmayer]
Or just clarifying questions?
16:47:16 [Chapell]
Fielding: optional in some instances, required in others.
16:47:24 [schunter]
Clarifying and understanding.
16:47:38 [jmayer]
Ok, thanks.
16:47:56 [Chapell]
Swiley: this is the work around service provider -- trying to address transparency concerns over who has control over data.
16:48:43 [Chapell]
Justin: the spec doesn't include "disregard".....
16:49:26 [jmayer]
q+
16:49:31 [Chapell]
Fielding: There are two options: 1) you have consent, or 2) data must be deleted.....
16:49:37 [schunter]
Clarification: If you choose "P", you can not later disregard. As a consequence, if you do not like a signal/user agent, you need to send disregard immediately.
16:49:48 [schunter]
q?
16:49:52 [schunter]
ack jmayer
16:50:18 [Chapell]
Jmayer: Wants to hear more about use cases for the "P" flag -- how does this play out in practice. Why is existing consent flag inadequate?
16:50:26 [rvaneijk]
q+
16:50:41 [Chapell]
Fielding: the main goal of the "P" flat is to allow services that collect in real time but do not process data in real time to function.
16:51:27 [Chapell]
.... this allows those entities who process data on back end to adhere to DNT. These entities throw away data within 48 hour period if they find that they don't have consent.
16:52:14 [TS]
TS has joined #DNT
16:52:25 [johnsimpson]
q?
16:52:35 [hefferjr]
hefferjr has joined #dnt
16:53:00 [schunter]
q?
16:53:26 [hefferjr]
q+
16:53:36 [npdoty]
we have a thread with Ronan on the mailing list which might explain the detail, jmayer
16:53:43 [dsinger]
answering Jonathan, we asked…and we were assured it was hard
16:53:55 [npdoty]
I don't think it has to be done in 30 ms, since it's the loading of a separate tracking status resource
16:54:23 [schunter]
for status resource: yes. AFAIR, it can also appear on a response header.
16:54:34 [schunter]
q?
16:54:38 [npdoty]
I really think reading the email from Ronan will help, if you want more info, jmayer
16:54:53 [Chapell]
Fielding: doing a lookup requires a significant capacity.
16:55:03 [sidstamm]
jmayer, I think the issue is that many systems do batch operations to identify out-of-band-consent, and don't do it in realtime
16:55:26 [efelten]
+q
16:55:41 [dsinger]
q?
16:55:42 [hefferjr]
q-
16:55:46 [jmayer]
Alright, now I'm even less comfortable with this. A site's crufty implementation doesn't allow dynamic checking for DNT consent (e.g. a "Consent=True" cookie)... so it gets to prospectively collect short-term browsing history from users.
16:55:56 [schunter]
q?
16:55:57 [JC]
Chapell, we can switch in 5 minutes
16:56:05 [schunter]
ack rvaneijk
16:56:08 [Chapell]
JC, perfect
16:56:22 [efelten]
-q
16:56:47 [jmayer]
Sid, I get that some implementers may want to go that route. But the tradeoff is a substantial impact on privacy for users who haven't actually given consent.
16:56:53 [schunter]
q?
16:57:13 [schunter]
q?
16:57:28 [Chapell]
Schunter: if other questions, please post to mailing list
16:57:49 [johnsimpson]
zakim, who is on the call?
16:57:49 [Zakim]
On the phone I see moneill2, bilcorry (muted), Jonathan_Mayer, [Apple.a], ??P4
16:57:51 [justin]
I think I prefer P to 3. At least with P you get an indication that there's an open question about whether there's consent or not.
16:58:03 [schunter]
Zakim, ??P4 is schunter
16:58:03 [Zakim]
+schunter; got it
16:58:13 [amyc]
amyc has joined #dnt
16:58:28 [jmayer]
Justin, I'm fine with a signal that a site thinks it has consent. But if it's not sure, it should become sure, not get to make an assumption and start collecting.
16:58:38 [Chapell]
Schunter: sites want to ensure that preferences are coming from users in a reliable way.
16:58:40 [wseltzer]
[slide 5]
16:58:56 [Wileys]
q?
16:59:08 [jmayer]
The problem is false positives: what about all the users who didn't actually consent? That could, potentially, be almost everyone.
16:59:25 [JC]
Chapell, I'm ready
16:59:31 [jchester2]
I agree with Jonathan. This has an impact on privacy and we need to fix this.
16:59:33 [Chapell]
JC, sounds good
16:59:51 [efelten]
+q
17:00:05 [JC]
Schunter: What is okay an install dialog for a browser requesting user DNT preference
17:00:06 [schunter]
q?
17:00:08 [Chapell]
scribenik, JC
17:00:20 [JC]
... it is not okay to set a preference without contacting user
17:00:22 [Chapell]
q+
17:00:28 [schunter]
ack ef
17:00:29 [JC]
... how do we enforce this
17:00:36 [Lmastria_DAA]
+q
17:01:12 [JC]
Efelten: This seems to focus on products instead of getting informed consent
17:01:25 [JC]
... why would the group be against a router getting informed consent
17:01:42 [JC]
Schunter: To be clear we are against a product coming preset with a value
17:02:01 [justin]
jmayer, yes, for presumably nearly everyone getting the P signal there would not be consent. I don't like this approach but I don't see a better alternative (ending use of census data for non-DNT:1 users, , exception for market resesarch)
17:02:16 [JC]
... I don't have a clear decision if the spec covers whether an organization can set the default for a router
17:02:27 [schunter]
q?
17:02:30 [JC]
... DNT 0 or 1 should not come in firmware
17:02:34 [schunter]
ac Chapell
17:02:34 [johnsimpson]
Q?
17:03:13 [JC]
Chapell: I am under impression that request for prefernce during install shouldn't be in spec
17:03:17 [adrianba]
q+
17:03:18 [jmayer]
Justin, we covered this yesterday—privacy-preserving implementations, service provider exception are also options. And even if we give an exception here, let's not pretend it's about consent.
17:03:19 [rvaneijk]
my question was not scibed: what about the alternative of not having the P flag. We had the discussion on the call that if you can not determine in realtime whether you have consent you should't be collecting data. The discussion on the call then went into a possible permitted use for short-term retention to determine consent.
17:03:32 [JC]
Dsinger: it is not covered in the spec, but it is in the DAA principles
17:03:46 [rvaneijk]
Roy explained that this is reflected in alternative 2. Is up for the compliance doc to address this.
17:03:51 [rvaneijk]
tnx.
17:03:54 [Lmastria_DAA]
q-
17:04:35 [JC]
Fielding: I believe section 3 discusses first use and the request cannot be done at install time because user may not be installer
17:05:00 [jmayer]
Ok, so what if the installer is the user? Or the installer is someone acting on the user's behalf?
17:05:05 [JC]
Schunter: If the user is installing the PC or browser then the user can set the DNT prefernece. The same for IT department.
17:05:17 [JC]
... preference should be explicit and informed
17:05:27 [dsinger]
we say "Key to that notion of expression is that the signal sent must reflect the user's preference, not the choice of some vendor, institution, site, or any network-imposed mechanism outside the user's control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user. In the absence of user choice, there is no tracking
17:05:27 [dsinger]
preference expressed."
17:05:29 [sidstamm]
q+
17:05:30 [efelten]
+q
17:05:30 [schunter]
q?
17:05:36 [justin]
From Section 3: a user might select a check-box in their user agent's configuration, install an extension or add-on that is specifically designed to add a tracking preference expression
17:05:38 [JC]
... according to the framework we do not want to allow install setting
17:05:51 [dsinger]
so Roy is right; the IS dept installing it is not OK. The user doing his own install might be
17:05:59 [schunter]
Zakim, close queue
17:05:59 [Zakim]
ok, schunter, the speaker queue is closed
17:06:02 [schunter]
q?
17:06:07 [schunter]
ack Chapell
17:06:14 [johnsimpson]
q+
17:06:15 [Wileys]
q+
17:06:28 [jmayer]
Wondering how we'll have time to reach any agreement on contentious issues when we're still working through clarifying questions this late into the conversation.
17:06:40 [JC]
Adrianba: It is not clear why this discussion is in the TPE. We don't need to cover the consent experience when it can be covered in compliance spec
17:06:50 [schunter]
People are discussing my intro slides ;-)
17:06:51 [JC]
... are we trying to cover this area twice?
17:07:04 [bryan]
bryan has joined #dnt
17:07:07 [JC]
Fielding: how the preference is set changes the meaning of the protocol
17:07:11 [schunter]
q?
17:07:12 [bryan]
The key point about the router case is that unless it was selected by the user (or whoever is responsible for the user, e.g. a parent), a router-inserted DNT flag is not a "preference". So default DNT:1 without control is in violation, I agree.
17:07:14 [schunter]
ack adrianba
17:07:15 [aleecia]
Telling IS depts they cannot set policy is unlikely to work in practice
17:07:15 [jmayer]
+q
17:07:16 [schunter]
q?
17:07:22 [JC]
... changing who sets the value changes the protocol
17:07:38 [dsinger]
q?
17:07:44 [JC]
... The UA on the protocol side is in TPE. What to do is in the compliance spec.
17:07:51 [johnsimpson]
I'm reading section 3 explicit;y allows the user agent to ask at start up what their preference is. I am very very confused.
17:08:21 [JC]
... we should not change the separation unless we want to change who the editor is. I'm happy not to be the editor.
17:08:39 [JC]
Schunter: I would like to close the queue and move on
17:08:48 [schunter]
John: Point is that if an UA is installed by the IT department then the preference entered would not be OK
17:08:54 [johnsimpson]
q+
17:09:06 [schunter]
I will re-open latera.
17:09:17 [schunter]
s/latera/later/
17:09:18 [JC]
Sidstamm: I don't see the first run statement. We should focus on what we want the protocol to do. There needs to be trust on both sides for this to work
17:09:22 [aleecia]
How do we test that (IT dept)?
17:09:33 [justin]
How can you determine "user preference" on shared devices? fielding's analysis would imply that DNT could not be persistent across sessions.
17:09:34 [JC]
... let's be overly prescriptive on what types of products are okay
17:09:38 [rigo]
rigo has joined #dnt
17:09:42 [schunter]
We have similar corner cases if I install and my spouse uses.
17:09:46 [Wileys]
I trust web browsers vendor far more than the numerous UA "add-ons" and network intermediaries that are turning on DNT:1 today.
17:10:01 [JC]
... if the user make the choice during or after install it should be okay
17:10:01 [rvaneijk]
q?
17:10:03 [schunter]
Or one kid sets a preference (using the dialogue) while my other kid then surfs.
17:10:06 [schunter]
q?
17:10:06 [aleecia]
I think we cannot deal with the spouse issue -- and ought not to
17:10:14 [JC]
... having it set by a router or other device is not okay
17:10:15 [schunter]
17:10:17 [schunter]
q?
17:10:20 [Chapell]
q+
17:10:22 [schunter]
ack ef
17:10:24 [dwainberg]
q+
17:10:25 [rvaneijk]
q+
17:10:27 [schunter]
ack sid
17:10:32 [npd]
npd has joined #dnt
17:10:33 [schunter]
Zakim, open queue
17:10:33 [Zakim]
ok, schunter, the speaker queue is open
17:10:38 [Wileys]
The cost to turn on DNT:1 (to "spray" the signal to quote Matthias) is amazingly low compared to the cost of websites and servers to implement their side of DNT.
17:10:39 [jmayer]
q+
17:10:48 [Chapell]
q+
17:10:50 [johnsimpson]
The current spec clearly says "The user-agent might ask the user for their preference during start, up...
17:10:54 [peterswire_]
peterswire_ has joined #dnt
17:10:58 [johnsimpson]
q+
17:10:58 [JC]
Efelten: What is justification for ruling out install time dialog when it is the user's choice?
17:11:01 [sidstamm]
schunter, this kid v. kid problem is not something we can address with this. It's currently not addressable via adChoices either if they share a browser
17:11:03 [dsinger]
Peter and I think the 'limited to browsers' discussion is on the agenda for later, by the way
17:11:06 [rigo]
q?
17:11:07 [justin]
I agree aleecia, just don't understand the logical difference between "at install" and "in the settings." I get the business rationale for it, but I don't understand why "at install" is any less of a user preference.
17:11:20 [JC]
Schunter: I would like to permit this question as I have same question.
17:11:25 [fielding]
justin, each user has their own profile for any browser, including their cookies -- that is persistent
17:11:29 [jmayer]
q-
17:11:35 [aleecia]
I'm with you, Justin
17:11:35 [justin]
(Stu discussed this on the last call.)
17:11:36 [dsinger]
q?
17:11:53 [schunter]
Ack Chapell
17:12:09 [justin]
I literally asked this precise question a week ago, and Stu gave us a long answer.
17:12:09 [rvaneijk]
issue 194 is much more about compliance then about technical building blocks. On the call it was addressed that TPE:3 should be cleaned up, to not contain compliance elements.
17:12:27 [aleecia]
q+
17:12:32 [JC]
Chapell: One path forward for simplification was to let the browser set the DNT setting.
17:12:34 [rvaneijk]
q+
17:12:36 [peterswire_]
q+
17:12:50 [JC]
... one of the challenges doing this at install is the user may not be installer.
17:12:51 [dwainberg]
q+
17:12:52 [aleecia]
q-
17:12:59 [dan_auerbach]
dan_auerbach has joined #dnt
17:13:02 [aleecia]
(disagree with Alan, but will take it up later)
17:13:12 [JC]
Dsinger: The discussion has been about UA when that isn't always the case.
17:13:20 [justin]
fielding, I'd be curious to see what % of people use profiles on shared devices. I have never seen them used.
17:13:37 [BerinSzoka]
+q
17:13:46 [JC]
Wileys: We need to discuss the introduction of signals and have the policy discussion this afternoon
17:13:48 [schunter]
Zakim, close queue
17:13:48 [Zakim]
ok, schunter, the speaker queue is closed
17:13:50 [sidstamm]
we shouldn't limit to particular types of things, lets define the desired effect ("reflects user intent") and go from there. Software that doesn't introduce the signals right is non-compliant. We don't have to make a list of valid/invalid things -- we'll miss many.
17:13:51 [peterswire_]
+1 on shane's comment
17:14:27 [JC]
Johnsimpson: I am amazed based on section 3 why we are having this discussion.
17:14:53 [JC]
Fielding: First use is not install. The reason this is here is that by default DNT is not set
17:15:13 [JC]
... cannot have user set if value is set for user.
17:15:15 [rigo]
q?
17:15:17 [aleecia]
What we have learned: someone who has talked about this for 2 years does not understand the text as it is.
17:15:36 [aleecia]
This suggests the editors give it another shot to clarify the difference.
17:15:39 [schunter]
ack john
17:15:43 [aleecia]
Could be all of half a sentence
17:15:45 [JC]
Dsinger: systems often ask the user for setup values and may include DNT. This is okay, but IT department should not choose
17:15:49 [jmayer]
What about a browser that is very often installed by users?
17:16:04 [justin]
It is clear there is disagreement on this issue that needs to be worked out. We don't need to debate what the existing text means because there are still decisions that the group has waiting in the parking lot. Let's use this time productively.
17:16:12 [JC]
Schunter: The underlying difficulty is that the software should ask the question if the user can respond.
17:16:12 [aleecia]
Suggestion: take an action to update it.
17:16:19 [schunter]
q-
17:16:21 [peterswire_]
q-
17:16:26 [schunter]
q--
17:16:33 [schunter]
Zakim, q-
17:16:33 [Zakim]
I see rvaneijk, dwainberg, BerinSzoka on the speaker queue
17:16:39 [BerinSzoka]
I also have a question I'd like to ask before we move on
17:16:47 [aleecia]
Shouldn't take long, but let's update based on John's very reasonable reading, so other people not in this room have a chance to understand.
17:16:50 [efelten]
Is there a justification for that position?
17:16:52 [JC]
Lmastria: The draft framework indicates that DNT is not set during installation.
17:17:13 [JC]
... I believe first run is similar to install
17:17:35 [bryan]
bryan has joined #dnt
17:17:37 [schunter]
Zakim, close queue
17:17:37 [Zakim]
ok, schunter, the speaker queue is closed
17:17:42 [schunter]
Zakim, open queue
17:17:42 [Zakim]
ok, schunter, the speaker queue is open
17:17:51 [JC]
rvaneijk: There should be a cross-reference or cleanup to indicate connections between TPE and compliance docs
17:18:12 [npd]
There will certainly need to be final cleanup.
17:18:16 [JC]
... we should not over complicate the TPE and disentagle the compliance segments from TPE
17:18:31 [wseltzer]
[slide 6]
17:18:37 [strider]
strider has joined #dnt
17:19:09 [dsinger]
q?
17:19:10 [JC]
Schunter: we assume there are UA that comply and other devices may send a signal. How do we know the difference
17:19:29 [wseltzer]
issue-194?
17:19:29 [trackbot]
ISSUE-194 -- How should we ensure consent of users for DNT inputs? -- open
17:19:29 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/194
17:19:36 [wseltzer]
[slide 7]
17:19:44 [JC]
... a site needs to be able to do something if it feels it received an invalid setting
17:19:55 [npd]
q- rvaneijk
17:20:31 [JC]
... there are UAs that will send the signal in compliance or out of compliance
17:20:47 [JC]
... how can a site tell if a signal was properly generated or noise?
17:20:57 [BillScannell]
BillScannell has joined #dnt
17:21:07 [wseltzer]
[slide 8]
17:21:38 [BillScannell]
BillScannell has joined #dnt
17:21:49 [JC]
.. there are three alternatives. 3. Do nothing, rely on existing data, UA string or something else
17:22:24 [JC]
... 2 use an authenticated channel to send the signal
17:22:45 [Wileys]
+q
17:22:58 [efelten]
+q
17:23:06 [dwainberg]
q-
17:23:07 [JC]
... 1 change the signal definition to determine how the signal was set. For example, adding a 'U' to indicate that user set value based on spec
17:23:45 [schunter]
q?
17:23:47 [dsinger]
[dws] or we change the signals as we publish, so we can distinguish the historical UAs from those that actually read the spec
17:23:48 [JC]
... to make sure site is not overwhelmed by signals the site should be able to distinguish between valid signals and act accordingly
17:23:51 [dsinger]
q?
17:23:51 [jmayer]
+q
17:23:55 [schunter]
ack Ber
17:23:55 [dan_auerbach]
q?
17:24:04 [dan_auerbach]
+q
17:24:14 [schunter]
ack Wileys
17:24:18 [JC]
BerinSzoka: Important to have compliance signals on both sides. Let's come back to that later
17:24:52 [schunter]
Proposal: "N" for non-browser
17:25:01 [aleecia]
How will that work in practice?
17:25:06 [dsinger]
q+ to ask why we need to distinguish the non-browser UA?
17:25:12 [JC]
Wileys: With alternative 1. I would like to see the use of 'N' for non-UA device setting signal. That would tell us that something other than UA set value
17:25:17 [aleecia]
Specifically, IE reads a registry setting from IE, or not from IE.
17:25:33 [JC]
... I think that would make it simpler and cleaner
17:25:34 [rigo]
q?
17:25:36 [schunter]
"f" for "framework-based UA/browser"
17:25:46 [fielding]
q+
17:25:53 [schunter]
ack efelten
17:26:00 [rvaneijk]
q+
17:26:02 [npd]
Wileys, maybe 1N or 0N, to clarify which signal that agent is setting?
17:26:21 [bryan]
how do you trust the UA string? are you going to limit DNT to a known set of UA headers?
17:26:21 [aleecia]
Shane can you help me understand your proposal over IRC, or shall I add myself to the queue to ask how you imagine that would work?
17:26:35 [schunter]
2 Problems (A) Truly legacy signals and (B) things that try to send signals that appear valid
17:26:37 [JC]
Efelten: Why are we ruling out non-browsers? We can't stop parties from misbehaving, just like we can't stop servers from sending something invalid
17:26:59 [schunter]
q?
17:27:02 [aleecia]
q+
17:27:04 [JC]
Wileys: I'm not disagreeing with Efelten, I'm just saying that we should be able to know how the signal was set
17:27:14 [dwainberg]
q+
17:27:35 [Zakim]
-bilcorry
17:27:36 [JC]
Schunter: The legacy problem is something that is easily solved by changing the signal.
17:27:43 [dsinger__]
dsinger__ has joined #dnt
17:27:54 [JC]
... Forged signals is something that we largely cannot solve
17:28:05 [schunter]
q?
17:28:13 [JC]
... I don't see how the protocol can solve this
17:28:32 [JC]
... we should be able to distinguish between legacy signals
17:28:37 [schunter]
ack jmayer
17:28:53 [dsinger]
+1 to JC; we can't close this door without digital signatures and so on. We can orphan the legacy, which may be prudent...
17:29:02 [dsinger]
q?
17:29:06 [bryan]
why would it considered invalid if the extension etc that set DNT could be proven to be serving user choice, just like any browser?
17:29:11 [npd]
If a browser extension complies with all requirements, does it help if it adds an extra "N" to the DNT header?
17:29:25 [jchester2]
jchester2 has joined #dnt
17:29:26 [JC]
Jmayer: What solutions do people have in mind. Non-browser software that modifies DNT could be an extension, which have nearly unlimited ability
17:29:47 [schunter]
I think that the dialogue how to prevent forgers is one that is similar to a dialogue to prevent sites that pretend to follow DNT without doing so.
17:29:58 [JC]
... how would you prevent that. The other major way is via a proxy and similarly how would one stop a proxy from setting DNT 1.
17:30:02 [peterswire_]
q+
17:30:07 [JC]
... There is not much one could do to stop it.
17:30:24 [Wileys]
Jonathan - understood we cannot prevent (unfortunately) - looking to separate UA direct setting from in-direct setting through add-ons and 3rd party software packages.
17:30:26 [npd]
I think Shane is suggesting *not* trying to prevent fraudulent signals
17:30:46 [JC]
Schunter: We are not looking for a bulletproof solution, but swithching the signal will tell us if someone pretends to follow the spec
17:31:00 [afowler]
afowler has joined #dnt
17:31:02 [aleecia]
Shane I'm listening, but how do you do that?
17:31:13 [dsinger]
q?
17:31:17 [rigo]
q+ to suggest not adding new strings with reference to Ed's example running watch with web interface
17:31:24 [JC]
... If the browser states that it follows the spec then we should be able to see this and they will get into trouble
17:31:28 [schunter]
ack dan_auerbach
17:31:53 [JC]
Dan_auerbach: Quick suggestion, to the extent is network intermediaries, https would prevent that
17:32:04 [Wileys]
+q
17:32:23 [schunter]
ack d
17:32:28 [JC]
Schunter: I agree that https would prevent modification of signals
17:32:50 [JC]
Dsinger: Question to Wileys, what does the change in signal do for us
17:32:58 [schunter]
I prefer affirmative statements "I promise X".
17:33:03 [npd]
ack dsinger
17:33:03 [Zakim]
dsinger, you wanted to ask why we need to distinguish the non-browser UA?
17:33:09 [JC]
Wileys: If I received an 'N' i can determine the source of the signal
17:33:17 [justin]
The draft Framework seems clear that third parties could ignore N DNT signals.
17:33:32 [JC]
... we talked about sending an augment UA string, which would to be too heavy
17:33:57 [JC]
... the simpler signal helps me separate where the signal came from and who is lying.
17:33:59 [dan_auerbach]
shane, are you saying https won't work as a solution particularly for preventing inteference from network intermediaries? if so, why?
17:34:11 [JC]
... From there I can make a decision on how to respond
17:34:12 [amyc]
not sure that I understand what problem new signals are solving, regardless of new signals sent by UA, site may still disagree with how signal set based on existing data (for example, if it doesn't like signal set during first run)
17:34:24 [schunter]
q?
17:34:27 [schunter]
ack fielding
17:34:30 [JC]
... I may decide only to respond to UA set signals
17:34:34 [npd]
They are lying if they send dnt: 1 while not following the user requirements, right?
17:34:36 [dsinger]
q?
17:34:40 [dwainberg]
q+
17:35:04 [JC]
Fielding: The technical decision between a UA set the signal or not is difficult to determine
17:35:35 [npd]
"I really mean it" :-)
17:35:45 [JC]
... I really want this to work, but using "i really mean it" pushes everyone to say "I really mean it" everyone pretening to be a UA
17:35:59 [schunter]
We may be constrained (by technical possibility) to only orphan the legacy (without solve the forgery problem).
17:36:27 [schunter]
ack rv
17:36:33 [JC]
... I cannot overemphasize enough that there is restriction to adoption on the server side and the more the UA side sends invalid signals adoption will be affected
17:36:37 [efelten]
q?
17:36:39 [jmayer]
We have now heard from an editor of HTTP, a Princeton professor, Mozilla's security lead, and others that there isn't a viable technical solution here. Time to move on.
17:36:44 [BerinSzoka]
Amen to that but I doubt persuasion alone will suffice. there needs to be legal consequences to gaming the spec by sending non-compliant signals
17:36:53 [npd]
+1 to fielding, it's on us to convince that it helps users not to send invalid dnt signals
17:37:12 [dsinger]
+q to Roy also
17:37:18 [vinay]
I agree, Berin
17:37:25 [JC]
Rvaneigk: Referring to DAA framework, the host controls what data is shared and to whom. Will the SafeFrame help protect the user from unwanted sharing?
17:37:37 [Wileys]
Jonathan - we all agree there is no air-tight solution here - that's understood. I don't believe it harms the standard to have non-user agent string DNT setters to send a separate signal. Will some lie - yes! Will some tell the truth - yes.
17:37:50 [npd]
Chris to think that over, thanks Chris
17:38:00 [JC]
Aleecia: For a test signal we can say we can use old signal to say I am testing and new signal can be I am compliant
17:38:09 [schunter]
Aleecia: DNT:1 may be declared as "testing DNT"
17:38:27 [sidstamm]
Aleecia, kind of like an X- header that, when standardized, drops the X-?
17:38:35 [dsinger]
so '1' on a UA is like '!' on the site-side; we are in pre-deployment. nice. then you switch to DNT:True or whatever we say. nice
17:38:36 [JC]
... Second point, as long as IE has a registry setting that anyone can set it will be a problem unless IE changes that
17:38:40 [schunter]
Problem (technical): Non-browsers can tweak registry to make browsers send dnt signals.
17:38:43 [rvaneijk]
referring to IAB Safeframe as a possible solution? would like to hear more about that. (https://www.iab.net/safeframe)
17:38:52 [chris_IAB]
rvaneijk, re your question to IAB about SafeFrame, can you please elaborate on your idea? Not sure I understand yet where you are going?
17:38:56 [schunter]
q?
17:39:02 [schunter]
ack aleecia
17:39:02 [JC]
... Does Microsoft have plans to have two different settings
17:39:08 [rigo]
ack aleecia
17:39:13 [jmayer]
Is the aim to provide a hook for deceptive business practice litigation? That we could do (though unsure we should do).
17:39:18 [JC]
Adrianba: We won't have two settings because we have one setting for us.
17:39:40 [JC]
... the purpose of the store is to store our setting and having a second value serves no purpose
17:39:44 [justin]
WileyS, why would anyone ever send an N signal if no one is respecting those signals? I'd not necessarily averse to the signal, but trying to play out what will happen . . .
17:40:01 [chris_IAB]
rvaneijk, SafeFrame uses a form of post message to communicate between the host and the 3rd party.
17:40:02 [npd]
Jmayer, I think that is the aim.
17:40:03 [JC]
Wileys: in response to question, many of modifications of signals happen in flight and not based on a registry setting
17:40:11 [bryan]
bryan has joined #dnt
17:40:32 [JC]
... AV and routers set the value on the line and we probably wont go to https tomorrow.
17:40:41 [rvaneijk]
chris_IAB: and could carry the transmission of user preference, right?
17:40:45 [jmayer]
Nick, then let's be honest about it. This is about a legally enforceable representation of compliance, not a technical limitation.
17:40:48 [schunter]
q?
17:40:56 [JC]
... using 'N' is not airtight, but we are attempting to add balance to reduce ability to game system
17:40:57 [schunter]
Zakim, close queue
17:40:57 [Zakim]
ok, schunter, the speaker queue is closed
17:41:22 [JC]
... implementing code is not hard. Implementing work on the server side is hard.
17:41:31 [schunter]
q?
17:41:33 [justin]
WileyS, OK, I understand now.
17:41:45 [npd]
I don't think anyone is hiding that. Is there anything we can do to facilitate legal compliance/enforcement?
17:41:53 [schunter]
ack peterswire_
17:42:15 [bryan]
it's not a lie if user choice is actually being expressed through the header, regardless of how sourced
17:42:30 [JC]
Peterswire: Ship and dock scenario, ships have things to invest in and if it won't work they won't invest
17:42:37 [johnsimpson]
+1 to Bryan
17:42:41 [dsinger]
q-
17:42:42 [JC]
... is there a structure where we can encourage the investment.
17:43:16 [JC]
... Secondly, there is no airtight technical solution. If a commerce company makes it business lying on a massive scale, they are taking a risk
17:43:23 [Wileys]
Bryan - the key question - is it a user choice? If I don't know who is setting the signal, then I can't tell.
17:43:25 [npd]
Bryan, but you would agree that it's a lie if it wasn't a user's choice?
17:43:48 [dsinger]
for the record, I am totally sympathetic to Shane's concern. But like JC, I can't see how to address it (apart from 'moving the goalposts' by changing the final signal)
17:43:52 [dsinger]
q?
17:43:54 [JC]
... that is not a technical answer, but the muckiness of law gives a reason for there to be discipline in the system
17:43:55 [schunter]
ack rigo
17:43:55 [Zakim]
rigo, you wanted to suggest not adding new strings with reference to Ed's example running watch with web interface
17:44:02 [Wileys]
q-
17:44:23 [JC]
Rigo: The cost for having another signal is too high compared to the gain that we get
17:44:36 [dwainberg]
q-
17:45:04 [Lmastria_DAA]
peterswire_ is right. gaming of the system is a concern and having non-tech solutions has to be part of the solution
17:45:07 [JC]
... We have to produce a future proof idea that addresses the web of things, I don't see how something other than 1, 0 or unset is useful.
17:45:28 [bryan]
Shane - all we need is a mechanism to tell who it setting the signal. That's something IETF could address, if needed.
17:45:30 [schunter]
How about 2, 3, unset.
17:45:30 [JC]
... on the server side we can use heuristics or baysian functions to analyze the signal
17:45:42 [JC]
.. very low gain and high cost to adding signals
17:46:16 [npd]
Lmastria, is there anything we can do to facilitate those legal / market measures?
17:46:33 [bryan]
nick - I would agree that a verifiable violation of user choice would be a lie.
17:46:36 [JC]
Schunter: Firstly, are people are okay with changing the signal to find legacy signals? Only user agents that follow the rules can send a preference.
17:46:43 [efelten]
It's not enough to say you want enforceability. You need to explain how this proposal makes the system more enforceable.
17:47:20 [JC]
.. Secondly, no solution is perfect. Shane wants to distinguish UA from other tools, and legacy tools from tools that follow spec.
17:47:23 [adrianba]
when does new start?
17:47:28 [npd]
Bryan, Lou, if we document that very clearly, as an industry consensus, that could help with FTC or lawsuits, right?
17:47:31 [schunter]
After first call.
17:47:40 [JC]
... We should creat an issue to address how to determine if UA foloow spec
17:47:47 [rigo]
efelten, enforceable towards user agents or sites?
17:48:12 [JC]
Fielding: I would rather go down this right. I would want to determine if UA follows the spec.
17:48:27 [aleecia]
I'm hearing two issues intertwined.
17:48:35 [efelten]
Rigo, the discussion here is about enforceability w.r.t. user agents; but similar principle applies on the server side.
17:48:36 [JC]
... If an intermediary always send a DNT 1 we may be able to find that out
17:48:44 [npd]
-1
17:48:59 [bryan]
nick - i would hope, so, but IANAL. A clear indication of compliance expectation should be applicable to any implementation.
17:49:02 [schunter]
If we change the characters, then disregarding the legacy should be permitted.
17:49:05 [JC]
Dsinger: what does the room think about changing the signal. Okay.
17:49:09 [jmayer]
-1
17:49:13 [schunter]
+1
17:49:27 [JC]
... Hum on the negative indicates changing signal probably not helpful
17:49:38 [JC]
... maybe we can come up with better idea
17:49:57 [JC]
Schunter: Should we take a break?
17:50:02 [aleecia]
coffee :-)
17:50:08 [rigo]
I still think requiring the exception API to work for conformance would work
17:50:14 [johnsimpson]
johnsimpson has left #dnt
17:50:33 [JC]
Dsinger: Going to break Rigo will scribe
17:50:34 [npd]
11:15 back.
17:50:47 [Zakim]
-moneill2
17:53:27 [jmayer]
Off to class, will be back for the afternoon.
17:54:08 [jmayer]
In anticipation of the upcoming topics: I strongly object to the "D", "!", and "P" proposals as written. My thinking on "D" and "!" is on the mailing list, and I articulated my view on "P" earlier.
17:58:55 [Zakim]
-Jonathan_Mayer
17:59:02 [sidstamm]
sidstamm has joined #dnt
18:13:34 [schunter]
q?
18:16:20 [Zakim]
+Gregg_Vanderheiden
18:16:22 [moneill2]
zakim, [IPCaller] is me
18:16:22 [Zakim]
sorry, moneill2, I do not recognize a party named '[IPCaller]'
18:16:45 [moneill2]
zakim, [IPCaller] is me
18:16:45 [Zakim]
sorry, moneill2, I do not recognize a party named '[IPCaller]'
18:17:34 [rigo]
scribenick:rigo
18:17:41 [justin]
justin has joined #dnt
18:17:47 [jackhobaugh]
jackhobaugh has joined #dnt
18:18:10 [paulohm]
paulohm has joined #dnt
18:18:12 [justin]
schunter, are you on? We can't hear you.
18:18:13 [aleecia]
aleecia has joined #dnt
18:18:15 [justin]
NVM
18:18:17 [rigo]
mts: welcome back
18:18:23 [rigo]
... no intro
18:18:31 [rigo]
... slide [9]
18:18:49 [afowler]
afowler has joined #dnt
18:18:56 [efelten]
efelten has joined #dnt
18:19:03 [rigo]
... reaction to unreliable signal, e.g preconfigured signal from a router.
18:19:34 [rigo]
... my belief is that the signal is not conformant, site does not have to react
18:19:41 [rigo]
... 3 options:
18:19:42 [dsinger__]
dsinger__ has joined #dnt
18:19:44 [efelten]
To clarify: the suggestion is that sites have the *option* to reject, or ignore, right?
18:19:49 [rigo]
....a/ sending D back
18:19:53 [fielding]
fielding has joined #dnt
18:19:59 [rigo]
....b/ saying nothing, not responding
18:20:16 [rigo]
... c/ rather safe than sorry, apply DNT:1
18:20:23 [schunter]
q?
18:20:30 [npd]
q+
18:20:32 [rigo]
mts, these are the opinions I saw on the list
18:20:33 [bryan]
matthias - how do you know the signal is not conformant, that it was not set by the explicit choice of the user?
18:20:33 [aleecia]
q+
18:20:38 [hwest]
hwest has joined #dnt
18:20:40 [schunter]
Zakim, open queue
18:20:40 [Zakim]
ok, schunter, the speaker queue is open
18:20:48 [dan_auerbach]
dan_auerbach has joined #dnt
18:20:49 [npd]
q+
18:20:55 [johnsimpson]
johnsimpson has joined #dnt
18:20:56 [rigo]
ed: your alternatives, the sites would have the option to ignore, or required?
18:21:02 [aleecia]
To add a 4th option we have discussed: site can ask the user to confirm.
18:21:11 [rigo]
mts: the option, they can react on signals from routers
18:21:16 [dan_auerbach]
+1 to aleecia
18:21:27 [schunter]
q?
18:21:29 [sidstamm]
sidstamm has joined #dnt
18:21:29 [aleecia]
So the site does not have to blindly accept, but can also make sure they do not ignore valid.
18:21:31 [rigo]
... after determining that signal is unreliable, they can decide what to do with it
18:21:31 [schunter]
ack n
18:21:32 [aleecia]
q+
18:21:48 [Chris_IAB]
Chris_IAB has joined #dnt
18:22:08 [rigo]
npdoty: d/ be silent on this, just not having feedback
18:22:21 [adrianba]
q+
18:22:36 [rigo]
... signals should be so reliable that every signals will be respected
18:22:49 [dsinger]
does anyone want a change to the document, or is this an exploration of where we are?
18:22:52 [johnsimpson]
q?
18:22:52 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
18:22:58 [npd]
q-
18:23:15 [justin]
Is there anyone actually arguing in favor of Alternative 2? I thought there was universal agreement that was not viable?
18:23:25 [amyc]
amyc has joined #dnt
18:23:30 [Brooks]
Brooks has joined #dnt
18:23:41 [npd]
I agree that D is a useful signal for when you're not complying with a potentially unreliable signal
18:23:43 [rigo]
mts: take step back, protocol discussion. What should you do on the wire. You can feedback, redirect user, clarify the signal. First signal on the wire, what should the response say
18:23:46 [fielding]
a first party can clarify -- not so easy for a third party
18:23:49 [schunter]
q?
18:23:49 [aleecia]
q?
18:23:53 [schunter]
ack aleecia
18:24:17 [moneill2]
+q
18:24:33 [hefferjr]
q+
18:24:35 [rigo]
aleecia: understand distinction, lets clarify, sending back "I'm not sure" and re-direct to disambiguate
18:24:44 [npd]
aleecia, would that be implemented differently than "D"?
18:24:45 [schunter]
ack adr
18:24:47 [Wileys]
Aleecia - 3rd parties would likely not have that option
18:24:53 [jchester2]
jchester2 has joined #dnt
18:25:18 [hefferjr]
q-
18:25:35 [npd]
We even indicate 409 as the status code?
18:25:47 [dsinger]
q?
18:25:47 [rigo]
adrianba: common for protocol to have signal for error case, here signal sent in incorrect situation, dnt:73, currently D comes with URI that explains why it was rejected, seems like a reasonable thing to have
18:25:52 [schunter]
Jonathan at some point promoted Alternative 2 (AFAIR)
18:26:28 [rigo]
moneill2: option to reconfirm an unreliable signal,
18:26:41 [justin]
schunter, I somehow doubt that jmayer is advocating that third parties could disregard signals deemed unreliable without feedback.
18:26:46 [rigo]
mts: if you reconfirm, it should reconfirm both ways
18:26:47 [schunter]
q?
18:26:50 [schunter]
ack moneill2
18:26:56 [rigo]
ack mon
18:27:16 [rigo]
mts: agreement that the UA should be told that something went wrong
18:27:17 [hefferjr]
q+
18:27:31 [dsinger]
q+
18:27:32 [Chapell]
Chapell has joined #DNT
18:27:40 [rigo]
... not silently swallowing the signal is agreement. Nobody is for alternative 2
18:27:48 [fielding]
q+
18:28:08 [BillScannell]
BillScannell has joined #dnt
18:28:10 [johnsimpson]
q?
18:28:21 [rigo]
... after telling UA 'something went wrong'. Now what behavior to assume, 0/1/unset? After assumption do we want to require sites to reconfirm?
18:28:35 [aleecia]
q+
18:28:35 [rigo]
q?
18:28:38 [schunter]
ack hefferjr
18:29:03 [schunter]
ack dsinger
18:29:06 [rigo]
hefferjr: third parties will not be able to reconfirm, Most websites will not allow that to happen
18:29:22 [rigo]
dsinger: we introduced this to have transparency
18:29:44 [rigo]
... reason of disregarding. Not an invitation to disregarding signals
18:29:47 [rigo]
q+
18:29:54 [ChrisPedigoOPA]
q+
18:29:58 [npd]
Is it possible with tk:D and an edit link to handle confirming signals?
18:30:01 [schunter]
ack fielding
18:30:04 [rigo]
... concerned that we don't say anything
18:30:23 [hefferjr]
small correction to what I said: it is not that 3rd parties will not be able to reconfirm; 3rd parties will not be able to ask the USER to reconfirm.
18:31:00 [dsinger]
[dws] is concerned we don't say that the compliance of "D" is indeterminate, and this is not an invitation to be capricious about what signals you respect and what you disregard
18:31:13 [schunter]
Similarily, user agents have the option to mitigate once they have been disregarded.
18:31:16 [jeff_]
jeff_ has joined #dnt
18:31:34 [schunter]
q?
18:31:39 [rigo]
fielding: operating procedure we have is that we say in privacy policy what signals we support. That is reasonable. If user agent does not look at feedback, can't see that signal was rejected. No power to enforce against non-compliant signal
18:32:08 [rigo]
Justin: privacy policy saying "we don't accept safari"
18:32:08 [dsinger]
to roy: we could say that this signal can only be used in response to non-compliant signals or under court order or similar duress
18:32:13 [aleecia]
q-
18:32:21 [npd]
If you're not complying with the spec, you don't have any requirements.
18:32:34 [rigo]
mts: if you disregard than you have to say so
18:32:58 [rigo]
fielding: protocol is saying disregard, explanation is in the policy
18:33:07 [schunter]
q?
18:33:11 [schunter]
ack rigo
18:33:18 [dsinger]
the snag with silence is that the user won't be aware (can't be; they can't operate the logic of the privacy policy)
18:33:29 [dsinger]
q?
18:33:37 [schunter]
Silence should not be an option.
18:34:17 [aleecia]
right, users have no way of knowing which 3rd parties are on a page at a given time (reload, world changes)
18:34:36 [npd]
Noncompliance with the spec will always be an option for implementers, of course.
18:34:43 [schunter]
q?
18:34:49 [schunter]
Ack ChrisPedigoOPA
18:35:11 [fielding]
I am saying that signal via privacy policy is reality -- "D" is an option for creating in-band transparency when the received protocol has failed.
18:35:28 [rigo]
RW: "D" is protocol, explanation in DAA code or privacy policy legally self binding
18:35:40 [AAIsham]
AAIsham has joined #dnt
18:35:41 [sidstamm]
can the context for the D be optional?
18:35:50 [aleecia]
sid++
18:36:07 [sidstamm]
q+
18:36:11 [rigo]
ChrisPedigoOPA: not overload signal, default is probably biggest issue.
18:36:53 [Wileys]
Anyone in the WG arguing against option 1? Matthias - can you please ask the room so it'll be possible to close this issue?
18:37:00 [rigo]
mts: people are feeling comfortable by having a signal back to UA
18:37:01 [schunter]
q?
18:37:02 [Wileys]
Apologies, "Alternative" 1
18:37:32 [rigo]
sidstamm: D = disregard because something went wrong. Let's make context optional.
18:37:36 [rigo]
mts: good point
18:37:41 [dan_auerbach]
+1 to sid
18:37:47 [npd]
Less confusing than no response. +1
18:37:47 [Marc]
Sid, why is it valuable to the UA?
18:37:54 [dan_auerbach]
+q
18:37:59 [sidstamm]
Marc, it gives us feedback
18:38:03 [aleecia]
problem: define "clearly"
18:38:04 [schunter]
q?
18:38:05 [Wileys]
+1 to Sid - context/explanation is optional
18:38:07 [schunter]
ack sidstamm
18:38:09 [rigo]
... anybody having trouble with option 1?
18:38:14 [Zakim]
+bilcorry
18:38:16 [sidstamm]
Marc, it's better than absence of reply
18:38:21 [justin]
Mandatory D, optional explanation.
18:38:21 [tlr]
zakim, mute bilcorry
18:38:21 [Zakim]
bilcorry should now be muted
18:38:23 [aleecia]
if you define "clearly" in a way I agree with, I can agree with the rest, but that seems unlikely
18:38:28 [bilcorry]
Zakim, mute me
18:38:28 [Zakim]
bilcorry was already muted, bilcorry
18:38:33 [rigo]
ChrisPedigoOPA: if disregard, will it be required to send D
18:38:40 [rigo]
mts: required to send D
18:38:48 [schunter]
q?
18:39:11 [rigo]
fielding: requiring D would be a thing for compliance, able to send is TPE
18:39:51 [rigo]
dan_auerbach: concerns about what unreliable signal means in practice
18:39:57 [johnsimpson]
q+
18:40:00 [schunter]
ack dan_auerbach
18:40:16 [rigo]
dsinger: there are many cases why you need a D signal
18:40:20 [npd]
I suggest we are silent as to why you send D, but adopt the ability to send D
18:40:39 [aleecia]
sounds like an action item to add to compliance?
18:40:40 [schunter]
ack johnsimpson
18:40:51 [aleecia]
just in case we're still doing action items :-)
18:41:23 [rigo]
johnsimpson: are we saying that option 3 is off the table.
18:41:42 [schunter]
Agreement: (A) if you receive a incompliant signal, you may reject it by sending "D"
18:42:01 [npd]
I think the question of 3 is Compliance (and I have suggested we just be silent)
18:42:09 [rigo]
fielding/dsinger about what is normal approach in protocols and how do they fail
18:42:20 [schunter]
I agree.
18:42:21 [sidstamm]
npd, you mean make it available but don't MUST it?
18:42:24 [rigo]
hober: you can see that they reject
18:42:34 [npd]
But the TPE question is whether we should define the ability to disregard with a signal
18:42:38 [dwainberg]
dwainberg has joined #dnt
18:43:12 [aleecia]
q+
18:43:20 [npd]
I think available is the only thing we can require, sidstamm, because entirely non compliant servers won't reply at all
18:43:24 [rigo]
fielding: under alternative 3 we would not implement DNT
18:43:44 [rigo]
dsinger: agreement on option 1 and figure out the details.
18:44:07 [schunter]
q?
18:44:10 [rigo]
mts: how to develop guidance for unreliable signals should be described be done in TCS
18:44:11 [schunter]
ack aleecia
18:44:47 [rigo]
aleecia: third parties putting in privacy policy is not an option as you don't know who they are
18:44:49 [npd]
Isn't the D the response from the 3rd party?
18:44:51 [dsinger__]
dsinger__ has joined #dnt
18:45:12 [rigo]
mts: if IP address from third party, could i discover?
18:45:29 [jeffwilson]
it seems unrealistic from a ux perspective to have every third party confirm every ie10 signal
18:45:32 [rigo]
fielding: they could check TSR before retrieving
18:45:49 [dsinger]
I see two issues (a) what are the compliance rules around 'D' and (b) how does the user get an explanation (e.g. a URI, a privacy policy, and so on)?
18:46:12 [aleecia]
My point is you need a response header, not "it's in a privacy policy"
18:46:14 [Lmastria_DAA]
Q+
18:46:21 [sidstamm]
can we agree to accept D and push the design of the "optional context" to an issue?
18:46:45 [npd]
Aleecia, I think alternative 1 is that agreement, yeah?
18:46:48 [schunter]
q?
18:46:51 [rigo]
mts: if you get request from address, you can discover via TSR where to retrieve the privacy policy
18:46:55 [rigo]
q+
18:47:14 [aleecia]
This is discussion of how to make 1 at all possible, and we still have issues with it, but this is one of two to solve
18:47:41 [rigo]
dsinger: 2 issues: compliance rules aroudn the D signal and how does the user clarity on why they received D to do immediate action
18:47:43 [Lmastria_DAA]
q-
18:47:43 [peterswire_]
as compliance co-chair, I'm glad to have those items added to our list
18:47:47 [aleecia]
(The other is: uh oh, a user set DNT:1 under IE 9, upgraded to IE 10, and is being ignored. That's lawsuit central and make my head throb.)
18:48:31 [rigo]
fielding: only one place currently where user can receive human readable response is privacy policy.
18:49:09 [rigo]
... anything regarding description of privacy handling is a legal document. And have legal review. That's why we put it in privacy policy
18:49:41 [aleecia]
either way of those can work
18:49:47 [schunter]
If "D" is sent, the the "policy" member of the WKR should be mandatory.
18:49:56 [aleecia]
either Matthias' mandatory, or the optional
18:50:15 [schunter]
q?
18:50:21 [npd]
Dominique is representing eBay.
18:50:43 [rigo]
Dominique_: 183 class actions against privacy policies because criticized by FTC
18:51:00 [schunter]
q?
18:51:06 [rigo]
dsinger: yes even fragment id in the privacy policy would help (40 pages down)
18:51:15 [rigo]
ack rigo
18:51:28 [Joanne]
we consider and allow for ways to get the disclosure outside of the privacy policy
18:51:30 [rigo]
mts: keep D signal and iron out subissues?
18:51:33 [schunter]
q?
18:52:17 [npdoty]
issue: compliance requirements about when disregarding a signal is allowed
18:52:17 [trackbot]
Created ISSUE-196 - Compliance requirements about when disregarding a signal is allowed; please complete additional details at <http://www.w3.org/2011/tracking-protection/track/issues/196/edit>.
18:52:37 [rigo]
Lmastria_DAA: David's quesiton on suplemental notice. DAA is doing supplemental notice. There was a conversation about privacy policy. We go beyond. For data collected online cross site. ICAN notice
18:52:38 [aleecia]
DNT will apply to more than your companies, but if you have best practices to point to, that's great!
18:52:54 [npdoty]
issue: how do we notify the user why a Disregard signal is received?
18:52:54 [trackbot]
Created ISSUE-197 - How do we notify the user why a Disregard signal is received?; please complete additional details at <http://www.w3.org/2011/tracking-protection/track/issues/197/edit>.
18:52:59 [npdoty]
issue-196: for Compliance
18:52:59 [trackbot]
Notes added to ISSUE-196 Compliance requirements about when disregarding a signal is allowed.
18:53:33 [rigo]
fielding: object to create ISSUE-196
18:53:45 [npdoty]
issue-197: might already be covered, in TPE, by existing text
18:53:45 [trackbot]
Notes added to ISSUE-197 How do we notify the user why a Disregard signal is received?.
18:53:53 [npdoty]
if someone wants to fix typos in my issue titles, I welcome that
18:54:06 [npdoty]
issue-196: Roy wants to re-title
18:54:06 [trackbot]
Notes added to ISSUE-196 Compliance requirements about when disregarding a signal is allowed.
18:54:33 [rigo]
mts: going through current issues: slide [10]
18:55:15 [tara]
tara has joined #dnt
18:55:21 [rigo]
mts: ISSUE-112 Cookie matching rules
18:55:25 [rigo]
issue-112?
18:55:25 [trackbot]
ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- pending review
18:55:25 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/112
18:56:00 [rigo]
mts: important to provide text. If you complain you can only do so by providing test
18:56:05 [rigo]
s/test/text/
18:56:27 [rigo]
mts ... explaining issue-112
18:56:30 [npd]
Optionally, if you use the domain parameter
18:56:40 [npd]
If you don't, its fully qualified
18:57:00 [rigo]
mts: if ok, will send reconfirm before closing.
18:57:11 [rigo]
no questions on issue-112
18:57:19 [rigo]
issue-147?
18:57:19 [trackbot]
ISSUE-147 -- Transporting Consent via the Exception / DNT mechanisms -- raised
18:57:19 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/147
18:57:21 [npd]
112, no objections in the room
18:57:29 [rigo]
Do we need a service provider flag?
18:57:32 [dsinger]
issue-137?
18:57:32 [trackbot]
ISSUE-137 -- Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) -- pending review
18:57:32 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/137
18:57:55 [npd]
Controllers, not same party, right?
18:58:05 [sidstamm]
-phone disconnection-
18:58:08 [npdoty]
Zakim, who is on the phone?
18:58:08 [Zakim]
On the phone I see [Apple.a], schunter, Gregg_Vanderheiden, bilcorry (muted)
18:58:13 [npdoty]
Zakim, drop [Apple.a]
18:58:13 [Zakim]
[Apple.a] is being disconnected
18:58:14 [Zakim]
-[Apple.a]
18:58:16 [schunter]
q?
18:58:16 [rigo]
mts: current flag would only work with same-party element in well-known resource
18:58:24 [rigo]
q+
18:58:29 [aleecia]
Matthias, we're working on it
18:58:40 [schunter]
I thought silence means agreement ;-)
18:58:50 [aleecia]
talk really fast!
18:58:52 [Zakim]
+[Apple]
18:58:54 [aleecia]
:-)
18:59:26 [schunter]
q?
18:59:30 [schunter]
ack rigo
18:59:44 [johnsimpson]
q?
18:59:56 [schunter]
NPD: It is same-party (not controller)
19:00:02 [dsinger]
q+ to distinguish 'as a matter of course' from 'ever'
19:00:38 [Zakim]
dsinger, you wanted to distinguish 'as a matter of course' from 'ever'
19:00:39 [npd]
They can signal tk:1
19:01:08 [npd]
Q+
19:01:14 [aleecia]
+1 to dsinger, plus also non-browser UAs
19:01:44 [dwainberg]
How does this work for service providers to 3rd parties?
19:01:52 [fielding]
issue-196?
19:01:52 [trackbot]
ISSUE-196 -- What compliance requirements apply when a signal has been disregarded? -- raised
19:01:52 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/196
19:02:28 [dwainberg]
q+
19:02:49 [aleecia]
When do you need me to once again say we need a SP flag?
19:02:58 [aleecia]
Because I can repeat myself. Again.
19:02:59 [johnsimpson]
q?
19:03:00 [npd]
I think Tk: 1 is a clear response
19:03:05 [npd]
Q-
19:03:05 [schunter]
ack npd
19:03:07 [aleecia]
Great, ok:
19:03:09 [aleecia]
q+
19:03:10 [schunter]
ack dwainberg
19:03:11 [rigo]
dsinger: need to clarify that the service provider flag is possible, will provide text for clarification
19:03:35 [rigo]
D.wainberg: how does that work for 3rd parties
19:03:46 [npd]
Tk: 3, with a controllers element in the TSR
19:03:52 [rigo]
dsinger: have to refresh my memory and write it up
19:03:58 [tlr]
+1 to nick
19:04:49 [rigo]
mts: service provider will perhaps not be visible to end users...
19:05:01 [johnsimpson]
q?
19:05:05 [rigo]
npd: no objection from the room
19:06:04 [fielding]
q+
19:06:09 [tlr]
ack a
19:06:19 [rigo]
aleecia: say the things that I always said, service provider is not a first party, need transparency, invisible parties are a deal breaker, can deal with them lightly. Not fair.
19:06:37 [schunter]
ack fielding
19:06:49 [aleecia]
Roy and I could write each other's points :-)
19:06:56 [rigo]
mts: aleecia has sustained her objections
19:06:56 [schunter]
Yes.
19:07:04 [npd]
Next?
19:07:05 [schunter]
Roy, too.
19:07:08 [rigo]
fielding: sustaining objection against the objection
19:07:11 [aleecia]
We must be as bad as things in the past?
19:07:26 [aleecia]
That's absurd.
19:07:29 [dsinger]
Q+ to plead for write-up
19:07:44 [rigo]
mts: not ready to close issue-137
19:08:05 [aleecia]
I'll take that as a reasonable next step, without withdrawing my objection here.
19:08:10 [aleecia]
But I think that moves forward.
19:08:13 [rigo]
dsinger: wait for my writeup before. Roy has it mostly covered, but not visible
19:08:44 [npd]
Maybe we can then run though the decision policy on this? Call for Objections, etc.
19:08:48 [dsinger]
action: dsinger to explore how service providers (to 1st and 3rd parties) can provide transparency, and work through the use cases
19:08:48 [trackbot]
Created ACTION-400 - Explore how service providers (to 1st and 3rd parties) can provide transparency, and work through the use cases [on David Singer - due 2013-05-14].
19:09:03 [npd]
Issue-152?
19:09:03 [trackbot]
ISSUE-152 -- User Agent Compliance: feedback for out-of-band consent -- pending review
19:09:03 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/152
19:09:15 [rigo]
mts: aleecia, not being able to express SP, but requiring as a MUST to have SP declared. But have at least the option to do so.
19:09:33 [rigo]
mts: objections against optional service providers
19:09:43 [aleecia]
It serves a useful purpose :-)
19:10:03 [aleecia]
By that logic, there is no need for transparency to 3rd parties of any type
19:10:15 [aleecia]
We do not have data controllers in the US
19:10:22 [npd]
Issue-152?
19:10:22 [trackbot]
ISSUE-152 -- User Agent Compliance: feedback for out-of-band consent -- pending review
19:10:22 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/152
19:10:26 [aleecia]
dsinger: heh
19:10:37 [aleecia]
"It's none of their business" where their data goes?
19:10:47 [dsinger]
issue-152?
19:10:47 [trackbot]
ISSUE-152 -- User Agent Compliance: feedback for out-of-band consent -- pending review
19:10:47 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/152
19:10:48 [aleecia]
We're not going to agree Roy...
19:10:50 [rigo]
fielding: does not serve any purpose. As long as the controller is identified that is sufficient. Not possible to express how many service providers are involved in every request is impossible and beyond what we could do
19:11:02 [rigo]
mts: so waiting for David's text
19:11:06 [aleecia]
I think it very much is users' business who collects, uses, processes their data.
19:11:13 [rigo]
issue-152?
19:11:13 [trackbot]
ISSUE-152 -- User Agent Compliance: feedback for out-of-band consent -- pending review
19:11:13 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/152
19:11:20 [vinay]
Aleecia -- if the website is using a service provider, their data is managed/used/controlled by that website. If the user needs to do anything with that data, they need to go to the website (controller)
19:11:21 [aleecia]
If we cannot even agree on that after two years, well, that explains a lot
19:11:40 [aleecia]
Vinay -- we don't have controller liability in the US
19:11:48 [aleecia]
it's not how our legal structure works
19:12:03 [aleecia]
and w3c cannot shift legal liability
19:12:10 [vinay]
but there are (in most cases, and we're including it in the spec) to require a contract
19:12:19 [vinay]
which brings legal liability to comply with the terms outlined in the contract
19:12:20 [rigo]
mts: we must require UA to always be clear about signaling UI for out of band consent. Currently optional
19:12:20 [schunter]
q?
19:12:24 [dsinger]
q-
19:12:27 [johnsimpson]
Q+
19:12:35 [schunter]
ack jo
19:12:59 [aleecia]
but does not shift all liability. Also, call me crazy, but I'd rather resolve things other than via lawsuits.
19:13:02 [rigo]
johnsimpson: seems we have in TPE we have the ability to send C.
19:13:31 [rigo]
npd: is about must signal in UI
19:13:41 [aleecia]
Users should have visibility. SPs are just third parties.
19:13:45 [rigo]
dsinger: puzzled we have to disclose this one thing and not everything
19:13:55 [npd]
I think we could have long closed 152.
19:14:27 [aleecia]
(not that I know of)
19:14:36 [npd]
Issue-153?
19:14:36 [trackbot]
ISSUE-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- pending review
19:14:36 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/153
19:14:37 [rigo]
mts: johnsimpson is still right if we still require "C" to be sent. If a site uses OBC, it should say so to the user, and wonder if we have that in the compliance spec
19:14:38 [fielding]
aleecia, if that were true there would not be a category for service provider and requirements (like siloing) that one would have to obey to be a service provider. You can't have it both ways.
19:14:44 [hefferjr]
issue 195?
19:14:57 [dsinger]
issue-195?
19:14:57 [trackbot]
ISSUE-195 -- Flows and signals for handling out of band consent -- pending review
19:14:57 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/195
19:14:59 [aleecia]
Roy, I'd be fine with killing SP as a different class.
19:14:59 [rigo]
... similar to D signal, compliance guidance on OBC
19:15:34 [rigo]
peterswire_: if this is something we have to do in compliance
19:15:40 [npd]
Agree, 195 is relevant, consent signal back to the user has otherwise been long settled.
19:16:16 [rigo]
dsinger: if you have consent to signal it
19:16:37 [rigo]
justin: there is an existing task for justin and dsinger
19:16:44 [rigo]
dsinger: justin is taking the lead
19:17:03 [rigo]
mts: can we close issue-152
19:17:10 [rigo]
npd: no objections
19:17:17 [rigo]
issue-153?
19:17:17 [trackbot]
ISSUE-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- pending review
19:17:17 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/153
19:18:17 [npd]
I might check when you send your email that we have the right language already in 153
19:18:19 [rigo]
mts: network tools and registry tools.. we do not want those to interfere, this is now discussed in issue-195, so want to close 153
19:18:29 [rigo]
=> no objections
19:18:29 [dsinger]
issue-167?
19:18:29 [trackbot]
ISSUE-167 -- Multiple site exceptions -- pending review
19:18:29 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/167
19:18:50 [dsinger]
q+ to suggest 'postponed' rather than closed
19:18:52 [peterswire_]
q?
19:18:57 [peterswire_]
q+
19:18:59 [rigo]
mts: explaining issue. Shane was not happy but could live with it
19:19:32 [peterswire_]
q-
19:19:43 [adrianba]
q+
19:19:47 [rigo]
Wileys: discussion in cambridge, who does the weight to process the multi-site processing. Currently in iframes, we will figure that out in CR
19:19:48 [peterswire_]
q+
19:19:58 [npd]
Great, close for now, and ask for implementation experience
19:20:12 [rigo]
dsinger: we should postpone
19:20:16 [BerinSzoka_]
BerinSzoka_ has joined #DNT
19:20:20 [rigo]
q+
19:20:25 [npd]
ack ds
19:20:25 [Zakim]
dsinger, you wanted to suggest 'postponed' rather than closed
19:20:37 [rigo]
q-
19:20:40 [aleecia]
last call does not require all issues closed
19:20:47 [dsinger]
q?
19:20:52 [rigo]
mts: want to close it
19:21:06 [npd]
ack adr
19:21:37 [npd]
ack pete
19:21:37 [rigo]
adrianba: process lawyering aside, add a comment to what Wileys said. In Boston we agreed that it could be part of a larger solution, but wanted to stabilize the spec
19:21:38 [aleecia]
Incidentally, the idea of "let's try to implement it and come back" sounds like a very helpful approach. Take note: I'm violently agreeing with Shane's approach.
19:21:47 [schunter]
q?
19:22:00 [tlr]
+1 to that. I think it's fine to say "we don't know how to handle this", and revisit as we actually move to last call.
19:22:00 [aleecia]
I hope this doesn't change Shane's mind :)
19:22:24 [rigo]
peterswire_: question of macy's having a page on facebook. Muti-site on who is first party, multiple first parties
19:22:52 [npd]
You could imagine using this for a series of sites operated by the same pair of first parties, but it's not so different.
19:23:04 [moneill2]
+q
19:23:32 [rigo]
mts: this is about multiple first parties on the site. so orthogonal. Calling exception API for 5000 uris? is there a short cut. Haven't found a way. Not multiple first parties on one site
19:23:33 [dsinger]
q?
19:23:34 [schunter]
ack M
19:23:55 [npd]
Issue-195?
19:23:55 [trackbot]
ISSUE-195 -- Flows and signals for handling out of band consent -- pending review
19:23:55 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/195
19:24:08 [rigo]
moneill2: you can have one shared iframe, probably best left to CR and implementation, refine it in implementations
19:24:17 [aleecia]
We handle normal agreement with +1 :-)
19:24:23 [rigo]
mts: close issue-167
19:24:31 [rigo]
issue-155?
19:24:31 [trackbot]
ISSUE-155 -- Remove the received member from tracking status -- closed
19:24:31 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/155
19:24:44 [dsinger]
issue-195?
19:24:44 [trackbot]
ISSUE-195 -- Flows and signals for handling out of band consent -- pending review
19:24:44 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/195
19:25:16 [rigo]
mts: text written last week?
19:25:16 [schunter]
q?
19:25:31 [schunter]
q?
19:25:40 [rvaneijk]
q+
19:25:47 [BerinSzoka_]
We *are* going to stop at 12:30 for lunch, aren't we?
19:26:10 [rigo]
dsinger: don't understand. If you have OBC you have to signal it
19:26:19 [rigo]
fielding: this is the P - issue
19:27:05 [justin]
I have a clarification, but we decided it's appropriate for the compliance spec.
19:27:15 [rigo]
mts: don't need to discuss, people need to discuss issue 2.5.7
19:27:23 [rvaneijk]
q-
19:27:39 [rvaneijk]
agree with Matthias, I proposed silence already on the list: http://lists.w3.org/Archives/Public/public-tracking/2013Apr/0202.html
19:27:58 [dsinger]
q?
19:28:02 [Zakim]
+mecallahan
19:28:11 [rigo]
mts: will not close this issue
19:28:17 [BerinSzoka_]
good one, Ed
19:28:31 [BerinSzoka_]
then let's stop
19:28:33 [BerinSzoka_]
no
19:28:40 [rigo]
mts: now discussion of section 6 of draft framework probably too longto start
19:29:12 [rigo]
peterswire_: talked about this yesterday afternoon, talk about it this afternoon, e.g. UA vs browser
19:29:12 [dan_auerbach]
dan_auerbach has joined #dnt
19:29:32 [rigo]
... how to handle split between TPE / TCS and who does what
19:29:48 [rigo]
mts: suggest to go lunch for now
19:29:50 [dan_auerbach]
+1 to matthias and rob that silence on OOBC might be fine
19:29:50 [aleecia]
+1
19:30:01 [johnsimpson]
johnsimpson has left #dnt
19:30:05 [rigo]
lunchbreak
19:30:20 [moneill2]
when do we reconvene?
19:30:21 [rigo]
scribenick:npd
19:30:47 [Zakim]
-mecallahan
19:31:03 [npd]
Reconvene in 90 minutes.
19:31:30 [moneill2]
@npd, thanks
19:31:46 [Zakim]
-bilcorry
19:31:55 [Zakim]
-Gregg_Vanderheiden
19:31:59 [npdoty]
Zakim, mute [Apple]
19:31:59 [Zakim]
[Apple] should now be muted
19:32:29 [sidstamm_]
sidstamm_ has joined #dnt
19:33:27 [npdoty]
Zakim, who is making noise?
19:33:29 [tlr]
zakim, who is on the phone?
19:33:29 [Zakim]
On the phone I see schunter, [Apple] (muted)
19:33:32 [tlr]
zakim, drop schunter
19:33:32 [Zakim]
schunter is being disconnected
19:33:33 [Zakim]
-schunter
19:33:34 [tlr]
zakim, drop apple
19:33:34 [Zakim]
[Apple] is being disconnected
19:33:41 [Zakim]
npdoty, listening for 13 seconds I heard sound from the following: schunter (19%)
19:33:43 [Zakim]
T&S_Track(dntf2f)11:00AM has ended
19:33:43 [Zakim]
Attendees were bilcorry, Jonathan_Mayer, moneill2, schunter, multitudes, [Apple], Gregg_Vanderheiden, mecallahan
20:00:55 [prestia]
prestia has joined #dnt
20:00:58 [robsherman]
robsherman has joined #dnt
20:01:37 [afowler]
afowler has joined #dnt
20:09:51 [johnsimpson]
johnsimpson has joined #dnt
20:10:09 [vinay]
vinay has joined #dnt
20:22:59 [johnsimpson]
johnsimpson has left #dnt
20:40:44 [bryan]
bryan has joined #dnt
20:51:02 [Zakim]
T&S_Track(dntf2f)11:00AM has now started
20:51:09 [Zakim]
+[Apple]
20:52:19 [npdoty]
npdoty has joined #dnt
20:52:50 [afowler]
afowler has joined #dnt
20:54:10 [johnsimpson]
johnsimpson has joined #dnt
20:55:43 [jackhobaugh]
jackhobaugh has joined #dnt
20:56:38 [johnsimpson]
?
20:58:28 [fielding]
fielding has joined #dnt
20:58:29 [Zakim]
+[IPcaller]
20:58:41 [npdoty]
Zakim, who is on the phone?
20:58:41 [Zakim]
On the phone I see [Apple], [IPcaller]
20:58:42 [moneill2]
zakim, [IPCaller] is me
20:58:42 [Zakim]
+moneill2; got it
20:59:00 [jchester2]
jchester2 has joined #dnt
20:59:04 [npdoty]
rrsagent, please draft the minutes
20:59:04 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/07-dnt-minutes.html npdoty
20:59:14 [moneill2]
neat trick
20:59:34 [Zakim]
+ +1.917.846.aaaa
20:59:56 [Yianni]
Yianni has joined #DNT
21:00:27 [Joanne]
Joanne has joined #DNT
21:01:07 [npdoty]
Zakim, please choose a scribe
21:01:07 [Zakim]
Not knowing who is chairing or who scribed recently, I propose +1.917.846.aaaa
21:01:12 [npdoty]
Zakim, please choose a scribe
21:01:12 [Zakim]
Not knowing who is chairing or who scribed recently, I propose moneill2
21:01:14 [paulohm]
paulohm has joined #dnt
21:01:14 [npdoty]
Zakim, please choose a scribe
21:01:14 [Zakim]
Not knowing who is chairing or who scribed recently, I propose +1.917.846.aaaa
21:01:21 [aleecia]
aleecia has joined #dnt
21:01:37 [npdoty]
scribenick: npdoty
21:01:43 [npdoty]
John Callas hear to talk about security
21:01:55 [npdoty]
financial auditing discussion
21:02:08 [npdoty]
could be room for more parking lot discussion this afternoon
21:02:24 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
21:02:29 [tara]
tara has joined #dnt
21:02:35 [Yianni]
Nick, I can scribe
21:02:40 [npdoty]
scribenick: Yianni
21:03:07 [Yianni]
Peter: Dan wanted fo follow up with the case of unique ID cookies, got in touch with John Callas
21:03:19 [Yianni]
...the use of unique ID cookies for cybersecurity and fraud permitted use
21:03:33 [johnsimpson]
?
21:03:42 [Yianni]
John Callas: I should go to questions a little bit
21:03:52 [Yianni]
...value of cookies for a unique identifier
21:03:58 [Yianni]
...they do not have a lot of main use for it
21:04:12 [Yianni]
...I have seen from bad actors that they are using sophisticated malware
21:04:19 [susanisrael]
susanisrael has joined #dnt
21:04:22 [jmayer]
jmayer has joined #dnt
21:04:32 [Yianni]
...actively adapting what they are doing. Organized like a business
21:04:44 [Yianni]
.structure similar to any other software business
21:04:56 [Yianni]
...against an attacker like that, a unique ID does not provide useful information
21:05:01 [Yianni]
...it tracks the good guys
21:05:20 [Yianni]
...bad guys delete them, remove them, swap them, occasionally send a spam message from grandma's computer
21:05:38 [Yianni]
...occasionaly does one bit of click fraud, take a legitimate users cookie then hand it back
21:06:02 [robsherman]
robsherman has joined #dnt
21:06:03 [Yianni]
...on receiving end, you do not get much unique information from a unique id that is useful to track them down
21:06:05 [fielding]
q+
21:06:20 [Yianni]
Shane: Our security team looks at slightly differently
21:06:24 [prestia]
prestia has joined #dnt
21:06:33 [Yianni]
...attempts to use unique identifiers in different ways can be a signal
21:06:42 [efelten]
efelten has joined #dnt
21:06:43 [Yianni]
...can be differentiated from a normal use pattern
21:06:57 [Yianni]
...sometime the identifier is a key signal in differentiating against normal traffic
21:07:13 [Yianni]
John Callas: anything you can do to identify a bad actor is good
21:07:14 [Brooks]
Brooks has joined #dnt
21:07:18 [peterswire]
peterswire has joined #dnt
21:07:22 [peterswire]
q?
21:07:25 [peterswire]
q?
21:07:29 [Yianni]
Shane: Just one signal to identify bad actor
21:07:33 [BillScannell]
BillScannell has joined #dnt
21:07:42 [Yianni]
John Callas: Is a unique ID useful for security, not very
21:07:48 [Yianni]
...not saying not at all
21:07:55 [rvaneijk]
The question on the table is whether unique IDs are proportiate, given the fact that unique IDs are not very useful for security !
21:07:59 [jmayer]
q+
21:08:03 [moneill2]
you would not need it to be a true unique identifier. Low entropy mult digit would do
21:08:08 [Yianni]
Shane: In the battle of security, ever increasing arms race, any incremental value is helpful
21:08:13 [rvaneijk]
helpfull is not the same as necessary
21:08:31 [Yianni]
...is it an important or critical element of overall picture, leaning yes
21:08:46 [rvaneijk]
what surfaces in this q&a is that the underlying problem isn't clear
21:08:47 [Yianni]
...just a matter of degree, very not very, but anything that helps is important
21:08:57 [peterswire]
q?
21:08:59 [justin]
justin has joined #dnt
21:08:59 [npdoty]
ack fielding
21:09:02 [prestia_]
prestia_ has joined #dnt
21:09:20 [robsherman1]
robsherman1 has joined #dnt
21:09:33 [moneill2]
so long duration UIDs not necessary
21:09:48 [hwest]
hwest has joined #dnt
21:09:52 [Yianni]
Roy: agrees with Shane, most common use of cookie is not the identifier, does not catch the most sophisticated but catches easy things
21:10:01 [npdoty]
ack jmayer
21:10:10 [Chapell]
Chapell has joined #DNT
21:10:16 [Yianni]
Mayer: if a cookie is transmitted from a server, could that be used in an anti fraud?
21:10:22 [Yianni]
...does that have any value? Yes
21:10:22 [fielding]
moneil2, correct, depending on what you mean by long duration
21:10:34 [Yianni]
...If a cookie has been set by the user, you could read that user
21:10:40 [moneill2]
<24hrs
21:10:54 [Yianni]
...can you perspectively cookie a user for security? are you suggesting that is neccesary?
21:11:02 [Chris_IAB]
Chris_IAB has joined #dnt
21:11:06 [Yianni]
Shane: What do you mean by perspective?
21:11:13 [npdoty]
s/perspective/prospective/
21:11:39 [Zakim]
-moneill2
21:11:42 [moneill2]
cannot hear
21:11:49 [Yianni]
Mayer: what do I mean by prospective. Adversary may swap cookies. You could keep those cookies for fraud prevention
21:11:56 [johnsimpson]
q?
21:12:14 [Zakim]
+??P2
21:12:21 [tlr]
who joined?
21:12:22 [Yianni]
...User turns on DNT:1 and don't and cookies set (no adversary), questioning the value of dropping the cookie because it may be valuable later down the road
21:12:22 [Wileys]
+q
21:12:28 [npdoty]
Zakim, who is on the phone?
21:12:28 [Zakim]
On the phone I see [Apple], +1.917.846.aaaa, ??P2
21:12:31 [moneill2]
zakim, [IPCaller] is me
21:12:31 [Zakim]
sorry, moneill2, I do not recognize a party named '[IPCaller]'
21:12:42 [JC]
JC has joined #DNT
21:12:50 [tlr]
zakim, ??P22 is probably moneill2
21:12:50 [Zakim]
sorry, tlr, I do not understand your question
21:12:59 [tlr]
zakim, ??P2 is probably moneill2
21:12:59 [Zakim]
+moneill2?; got it
21:13:01 [Yianni]
Peter: permitted uses in compliance spec, permitted use to take action for anti-fraud and cybersecurity
21:13:16 [Yianni]
...should there be a unique ID cookie for DNT:1?
21:13:22 [dsinger]
Zakim, who is on the phone?
21:13:22 [Zakim]
On the phone I see [Apple], +1.917.846.aaaa, moneill2?
21:13:30 [npdoty]
Zakim, drop aaaa
21:13:30 [Zakim]
+1.917.846.aaaa is being disconnected
21:13:32 [Zakim]
- +1.917.846.aaaa
21:13:33 [Yianni]
...assertion by Mayer, is this cookie for DNT:1 users a very low security value
21:13:54 [Yianni]
...if that is true, then use of cookie ID would not be that important for security?
21:14:15 [Zakim]
+ +1.917.846.aabb
21:14:20 [amyc]
amyc has joined #dnt
21:14:24 [Wileys]
q?
21:14:32 [Yianni]
...then unique ID cookies, would not be need for the permitted use?
21:14:45 [ChrisPedigoOPA]
q+
21:14:47 [Chris_IAB]
q
21:14:52 [Chris_IAB]
q+
21:14:57 [Yianni]
...for click fraud, it may be that unique ID cookie would not be that much help. So that could change how we view permitted uses
21:15:07 [Yianni]
Shane: core premise of moving to idealist world
21:15:07 [moneill2]
i switched my mike off, sorry
21:15:13 [Yianni]
...unqiue IDs in cookies do help
21:15:24 [Yianni]
...could discuss efficacy, but it is a net positive
21:15:47 [Yianni]
...with understanding that, then questions becomes, why wouldn't you immediately turn on DNT:1
21:15:54 [Yianni]
...you just gave yourself an edge in that battle
21:16:01 [peterswire]
q?
21:16:03 [dan_auerbach]
dan_auerbach has joined #dnt
21:16:06 [npdoty]
ack Wileys
21:16:07 [Wileys]
ack wileys
21:16:08 [jmayer]
+q response to the question
21:16:12 [Yianni]
John Callas: want to make a privacy friendly system, and one that is good for security
21:16:21 [npdoty]
q+ jmayer to respond to the question
21:16:23 [Yianni]
...does it justify tagging everyone?
21:16:23 [npdoty]
q- response
21:16:26 [aleecia]
Roy, I'm trying to understand the point you raised.
21:16:36 [dsinger]
Zakim, who is on the phone?
21:16:36 [Zakim]
On the phone I see [Apple], moneill2?, +1.917.846.aabb
21:16:41 [Yianni]
...for security purposes, you could do something else that is as or more effective
21:16:50 [aleecia]
I think you were saying what matters is if cookies can be set & read, rather than the content of the cookie. Is that correct?
21:16:53 [rvaneijk]
now we are talking, security can be done in other ways, that are more effective.
21:17:05 [Yianni]
...If you saw something that was security related, you set on an alarm, I have far less problem with tagging
21:17:10 [rvaneijk]
tagging everyone is not proportionate.
21:17:20 [Yianni]
...An adaptive thing that uses cookies for security pruposes is a reasonable thing to do
21:17:26 [Yianni]
...works much better then tagging everyone
21:17:33 [hefferjr]
q+
21:17:37 [aleecia]
who's calling from NY?
21:17:40 [npdoty]
Zakim, drop aabb
21:17:40 [Zakim]
+1.917.846.aabb is being disconnected
21:17:42 [Zakim]
- +1.917.846.aabb
21:18:16 [Zakim]
+ +1.917.846.aacc
21:18:40 [aleecia]
New caller, please id
21:18:44 [tlr]
zakim, drop aacc
21:18:44 [Zakim]
+1.917.846.aacc is being disconnected
21:18:46 [Zakim]
- +1.917.846.aacc
21:18:52 [dwainberg]
dwainberg has joined #dnt
21:18:57 [peterswire]
q?
21:19:01 [npdoty]
ack ChrisPedigoOPA
21:20:26 [fielding]
Really hard to have this conversation in public (or even minuted)
21:20:38 [moneill2]
you could use localStorage, but that would need JS to execute and can be detected
21:21:21 [hefferjr]
q-
21:21:25 [justin]
justin has joined #dnt
21:22:27 [jmayer]
Just to get it in the notes: some participants from the advertising industry are presently chortling. How professinal.
21:22:34 [jmayer]
s/professinal/professional/
21:22:42 [npdoty]
ack Chris_IAB
21:23:54 [peterswire]
q?
21:24:47 [Yianni]
Yianni has joined #DNT
21:24:57 [Yianni]
Jon Callas: Get some people to turn off ad blockers
21:25:09 [jchester2]
+q
21:25:25 [Joanne]
Joanne has joined #DNT
21:25:27 [Yianni]
Chris: you are in a world in a black and white scenario, we want to do things like security and fraud protection
21:25:34 [Yianni]
...we need a way to track bad actors
21:25:42 [Yianni]
...back to what is the definition of tracking
21:25:53 [rachel_n_thomas]
rachel_n_thomas has joined #dnt
21:26:04 [Yianni]
...if consumers understand that they can still track to stop bad actors that becomes part of the definition of do not track
21:26:13 [aleecia]
q+
21:26:34 [Yianni]
Chris: not setting cookies for security reasons, set cookies to operate business, and cookies are used for security and fraud
21:26:41 [moneill2]
any crim would purge their cookies anyway
21:26:43 [Yianni]
John Callas: okay with setting cookies for security purposes
21:27:10 [Wileys]
Note: John Callas stated he'd be okay with setting cookies with unique IDs for security purposes (to keep the full statementin context)
21:27:21 [Yianni]
Peter: Chris Pedigo raised this point, not discussing overall removal of permitted use of cybersecurity
21:27:24 [Wileys]
s/statementin/statement in
21:27:40 [Yianni]
...there is a side piece of unique cookies, and whether they would a big or small hit on securities
21:27:50 [dsinger]
zakim, who is on the phone?
21:27:50 [Zakim]
On the phone I see [Apple], moneill2?
21:27:53 [Yianni]
...may be a small hit on security because anyone can block cookies
21:27:55 [Wileys]
+q
21:27:58 [johnsimpson]
Q?
21:28:14 [npdoty]
ack jmayer
21:28:17 [Yianni]
...facially plausible that unqiue id cookie part may be very different from how it looked in prior statements
21:28:30 [Yianni]
Mayer: it sounded like cookies were of limited value for security
21:28:34 [johnsimpson]
zakim, who is on the phone?
21:28:34 [Zakim]
On the phone I see [Apple], moneill2?
21:28:39 [Yianni]
...some interpreted what you said as the opposite of that view
21:29:00 [Yianni]
John Callas: I find prospectively setting a cookie ironic or counterintuitive
21:29:11 [Marc_]
Marc_ has joined #dnt
21:29:13 [peterswire]
q?
21:29:28 [Yianni]
...if you saw behavior that warranted tracking, if you had cookies as part of you system, that seems reasonable
21:29:31 [npdoty]
ack jmayer
21:29:31 [Zakim]
jmayer, you wanted to respond to the question
21:29:38 [Yianni]
...part of security system that you do in tracking down the bad guys
21:29:46 [Yianni]
...incident response is a good way to put it
21:30:10 [Yianni]
Mayer: Maybe it would helpful in framing thinking as security people think
21:30:40 [Wileys]
Important to note Unique IDs in cookies are helpful in discovery - not only tracking - so all discovery value would be loss with only setting cookies once a user has been deemed "suspect" and then setting a cookie.
21:30:56 [Yianni]
...from that perspective, cookies are easy to delete and swap. Do Not Track are no worse out that current opt out cookies
21:31:21 [Yianni]
...anti-virus get rid of cookies, and lots of ther reasons cookies get deleted (up to 30% of users do not have cookies)
21:31:48 [Yianni]
...there are all sorts of tracking technologies that are part of a more robust incident response
21:31:56 [amyc]
q+
21:32:06 [Yianni]
John Callas: we will do tracking in a certain way for an incident response is reasonable
21:32:11 [Chapell]
q+
21:32:15 [hefferjr]
q+
21:32:20 [Yianni]
Mayer: if and why do industry folks have a different view?
21:32:38 [Yianni]
Peter: one, it would be helpful, for a version of what Jonathan just said
21:32:50 [Yianni]
...second, reason to discuss this in not an open discussion
21:33:06 [Yianni]
...offline we could have a discussion for things that are not appropriate for public discussion
21:33:16 [Yianni]
Jeff Chester: I agree with Jonathan
21:33:26 [npdoty]
ack jche
21:33:36 [Yianni]
...I'm disappointed, I want to hear more from industry, given what we have just heard from John
21:33:38 [Chris_IAB]
q+
21:34:01 [Yianni]
...spirit of this meeting is to move away from polorization. I'd like to hear about other ideas and thoughts
21:34:28 [Yianni]
ChrisM: when talking about security we use every means available
21:34:37 [Yianni]
...we would be taking a step back if we did not use cookies
21:34:46 [npdoty]
ack Chris_IAB
21:34:55 [Yianni]
...we have a fiduciary responsibility to protect our uses, part of that is using the information that we gather to protect them
21:35:08 [justin]
Do you have a fiduciary obligation to respawn cookies using HTML cookies?
21:35:18 [Yianni]
...the gentleman said that if you take away cookies, you would use other methods, which I agree, we currently use other methods
21:35:37 [Chris_IAB]
q-
21:35:37 [Yianni]
John Callas: it is hard to say a piece of information for security purposes, it is all useful
21:35:58 [Yianni]
...can you replace this one item with something else that gives as much or more security than a unique ID, I could do that
21:36:13 [Yianni]
...I would get as good or better security
21:36:22 [Yianni]
CHrisM: How would you get better security?
21:36:47 [Yianni]
John Callas: I do not want to design the system right here and now, unique is already in the hands of bad actors to use
21:37:02 [amyc]
q-
21:37:06 [Yianni]
...it is a public bit of information and attackers are free to set own cookies for own purposes
21:37:20 [npdoty]
ack aleecia
21:37:20 [Yianni]
...part of mine it's not that useful, attackers can use as a weapon
21:37:44 [amyc]
interesting article on fraud detection http://finance.yahoo.com/news/ebay-worked-fbi-put-top-120500693.html
21:37:48 [Yianni]
Aleecia:I had a couple things
21:38:00 [Yianni]
...not talking about security for first parties, we are not talking about keeping users safe
21:38:09 [Yianni]
...just talking about third parties only
21:38:14 [fielding]
q+
21:38:24 [Wileys]
3rd parties are equally interested in looking to protect against injection, malware, take overs, drive bys, etc.
21:38:28 [Yianni]
...anything that is a first party this is not an issue around security, this is a smaller scope problem that we pretent it is
21:38:36 [Yianni]
...we are talking about view fraud and a couple other things
21:38:52 [moneill2]
UIDs must not be shared though (if DNT set to 1st party)
21:39:01 [Yianni]
...this is for Roy, if I understood Roy correctly, they need to set cookies to see how cookies are set and read, rather than the content of cookies
21:39:13 [Yianni]
...I wanted to understand that, and if that is what Roy was saying
21:39:40 [Yianni]
Roy: not unique to Adobe and may not be what Adobe do
21:39:50 [Yianni]
...most high end security monitoring is by third parties
21:40:02 [Yianni]
...first parties do not have vision to distinguish bots from users
21:40:16 [Yianni]
...what you are looking for are patterns to distinguish bots from humans
21:40:29 [Yianni]
...over time bots are becoming more sophisticated and have longer conversation
21:40:42 [Yianni]
...eventually does something that does not behave as a user
21:40:47 [Yianni]
...third parties are doing this monitoring
21:41:05 [Yianni]
...this looks like a 70% chance of an attack, third parties do not have definitive answer
21:41:08 [peterswire]
q?
21:41:13 [Yianni]
...websites do not have access to that same data
21:41:28 [Yianni]
...we do not expect that third party to be adhearing to that DNT signal
21:41:51 [Yianni]
Roy: it is happening for security purposes
21:41:59 [Yianni]
Aleecia: that is already breaking do not track
21:42:06 [rvaneijk]
q?
21:42:08 [Yianni]
Peter: security vendors who look accross sites
21:42:39 [Yianni]
John Callas: when you hit a threshold, you are raising the quesiton is this fraudulent, then using a cookie
21:42:42 [rvaneijk]
q+
21:42:51 [Yianni]
...now its a unique ID that has raised some flags
21:43:08 [Yianni]
Roy: means of identifying if they are a bad actor is the behavior on normal cookie
21:43:14 [Yianni]
...those all add into patterns
21:43:25 [Yianni]
...yes there are potential ways to delete use of cookies in some context
21:43:30 [peterswire]
q?
21:43:38 [Yianni]
...under normal operating procedure that is how you do security detection right now
21:43:42 [npdoty]
I don't think we have any exception in the current draft for first parties to share data with third parties for security purposes
21:43:43 [Chris_IAB]
q+
21:43:52 [Yianni]
...what we are saying is that we are not changing those regardless of DNT
21:44:09 [Yianni]
Peter: how much does unique ID cookie contribute to the pattern?
21:44:37 [Yianni]
Mayer: Roy is discussing, there are certain companies, third parties, that are in the business of providing security services
21:44:46 [moneill2]
tracking via tracing IP addresses though the ISP (to get a crim) is different from tracking everone using UIDs
21:44:49 [Yianni]
...we have talked about having an exemption for companies like that.
21:45:07 [Yianni]
...that is very different from the conversation we are having thus far about third parties providign security services for themselves
21:45:14 [npdoty]
... though there might be a lot of people who think we need to adjust First Party Compliance to allow stated business purposes, which might include sharing security-related data
21:45:16 [Yianni]
...as opposed you are a security company hired by first paty websites
21:45:23 [Yianni]
...a seperate discussion
21:45:39 [Yianni]
...line between prospectively setting cookie or looking at cookies already set
21:45:48 [Yianni]
...if a browser sends a coookie, there might be value
21:45:50 [rvaneijk]
q-
21:45:57 [Yianni]
...discussing value of a cookie when there isn't one
21:46:19 [strider]
strider has joined #dnt
21:46:34 [moneill2]
a pseodomised UID - I like it
21:46:41 [amyc]
i thought we had discussed precise issue of security service providers as part of permitted uses discussion, where we discussed ability to use data across sites for security purposes
21:46:47 [Yianni]
John Callas: you have cookie with field with unique identifier, may put something in the field for a specific incident
21:47:19 [Yianni]
Roy: no one tracks you for more than 2 weeks for security, retention area we could work on. Just turning off cookies doesn't work
21:47:31 [jmayer]
Recap, clarifying point 1: We're not talking about outsourced first-party security services right now. That should be a separate ISSUE. Clarifying point 2: The question here is whether setting unique IDs has marginal value, and if so, how much. We're not debating collection of cookies that have been set/modified by a user.
21:47:56 [Yianni]
Chris: question for John, trying to understand when you said earlier that you could find other means to track bad actors. What other means are there that are not tracking?
21:48:08 [Yianni]
John Callas: very narrow thing of tracking people who says DNT
21:48:25 [Yianni]
...if there was a cookie that went to everyone (opt-out cookie), those are part of the whole thing
21:48:40 [Yianni]
...I'm talking about one field, the unique identifier
21:48:45 [peterswire]
q?
21:48:49 [npdoty]
to amyc, we do have a second option in the Service Provider list, which would specifically allow service providers to share data across first parties for "integrity, security, and correct operation"
21:48:57 [moneill2]
it can still be unique but its fine if it expires <X hrs. Bad guys will delete them anyway
21:49:07 [amyc]
thanks npdoty, glad I wasn't making that up
21:49:19 [Yianni]
...we want to seperate good from bad actors
21:49:33 [Yianni]
...may take longer to find bad actor if they do not have that specific cookie
21:49:46 [Yianni]
Chris: if you enable DNT:1, you would enable do not track
21:49:56 [Yianni]
...cookies are one mode, device fingerprinting is another
21:50:03 [Yianni]
...timing correlation
21:50:16 [Yianni]
...we are being asked not to use any of those things, all of those are off teh security table
21:50:23 [Yianni]
Peter: not where the discussion is right now
21:50:24 [npdoty]
amyc, I'm not sure if that still prohibits a first party from volunteering sharing data with others for security analysis
21:50:51 [Yianni]
...what I had heard is a set of discussion about unique ID cookies, and a specific request that those not be put on at time DNT:1 is on
21:51:05 [Yianni]
...I have been told that unqiue fingerprinting is not unique but in buckets
21:51:47 [Yianni]
...one of the topics that is a specific proposal or goal is to see whether we could get unqiue ID cookies taking out when DNT:1 is on
21:52:05 [Yianni]
Chris: could we use other forms of tracking?
21:52:11 [Yianni]
Peter: gets back to 1024 buckets
21:52:24 [Yianni]
ChrisM: you don't use low entropy buckets to do security.
21:52:30 [Yianni]
...trying to get clarification
21:52:32 [moneill2]
unique identifiers as a term covers more than cookies, it also covers fingerprinting using JS
21:52:43 [Yianni]
Peter: this request can in part from Mayer
21:52:55 [npdoty]
s/can in/came in/
21:53:26 [Yianni]
Mayer: for over a year, there has been a proposal to allow companies, when they have indication of potential behavior, you could use any tracking
21:53:31 [moneill2]
the reality is that >99% tracking uses cookies
21:53:38 [Yianni]
...if you see weird cookies from a browser that didn't set, you could use
21:53:55 [Yianni]
...we are talking about, prospective use for all users, this idea has been floating around for over a year
21:54:05 [npdoty]
ack Wileys
21:54:05 [aleecia]
:-)
21:54:07 [Yianni]
Shane: back to statement you made 20 minutes ago
21:54:17 [aleecia]
q?
21:54:24 [Yianni]
...a goal of a fraudster is not to get caught
21:54:29 [fielding]
q-
21:54:33 [Yianni]
...way not to get caught is to look like everyone else
21:54:34 [tlr]
q- fielding
21:54:45 [Yianni]
...showing up without a cookie, immediately suspect
21:54:53 [Yianni]
...not an ideal outcome for a fraudster
21:55:07 [Yianni]
...with that understanding, you begin finding elements of fraud
21:55:12 [moneill2]
people who delete cookies are suspected of being crims?
21:55:13 [Yianni]
..1. discover, 2. defense
21:55:38 [hefferjr]
q-
21:55:38 [peterswire]
q?
21:55:46 [Yianni]
...setting cookie, tells me that I now suspect them
21:55:59 [Yianni]
...by prospectively setting, I remove one of the clues that I may be on to them
21:56:01 [fielding]
q+
21:56:05 [hefferjr]
agree
21:56:18 [Yianni]
...setting a unique ID once you suspect them, you are telling the fraudster they are suspecting them
21:56:52 [Yianni]
John Callas: convincing a bad guy to go away is a win
21:57:17 [Yianni]
Shane: best way is to lock them in to existing pattern
21:57:42 [Yianni]
...don't want to tip them off
21:57:59 [johnsimpson]
Q?
21:58:13 [moneill2]
panopticlick
21:58:38 [Yianni]
John Callas: without any identifiers, use of fonts and other techniques can identify
21:58:40 [jeffwilson]
q+
21:59:01 [Yianni]
Shane: the concept of the overal GS call, they can use other avenues to block
21:59:07 [Yianni]
...not saying we do not use that as well
21:59:12 [jeffwilson]
q-
21:59:26 [Yianni]
...you said you could build better security, that assumes that they are not already at level of maximum security
21:59:37 [Yianni]
...we already have multiple PhDs working on security
21:59:45 [Yianni]
...lose of ID is always a lose
21:59:56 [Yianni]
John Callas: trade off from privacy discussion
22:00:07 [npdoty]
ack Chapell
22:00:08 [wseltzer]
s/John Callas/Jon Callas/g
22:00:29 [Yianni]
Alan: majority of this room are not qualified to have this discussion
22:00:33 [jmayer]
+q
22:00:49 [Yianni]
ChrisM: adding to what Shane said, one other face, prosecution
22:00:55 [npdoty]
ack Chris_IAB
22:00:56 [wseltzer]
s/face/phase/
22:00:58 [Yianni]
...there is defense and then prosecution
22:01:02 [peterswire]
close Q
22:01:08 [npdoty]
Zakim, close the queue
22:01:08 [Zakim]
ok, npdoty, the speaker queue is closed
22:01:20 [Yianni]
...when handing over records, they have used unique id based off cooking to show harm based on a particular bad actor
22:01:25 [jchester2]
+q
22:01:49 [Yianni]
...how do you go backwards, how do you go back and issue a credit for fraud
22:02:15 [npdoty]
q?
22:02:25 [Yianni]
Jon Callas: something that has occured to me, what if what you had was a field in a cookie that was encrypted in a way that was unique
22:02:38 [Yianni]
...it had some other things in there
22:03:04 [Yianni]
...If you had something that was there, where everyone gets a new one, unique per transaction
22:03:17 [dsinger]
q+
22:03:20 [moneill2]
low entropy pseudo unique ID
22:03:24 [Yianni]
...It sounds to me to not be a unique identifier, but has a security value
22:03:32 [Yianni]
...we have been trying to understand definition of tracking
22:03:34 [peterswire]
q?
22:03:45 [npdoty]
ack fielding
22:03:55 [Yianni]
Roy: other aspect of security, accounting
22:04:16 [susanisrael]
susanisrael has joined #dnt
22:04:16 [Chapell]
Folks: most of us are not qualified to have this discussion. Many of those who ARE qualified are unable to talk in specifics. If we're still arguing over security and fraud exceptions, it does not bode well for our progress. Can we PLEASE move to a more productive discussion?
22:04:18 [Yianni]
...large campaigns, find out about click fraud after the fact, have to go back look at accounts and remove them from billing
22:04:35 [npdoty]
ack jmayer
22:04:38 [Yianni]
...contracturally required to do so, hard to do if you do not know who they are. Most done by IP address, not sure percentage
22:05:07 [Yianni]
Mayer: high level thinking, question before group: marginial value of propsectively setting unqiue IDs for lots of users
22:05:10 [susanisrael]
isn't the whole point of a permitted use that it is a case where tracking is permitted because it's necessary? The argument is not that this is not tracking but that it is a case where tracking is necessary.
22:05:15 [Yianni]
...based on discussion, there are serious questions
22:05:24 [dsinger]
I am disturbed that we're talking about technology -- cookies, unique identifiers -- when we have done much better when we talk about principles and trust -- retention of data that can be linked to a user, and so on. If we trust a site is abiding by the principles, then yes, be slightly (more) concerned if they set a unique ID, but it's not -- by itself -- something we need to forbid, is it?
22:05:29 [jchester2]
Alan. I disagree. This is a conversation on fundamental values, doing privacy for DNT in a meaningful well. It doesn't have to do with privacy expertise.
22:05:30 [Yianni]
...have not heard from ad industry, why there is so much marginal value
22:05:41 [Yianni]
...burden has shifted to ad industry of why these cookies have so much value
22:05:49 [Yianni]
...I would love to hear more about it, off the record
22:06:05 [Chapell]
jchester2 this is not about privacy, its about security.
22:06:27 [Yianni]
Peter: couple items of potential action items
22:06:28 [jmayer]
s/from ad industry/from ad industry security experts/
22:06:52 [Wileys]
I have done my best to channel ad industry security expert concepts in this area to the very edge of not oversharing IP specifics. This has been based on many hours of focused discussion on these topics. So while I'm not personally a security expert, I believe I've fairly represented their views on this topic.
22:07:16 [aleecia]
We hadn't addressed that
22:07:17 [Yianni]
...point raised, not sure about what is said in current compliance spec, third party security services that get IP address accross a lot of websites
22:07:24 [Chapell]
jchester2 we've heard a number of plausible arguments for in favor of security.
22:07:27 [jchester2]
Alan C, we just heard from an expert you don't need to do this for security purposes, given the privacy issues. But we will continue the dialogue.
22:07:41 [Yianni]
Justin: added language based on Roy's description. Roy could you look at language
22:07:47 [jmayer]
Shane, after nearly two years of conversations, the advertising industry has produced nothing more than second-hand observations. Meanwhile, world-class security experts have suggested prospective ID cookies have limited value. The ball is squarely in your court.
22:08:07 [Yianni]
Peter: I am not aware of objecting to that language, if someone has an objection look at that part
22:08:11 [Chapell]
jchester2, we've heard from an expert that cookies can be replaced with other forms of tracking.
22:08:24 [Yianni]
...heard Mayer discuss marginal value of unique ID cookies
22:08:37 [fielding]
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#security
22:08:47 [Yianni]
...Shane explained loss bad actors at beginning and honey pot
22:08:51 [Wileys]
I can write down all that I've said - I believe that more than clearly showed that UIDs are of real value to the security/fraud battle. The current expert could not disagree with any of those points.
22:08:58 [Yianni]
...response back was that privacy implications were greater
22:09:06 [Yianni]
...we did clarify what as in and out of discussion
22:09:20 [Yianni]
...I have not heard why the things Shane said were diminimish
22:09:30 [Yianni]
...we clarified issues, I will consider this part of the discussion closed
22:09:31 [jchester2]
Shane, I disagree with your interpretation. But the debate will continue
22:09:51 [Yianni]
Peter: we have a short other piece of unique IDs with financial accounting
22:09:57 [Chapell]
jchester2, we've also heard from other experts on needing market research for advertising to continue to foster internet growth. But, we will continue the dialogue. (:
22:10:01 [Wileys]
Jeff - the discussion is scribed - not sure what there is to "interpret"
22:10:14 [Yianni]
...step 1 - permitted use of financial auditing and accounting
22:10:25 [aleecia]
This is not meant to sound snarky -- did we make substantive progress on this discussion?
22:10:27 [Yianni]
...variety of statements of how information was needed in the permitted use
22:10:38 [susanisrael]
s/diminimish/ de minimis
22:10:46 [peterswire]
q?
22:10:46 [justin]
fielding, I'm not sure your language was added. I think I held off because someone else was working on text too (perhaps amyc?). I don't know that that ever got done, so I will incorporate your language.
22:10:48 [npdoty]
Topic: Financial
22:11:03 [fielding]
aleecia, I heard consensus on the text in 6.2.2.6 ;-)
22:11:06 [Yianni]
Dan: As part of doing research, cookie data on impression was not part of financial accounting
22:11:08 [npdoty]
justin, fielding, amyc, we have language (perhaps from amyc) in the Service Provider section
22:11:35 [Yianni]
...safari users cannot possibly be breaking financial reporting and auditing
22:11:36 [aleecia]
we should define tracking in section 6.6.6
22:11:49 [Yianni]
...real world were unique IDs are needed
22:11:55 [Yianni]
...happy to get into details
22:12:20 [Yianni]
Peter: there is a cost per action advertising
22:12:32 [Yianni]
...someone takes actions, clicks, and then they get paid
22:12:48 [Yianni]
...user has taken an action, so would become first party, allows collection
22:13:05 [Yianni]
...second, cost per click add, when you click there is a meaningful interaction
22:13:25 [Yianni]
...those important things would not be affected by DNT
22:13:31 [Yianni]
...third is cost per impression
22:13:40 [Yianni]
...here the user did not have a meaningful interaction
22:13:49 [Yianni]
...that is the core piece going forward because still a third party
22:14:03 [Yianni]
...whether that piece, cookies get saved in accounting system
22:14:20 [peterswire]
q?
22:14:23 [npdoty]
Zakim, open the queue
22:14:23 [Zakim]
ok, npdoty, the speaker queue is open
22:14:29 [npdoty]
q+ dwainberg
22:14:32 [Yianni]
Dan: I would say mostly right, cost per click, they are a first party
22:14:36 [justin]
npdoty, right, it's in Service Provider (or at least on the options). fielding had also suggested a change to 6.2.2.6 I thought, but perhaps not necessary now?
22:14:48 [Brooks]
q?
22:15:12 [Yianni]
...for conversion event, maybe not that clear
22:15:13 [Yianni]
...haven't seen any evidence, interested in needing information from user for CPA
22:15:20 [npdoty]
ack dwainberg
22:15:24 [jchester2]
+q
22:15:37 [Yianni]
DavidW: I think there is another model, you are assuming the CPA that the attribution comes after a click
22:15:49 [Yianni]
...the attribution could come after an impression or multiple impressions
22:15:59 [Brooks]
q+
22:16:10 [Yianni]
Jeff Chester: discussion about attribution model, series of actions
22:16:32 [Yianni]
Peter: want fact finding, area where more knowledge could clarify the issue
22:16:45 [justin]
ack jchester
22:16:48 [justin]
ack brooks
22:17:15 [Yianni]
Brooks: echo David's question, much of the backend analysis is a two point measurement event
22:17:21 [Chapell]
Q+
22:17:30 [Yianni]
...when you are in two different contexts, you are a third party in one of them
22:17:45 [fielding]
justin, I can't remember exactly, but I think my suggestion predated the current security text … it looks fine to me as is.
22:17:56 [justin]
fielding, excellent.
22:18:02 [dan_auerbach]
q?
22:18:09 [dan_auerbach]
+q
22:18:13 [npdoty]
ack Chapell
22:18:19 [Yianni]
Joshua: for CPA, people are correct that saying it is a linking of event to prior events, possibly impressions
22:18:24 [Wileys]
+q
22:18:25 [npdoty]
justin, fielding, yay!
22:18:29 [Yianni]
...not a single linking, attribution is about series of events
22:18:40 [W3C]
W3C has joined #dnt
22:18:48 [dsinger__]
dsinger__ has joined #dnt
22:18:59 [Yianni]
...attribution model may be validation model
22:19:02 [Wileys]
Will be discussing frequency capping / pricing when my turn comes up. And address the loss of revenue on Safari 3rd party cookie blocking.
22:19:02 [peterswire]
q?
22:19:09 [Yianni]
...want an effective cost per action
22:19:23 [W3C]
q+
22:19:32 [Yianni]
Dan: Is there a real world place, where I can see these attribution models in effect
22:19:38 [Yianni]
...want to learn more about how it works
22:19:39 [tlr]
queue=WileyS,dwainberg
22:19:40 [dwainberg]
tlr, don't know why that happened
22:19:51 [tlr]
dwainberg, we're tracking you
22:19:53 [Yianni]
...if there is an ad netword that uses this model you talking about, I would love to see it
22:20:02 [npdoty]
ack Wileys
22:20:04 [Yianni]
...for Safari uses without cookies, what happens with that
22:20:25 [Yianni]
Shane: Ad pricing CPM, CPA, CPC
22:20:35 [Yianni]
...Safari has hit revenue
22:20:42 [dsinger__]
Q?
22:20:42 [moneill2]
qunatify?
22:20:51 [Yianni]
...we have been moving toward CPM, impressions
22:21:13 [Yianni]
...some advertisers may give you more attribution for view through, general ranges
22:21:23 [Yianni]
...we also lose on frequency capping
22:21:28 [moneill2]
firefox 22 tomorrow
22:21:39 [Yianni]
...I cannot demonstrate to an advertiser only show this ad 3 times
22:21:51 [Yianni]
...I cannot prove in an audit that I did that because I do not have a cookie ID
22:21:54 [peterswire]
q?
22:21:58 [Yianni]
...generally we will lose on that side as well
22:21:59 [BerinSzoka]
BerinSzoka has joined #DNT
22:22:00 [npdoty]
I'm curious about moving away from CPC -- Safari users can more easily be tracked when there's a click, right?
22:22:00 [BillScannell]
BillScannell has joined #dnt
22:22:09 [Yianni]
will be priced down due to Safari blocking cookies
22:22:26 [Yianni]
Shane: lower percentage based on market share
22:22:38 [Yianni]
...with Mozilla, percentage becomes much more significant
22:22:38 [moneill2]
then firefox os
22:22:50 [Yianni]
...then it really does begin to destroy business models
22:23:08 [dsinger__]
Q?
22:23:08 [Yianni]
Dan: frequency capping, will have discussion elsewhere
22:23:29 [Yianni]
...important to distinguish between breaking business model, and where financial audting won't work
22:23:59 [rigo]
q?
22:24:00 [Yianni]
Shane: Yes, I can't bill CPC, CPA, or frequency cap, and I cannot prove that I did that in audit then I lose that business
22:24:02 [rigo]
q+
22:24:06 [jchester2]
Can we have someone from Apple speak to respond
22:24:12 [moneill2]
firefox, safari, etc. could be back in play if we have a tracking consent aka exception API
22:24:18 [jmayer]
+q
22:24:22 [Yianni]
...Already lose in Safari, magnify that in DNT setting
22:24:57 [Yianni]
Peter: I think I heard Shane say, all I can do is bill for cost per impression
22:25:06 [justin]
Still don't understand why CPC doesn't work, but I get why CPA has problems without unique cookies.
22:25:21 [Yianni]
Shane: one of the things I said, even impression level billing is difficult, how do I seperate non-cookie ID and fraud
22:25:22 [Brooks]
q+
22:25:30 [jmayer]
Justin, there is no problem with CPC and Do Not Track.
22:25:32 [Yianni]
...cannot defend with an audit that it is not fraud
22:25:34 [npdoty]
justin, I think Wileys is suggesting that cost-per-click is hard to distinguish from click fraud for Safari users if they don't have a cookie history of the impression (and maybe for some reason they can't do this through other means)
22:25:37 [peterswire]
q?
22:25:41 [npdoty]
ack dwainberg
22:25:43 [peterswire]
close q
22:25:45 [Yianni]
DavidW: backup for a second, purpose for these models
22:25:49 [moneill2]
the ad industry needs consent
22:25:58 [npdoty]
Zakim, close the queue
22:25:58 [Zakim]
ok, npdoty, the speaker queue is closed
22:26:09 [peterswire]
q?
22:26:11 [Yianni]
...role of advertising is to support free content, these models allow advertisers to understand value
22:26:24 [Yianni]
...we would create more ad inventory, race to the bottom, bad user experience
22:26:32 [dan_auerbach]
q?
22:26:38 [npdoty]
ack rigo
22:26:54 [jchester2]
But there is a way to do attribution that also protects privacy for DNT:1 users
22:26:56 [Yianni]
Rigo: If I understand, you put something in fraud bucket, you have exception for security and fraud
22:27:15 [Yianni]
...we have a clear purpose limitation, for your reporting, you can use but for nothing else
22:27:30 [Yianni]
...if you collect for reporting, at the end of reporting, just get rid of the data
22:27:36 [peterswire]
q?
22:27:48 [Yianni]
...for frequency capping this is a convenience. How fast are you willing to innovate?
22:28:03 [justin]
npdoty, Got it, doesn't seem that black-and-white, but if cookies are useful for combating click-fraud, I get can see why CPC would be marginally less reliable (but not unauditable or usable, since I think it was clear from last speaker that cookies were of relatively limited value).
22:28:18 [npdoty]
dwainberg, if the concern is any decrease in revenue is too harmful to the user experience to allow DNT:1, then is there any restriction (like against behaviorally targeted advertising) that's acceptable?
22:28:21 [Yianni]
Mayer: In thinking for this permitted use. What information do you need, action counting. Let's see if there is a way to do if there are not unique IDs
22:28:29 [rachel_n_thomas]
+a
22:28:33 [rachel_n_thomas]
+q
22:28:44 [npdoty]
ack jmayer
22:28:47 [rachel_n_thomas]
rachel whispers at zakim that she's been very quiet today and would like to speak
22:29:11 [Yianni]
...make sure to flag, one reason that I have reservation about permitted use, we built a system that allows attribution from an ad
22:29:12 [Wileys]
Many technical solutions that work in a small lab break at scale because the smaller implementation typically doesn't take into account all of the additional variables that come into play at scale.
22:29:23 [Yianni]
...want to hear from industry why this doesn't work?
22:29:27 [amyc]
amyc has joined #dnt
22:29:33 [npdoty]
ack Brooks
22:29:45 [WaltM_CC]
WaltM_CC has joined #dnt
22:30:02 [Yianni]
Brooks: question is not about what happens in Safari, or 10% of the market
22:30:08 [Yianni]
...what happens to that value
22:30:17 [rachel_n_thomas]
+q
22:30:20 [Yianni]
...if it drops portion of the market by 10%, that's 1% of the market
22:30:28 [BerinSzoka]
I'm no expert but even if it were true that you can do CPA without cookies, what about CPM? they serve two completely different market needs. CPM ads are about building brand awareness
22:30:42 [Yianni]
...We are talking about huge numbers
22:30:51 [justin]
BerinSzoka, uh . . .
22:31:07 [Yianni]
...It is all about a valuation model, not a pricing model, which dictates how much people are willing to pay
22:31:13 [Yianni]
...real money that pays for real websites
22:31:28 [Yianni]
Lou: I think that David W made a good point
22:31:35 [jmayer]
Berin, CPM is easy - you just count the impression.
22:31:43 [Yianni]
...this is about return on investment, that is the justification for supporting websites
22:31:50 [jmayer]
Same goes for CPC - count the click.
22:31:55 [Yianni]
...if we cannot value an advertising impression there is no reason to spend money there
22:32:10 [Yianni]
...advertisers have done is treat data responsibly, that is the balance
22:32:20 [Yianni]
...cannot believe we are still having this conversation
22:32:31 [aleecia]
q+
22:32:35 [Yianni]
...advertisers get to support content, users get to use content, that is a balance
22:32:36 [aleecia]
Ok:
22:32:52 [Yianni]
Dan: it sounds like we are talking about a permitted use for advertising
22:33:01 [Yianni]
...there are a couple issues on the table
22:33:06 [Yianni]
...will this break business models
22:33:19 [Yianni]
...is this needed for this permitted use. just trying to get clarity about
22:33:23 [aleecia]
We're here for notice and choice. If you are not in favor of users being able to make choices about where their data goes, let's get that clear.
22:33:41 [Yianni]
...trying to understand what is going on now. Want a name of ad network where I can see how this works
22:33:42 [aleecia]
Roy has been clear :-)
22:34:07 [Yianni]
...just trying to figure out what is there, to find out how you can do what you want in a privacy protective way
22:34:21 [Yianni]
Peter: Dan's request seems to be a reasonable thing
22:34:23 [BerinSzoka]
Right, CPM is easy--except for the fraud problem
22:34:35 [Yianni]
...reasonable that he gets the same view of commercial advertisers if they are clients
22:34:45 [Yianni]
...An advertiser eye view
22:34:54 [Yianni]
Break until top of the hour
22:35:05 [Zakim]
-moneill2?
22:42:16 [strider]
strider has joined #dnt
22:45:05 [vincent]
vincent has joined #dnt
22:46:01 [Zakim]
+mecallahan
22:46:41 [strider1]
strider1 has joined #dnt
22:47:04 [strider]
strider has joined #dnt
22:47:27 [Mecallahan]
Mecallahan has joined #Dnt
22:49:55 [Zakim]
-mecallahan
22:56:02 [Mecallahan]
Mecallahan has joined #Dnt
22:56:22 [Zakim]
+??P1
22:56:24 [Zakim]
+[IPcaller]
22:56:38 [moneill2]
zakim, [IPCaller] is me
22:56:38 [Zakim]
+moneill2; got it
22:56:48 [Zakim]
+mecallahan
22:56:50 [vincent]
zakim, ??P1 is vincent
22:56:50 [Zakim]
+vincent; got it
23:02:20 [strider]
strider has joined #dnt
23:04:25 [Zakim]
-moneill2
23:06:33 [Zakim]
+[IPcaller]
23:06:43 [Zakim]
-mecallahan
23:06:47 [moneill2]
zakim, [IPCaller] is me
23:06:47 [Zakim]
+moneill2; got it
23:09:44 [npdoty]
npdoty has joined #dnt
23:10:04 [npdoty]
rrsagent, pointer?
23:10:04 [RRSAgent]
See http://www.w3.org/2013/05/07-dnt-irc#T23-10-04
23:11:10 [npdoty]
rrsagent, this meeting spans midnight
23:11:28 [moneill2]
cannot hear anything
23:12:42 [moneill2]
thats OK, thought it was the phone system
23:13:17 [npdoty]
zakim, who is making noise?
23:13:31 [Zakim]
npdoty, listening for 12 seconds I heard sound from the following: [Apple] (48%)
23:19:08 [Mecallahan]
Mecallahan has joined #Dnt
23:22:21 [strider]
strider has joined #dnt
23:24:44 [bryan]
bryan has joined #dnt
23:28:15 [npdoty]
plan is to restart in just a couple minutes.
23:33:02 [afowler]
afowler has joined #dnt
23:33:05 [jmayer]
jmayer has joined #dnt
23:33:59 [Chapell]
Chapell has joined #DNT
23:34:04 [jackhobaugh]
jackhobaugh has joined #dnt
23:34:37 [rachel_n_thomas]
rachel_n_thomas has joined #dnt
23:34:49 [W3C]
W3C has joined #dnt
23:34:50 [Yianni]
Yianni has joined #DNT
23:34:58 [adrianba]
scribenick: adrianba
23:35:04 [efelten]
efelten has joined #dnt
23:35:11 [adrianba]
tlr: describes the end of the princeton workshop
23:35:21 [adrianba]
... said lots of the things that were said in the last year
23:35:24 [npd]
here's a basic structure,can people live without, can't people live with it, silence at that time
23:35:33 [adrianba]
... this is the f2f where we need to make progress
23:35:36 [adrianba]
... and drive to last call
23:35:48 [dsinger]
dsinger has joined #dnt
23:35:49 [adrianba]
... need to start talking about the things that it takes to get agreement
23:36:01 [amyc]
amyc has joined #dnt
23:36:02 [adrianba]
... some people think there is no way to get to agreement but i don't think that is helpful
23:36:08 [justin]
justin has joined #dnt
23:36:15 [adrianba]
... that shouldn't take over the discussion
23:36:20 [paulohm]
paulohm has joined #dnt
23:36:25 [adrianba]
... let's figure out the things we really care about
23:36:31 [justin]
The original CDT proposal that people didn't hum they couldn't live with in Princeton: https://www.cdt.org/files/pdfs/20110447_DNT_v2.pdf
23:36:35 [adrianba]
... build something useful on a credible schedule
23:36:43 [wseltzer]
scribenick: wseltzer
23:36:43 [sidstamm]
sidstamm has joined #dnt
23:37:13 [wseltzer]
peterswire: Yesterday afternoon, we were talking about provisions in the draft framework
23:37:16 [Dominique]
Dominique has joined #dnt
23:37:36 [wseltzer]
... item 6; there was an interesting point of agreement, more work would have to be done, but there's a bunch we can work with
23:37:46 [dan_auerbach]
dan_auerbach has joined #dnt
23:37:56 [susanisrael]
susanisrael has joined #dnt
23:37:56 [wseltzer]
... This morning, we identified priority pieces for many stakeholders;
23:38:15 [wseltzer]
... privacy: unique ID cookies; industry: stability for investment
23:38:18 [AAIsham]
AAIsham has joined #dnt
23:38:21 [Brooks]
Brooks has joined #dnt
23:38:27 [wseltzer]
... this afternoon, the tone shifted, talking past one another
23:38:41 [wseltzer]
... Now, time for all of you to think: What does it take to move forward?
23:38:51 [wseltzer]
... What can you live with? or if not, what happens then?
23:38:56 [npd]
... privacy: do not collect and unique id cookies
23:39:12 [aleecia]
aleecia has joined #dnt
23:39:13 [wseltzer]
... It may be, the people who don't come together, you don't get a standard.
23:39:27 [wseltzer]
... We have on the screen the draft framework.
23:40:00 [wseltzer]
... I'm going to try calling on Shane, to talk about some ideas,
23:40:10 [hwest]
hwest has joined #dnt
23:40:17 [wseltzer]
... and then some privacy ideas about unique ID cookies
23:40:39 [wseltzer]
... let's hear from people, including those who haven't spoken much: What does it take to move forward?
23:40:54 [wseltzer]
... then we go home for the night, and tomorrow, we reconvene to see if we have enough to get to last call.
23:41:06 [wseltzer]
... Shane, can you tell us about handling of data?
23:41:24 [wseltzer]
Wileys: This isn't a formal proposal, but a thought experiment
23:41:31 [wseltzer]
... Continue to use unique IDs and cookies
23:41:41 [wseltzer]
... upon collection of a record with DNT:1 associated
23:41:51 [wseltzer]
... would immediately separate out the few permitted uses
23:42:00 [wseltzer]
... all other material would be de-identified
23:42:01 [moneill2]
unlinked?
23:42:21 [wseltzer]
... Dan and I have agreed on normative text, not yet on the technical detail
23:42:36 [rigo]
de-identification = combination of technical and administrative measures
23:42:52 [wseltzer]
... if we look at where that would leave us, meaningful outcome for consumer privacy and put organizations on the hook, accountable for follow-through, get broad adoption
23:43:34 [wseltzer]
... Starting point, not nirvana for advocates, but implementable
23:43:42 [wseltzer]
peterswire: explain de-identification?
23:43:50 [wseltzer]
Wileys: a raw record and a de-identified record
23:43:58 [wseltzer]
... raw record security, frequency capping, debugging
23:44:12 [wseltzer]
... open debate on finance, (double-verify audit for a short time)
23:44:28 [wseltzer]
... other permitted uses we've discussed should be able to use de-identified outcome
23:44:31 [Joanne]
Joanne has joined #DNT
23:44:39 [wseltzer]
... reporting and analysis can occur
23:45:11 [wseltzer]
... de-identification: a record comes in, you look at unique IDs and either remove or one-way secret hash
23:45:18 [moneill2]
cookies?
23:45:28 [wseltzer]
... IP addresses => geolocation; side data limited or removed
23:45:40 [wseltzer]
... removing information that would allow linking record with other records
23:45:48 [wseltzer]
... URL cleansing, for username, userID, password
23:45:58 [moneill2]
so not unlinked
23:46:01 [rigo]
searchterm
23:46:02 [wseltzer]
... things you'd see in query string, filter those out
23:46:10 [wseltzer]
... at some point in time, that key would be rotated
23:46:17 [wseltzer]
peterswire: this is a series of concrete steps
23:46:24 [wseltzer]
... things not done widely across the ecosystem today
23:46:35 [dan_auerbach]
q?
23:46:37 [wseltzer]
justin: sounds similar to something I put on the mailing list
23:46:46 [wseltzer]
... three states: red, yellow, green
23:47:14 [wseltzer]
... red: security, yellow: financial reporting; green, de-id, use as you like
23:47:15 [johnsimpson]
Shane, can you please recap the proposal in writing at your convenience?
23:47:21 [dan_auerbach]
q+
23:47:29 [wseltzer]
Wileys: the delta is from three-state to two-state
23:47:39 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
23:47:41 [wseltzer]
... de-identified data is safe to use
23:47:48 [npd]
Zakim, open the queue
23:47:48 [Zakim]
ok, npd, the speaker queue is open
23:47:49 [ChrisPedigoOPA]
q+
23:48:10 [peter]
peter has joined #dnt
23:48:15 [peter]
q?
23:48:17 [wseltzer]
... with promises it wouldn't be used to represent an individual
23:48:34 [wseltzer]
justin: what's modeling?
23:48:57 [johnsimpson]
q?
23:49:03 [wseltzer]
Wileys: e.g. if I want to see which link position gets more usage, look at group behavior
23:49:12 [wseltzer]
justin: is that a permitted use?
23:49:29 [wseltzer]
Wileys: not "permitted use" -- reporting is done with de-identified data
23:49:35 [peter]
q?
23:50:04 [efelten]
+q
23:50:10 [npd]
q+ dan?
23:50:15 [efelten]
-q
23:50:17 [efelten]
+q
23:50:24 [moneill2]
if uids are persistent then tracking occurs. Do Not Track is being ignored
23:50:34 [dan_auerbach]
q?
23:50:36 [sidstamm]
q+
23:50:54 [wseltzer]
Wileys: if an organization is de-identified and you can be confident it's not re-identified, more uses are acceptable
23:51:09 [wseltzer]
... accountability or trust component, the pledge that the organization wouldn't re-ID
23:51:19 [jmayer]
+q
23:51:37 [wseltzer]
peterswire: mapping to discussions: product improvement - is that debugging? A/B testing?
23:51:58 [johnsimpson]
q+
23:52:10 [wseltzer]
Wileys: For product improvement I can test buckets of people, not individuals
23:52:35 [wseltzer]
... I think you can get to all of that with de-identified data; buckets, not individuals
23:52:46 [wseltzer]
... e.g. homepage-test-123 vs homepage-test-124
23:52:53 [wseltzer]
... compare outcomes across buckets
23:53:14 [wseltzer]
peterswire: [analytics]
23:53:36 [wseltzer]
Wileys: the panel elements survive in de-identified data
23:53:51 [peter]
q?
23:53:54 [tlr]
ack chris
23:53:58 [wseltzer]
... but would need someone from market research to say whether it meets their needs
23:54:16 [wseltzer]
ChrisPedigoOPA: with your de-identification definition, URL history is still there
23:55:32 [wseltzer]
Wileys: if you promise you'll never reverse engineer, you can look at cleansed URLs but never correlate to actual user
23:55:42 [moneill2]
there is a 1 to 1 correspndance 123 == abc
23:55:53 [wseltzer]
ChrisPedigoOPA: you couldn't re-target
23:56:08 [wseltzer]
Wileys: Right, no retargeting, only reporting, e.g. how many people saw this ad.
23:56:32 [rigo]
zakim, who is here?
23:56:32 [Zakim]
On the phone I see [Apple], vincent, moneill2
23:56:33 [Zakim]
On IRC I see peter, ChrisPedigoOPA, Joanne, hwest, aleecia, Brooks, susanisrael, dan_auerbach, Dominique, sidstamm, paulohm, justin, amyc, dsinger, efelten, Yianni, W3C,
23:56:33 [Zakim]
... rachel_n_thomas, jackhobaugh, Chapell, jmayer, afowler, bryan, strider
23:56:33 [wseltzer]
... doing everything possible to prevent myself from re-identifying
23:56:47 [dan_auerbach]
q?
23:56:49 [wseltzer]
peterswire: let's pause the queue, put back into terms of draft framework
23:56:52 [sidstamm]
I was going to bring it back to the framework (via queue comment)
23:56:57 [aleecia]
Shane would you kindly write this up so we have text to talk about
23:57:00 [wseltzer]
... Where can we move forward?
23:57:17 [Wileys]
Aleecia - yes, its on my to do list
23:57:19 [efelten]
This approach would require having a precise, technically actionable definition of "de-identified data".
23:57:22 [aleecia]
thank you
23:57:45 [wseltzer]
peterswire: Let's read through the framework; comments or questions to ask
23:57:50 [wseltzer]
... what would it take to live with this
23:57:51 [rigo]
Wileys: but you could still single out user ABC and you have a profile of user ABC?
23:57:55 [Wileys]
Ed, agreed - and I've tried a bit in the email list but look to guidance on what specific elements you'd like to see.
23:58:01 [rvaneijk]
This thought experiment is nothing more than a linkable pseudonym
23:58:29 [Wileys]
Rigo, yes - but this is not a real user anymore - just a ID that links to nothing in the real-world
23:58:32 [efelten]
Thanks, Shane. Do you have a specific definition (e.g. from email) that you like at the moment?
23:58:35 [wseltzer]
peterswire: reads draft point 1
23:58:43 [rvaneijk]
WileyS, would you consider this to apply to first parties and service providers?
23:58:54 [Wileys]
Rob, disagree - a pseudonym can be linked to in the real-world. A de-identified record can not.
23:58:55 [wseltzer]
... for "browser", read "user agent where the consumer has activated DNT functionality"
23:59:03 [JC]
Wileys, does hash rotate over time?
23:59:12 [aleecia]
Shane, you say "cannot" when that is not actually true.
23:59:39 [rvaneijk]
WileyS, it is hashing, one way, re-identification is not as relevant when data is still linkable.
23:59:39 [wseltzer]
peterswire: narrow set of permitted uses; Shane, did you imagine a time-limit?
00:00:04 [wseltzer]
Wileys: there'd be a retention requirement, transparent to consumer
00:00:10 [dsinger]
to shane: in your framework, could someone come and insist that you answer 'did user 123 see URL Q' where URL Q was stored against ABC. Is that answerable?
00:00:21 [aleecia]
Great, I'll state my retention time is 55 years.
00:00:25 [wseltzer]
[Draft Framework: http://lists.w3.org/Archives/Public/public-tracking/2013Apr/att-0298/one_pager_framework_as_distributed.pdf ]
00:00:45 [wseltzer]
peterswire: don't have a definition of tracking, but multiple sites over time
00:00:46 [Wileys]
Aleecia, it is not purely "technical" true in isolation, but I can in combination between technical, operational, and administrative controls have a reasonable assurance this is true.
00:00:47 [rvaneijk]
WileyS, would you consider this to apply to first parties and service providers?
00:00:52 [rigo]
ok, you take a snapshot of the realworld and transform to a pet world. I logically come to the same conclusion then Peter. When do you move this into k-like buckets?
00:01:01 [wseltzer]
... permitted uses? is that in the compliance spec now?
00:01:09 [Wileys]
Aleecia, good luck surviving industry scrutiny with that retention rate.
00:01:14 [Chapell]
Aleecia, if you choose to state your retention time as 55 years, I'm sure some of your colleagues may have something to say about that - as will members of the press and potentially, regulators
00:01:21 [rigo]
q?
00:01:26 [wseltzer]
aleecia: you don't need separate siloed data, but you can only use it under controls for so long as necessary for that use
00:01:37 [JC]
q+
00:01:44 [wseltzer]
... you might have people from a department lose their access to the data on a certain date
00:01:55 [dsinger]
q?
00:02:03 [moneill2]
if data is not unlinked then plug-ins and browsers will
00:02:11 [wseltzer]
peterswire: are there pieces of DF#1 that people can't live with?
00:02:19 [aleecia]
Alan & Shane, we all know social pressure is not sufficient for data retention
00:02:21 [npd]
Aleecia accurately reports the state of the group, and I believe that's written in our sections on Secondary Use and Minimization
00:02:33 [Wileys]
JC, yes - but to keep a consistent level of longnitudal consistency in data, this approach would require re-de-identifing the data again at its retention limit and then throwing away the key on a consistent frequency (daily, weekly, etc.)
00:02:53 [TS]
TS has joined #DNT
00:03:05 [wseltzer]
peterswire: DF#2
00:03:18 [JC]
q-
00:03:24 [Chapell]
Aleecia, I think we both know that this is more than mere social pressure
00:03:26 [johnsimpson]
q?
00:03:28 [wseltzer]
... non-comlliance woudl be a DAA violation; that is very different from what's in the compliance draft
00:03:32 [aleecia]
Uh, we're not planning to writing "non-compliance is a DAA violation" into a W3C spec, right? That's on DAA to do, not us...
00:03:34 [dan_auerbach]
shane, would a company have to be transparent about its deidentification process?
00:03:48 [jmayer]
I'm confused. Is this an opportunity to ask questions? Or just a walkthrough?
00:03:51 [dsinger]
to be clear, DAA enforcement is 'additional' to the statements in the compliance document, not a change to them, I assume
00:03:51 [wseltzer]
peterswire: DF#3, DAA would modify its current codes ...
00:03:53 [dan_auerbach]
trying to get through my clarifying questions before my substantive comment on the queue
00:04:06 [rigo]
jmayer: walkthrough I assume
00:04:11 [Wileys]
Dan, yes - to some degree - I believe there would be IP specifics that wouldn't be disclosed.
00:04:12 [wseltzer]
peterswire: DF#4, no persistent IDs if no permitted use
00:04:17 [tlr]
dan, you're on the queue for clarifying and then substance?
00:04:25 [aleecia]
Alan, I would like DNT to be more than social pressure. That is why we need more than Shane's proposal.
00:04:26 [npd]
I take it that #3 would not be a change from current Compliance spec
00:05:04 [efelten]
q?
00:05:26 [dsinger__]
dsinger__ has joined #dnt
00:05:43 [wseltzer]
justin: standard today says no collection if no permitted use; EFF's says no cookies if no permitted use
00:05:44 [aleecia]
for scribe purposes: Jeff asked for a meta discussion here, and was told we will continue through the document.
00:05:47 [jackhobaugh]
jackhobaugh has joined #dnt
00:06:02 [Wileys]
Aleecia, could you explain "social pressure"? We're working on a voluntary standard - what are you envisioning?
00:06:44 [wseltzer]
peterswire: data hygiene, continue to make progress over time, not in draft spec
00:06:45 [dsinger]
this one? "Data retained by a party for permitted uses must be limited to the data reasonably necessary for such permitted uses," (compliance current draft)
00:06:53 [wseltzer]
peterswire: DF#5
00:06:57 [rvaneijk]
for scribe purposes as well, I lost the connection between Shane's thought experiment and the DAA framework. Those are two different discussions. The thougtexperiment has not completed yet.
00:07:16 [rvaneijk]
.. and is worth furter looking at.
00:07:20 [dsinger]
does it mean 'adapt' (meaning change)? or 'adopt
00:07:26 [wseltzer]
peterswire: DF#6, talked through many pieces yesterday
00:07:29 [dsinger]
' (meaning add on to it)?
00:07:42 [npd]
I believe "adapt" is intended
00:07:51 [wseltzer]
peterswire: that's an approach to structure our discussions,
00:07:57 [aleecia]
Shane here's a more productive response than a literal answer to your question, I hope. Something like this: under DNT, retention of data for permitted uses is X time frame. If a company's retention is longer than X, they must document why this is necessary and proportional in their privacy policy.
00:08:05 [aleecia]
X would need to be something fairly short.
00:08:07 [wseltzer]
... I believe it's an improvement from the status quo for all stakeholders and good public policy
00:08:28 [BillScannell]
BillScannell has joined #dnt
00:08:32 [wseltzer]
peterswire: How to get to something tomorrow that shows us reason and way to move forward
00:08:46 [dsinger]
question: I read 1+2+3 as basically "do not retain" (with the exception of permitted uses). fair?
00:08:48 [wseltzer]
... I've gotten wildly divergent advice, often strongly voiced, incompatible
00:08:54 [tlr]
q?
00:09:18 [wseltzer]
... how do we take Monday afternoon's convergence, today's discussion, see a way to move forward
00:09:42 [justin]
I think this discussion is actually probably more useful than having the same fight over Shane's definition of deidentification that we've had on the mailing list and in the last two face-to-face meetings.
00:10:05 [wseltzer]
... I promise to listen to the priorities of consumer groups, advertiser groups, site groups, browsers, government
00:10:12 [aleecia]
Why, Justin? It's the same discussion
00:10:43 [wseltzer]
... You have to decide overnight what you want to do, and how to find a way to do something tomorrow
00:10:44 [aleecia]
Shane is suggesting we replace a random unique ID with another random unique ID
00:10:45 [efelten]
-q
00:10:57 [aleecia]
Removing the side channel data *is* an improvement.
00:11:09 [wseltzer]
peterswire: one of the thoughts I've had is that good data practices in the ecosystem will help
00:11:16 [aleecia]
But swaping a rand with another rand does not improve much at all
00:11:21 [Wileys]
Aleecia - one that the key is now gone. NOW you have NO TECHNICAL WAY to reverse engineer the resulting dataset - even if you wanted to.
00:11:23 [wseltzer]
... doesn't address all the concerns, including consumer groups to move away from unique IDs
00:11:59 [wseltzer]
... how do we create something now, and then come back and revisit unique ID cookies
00:12:01 [rvaneijk]
Shane, where did the key go, in a store/vault, or actual random rotation?
00:12:25 [aleecia]
This assumes key rotation, which if you're suggesting doing every 2 weeks, I can listen further, but right now - I'm not hearing that.
00:12:25 [rvaneijk]
Shane, to be frank, I am open to the approach, and want to explore further.
00:12:27 [wseltzer]
... hope that people in industry, people outside industry, can see whether glimmers of alternative can turn into something that could be adopted.
00:12:58 [wseltzer]
... So we start with the framework, leave an opening to return and use the next-generation efforgts
00:13:11 [aleecia]
You cut off discussion of retention
00:13:15 [aleecia]
(over lunch)
00:13:22 [Wileys]
Rob, destroyed
00:13:24 [wseltzer]
... How do we take the work that's been done, then return to do more.
00:13:36 [aleecia]
If there's more to the proposal, I look forward to reading it
00:13:45 [wseltzer]
... I can report good conversations, not yet sign-off
00:13:53 [rvaneijk]
Shane, ok, that is better then we discussed before, we are talking actual unlinkability then.
00:14:04 [Wileys]
Aleecia - I cut off discussion of arbitrary retention. Companies would be required to publically disclose their retention periods per permitted use
00:14:06 [wseltzer]
... I'm asking those of you who are silent, who want something to happen, to think about tonight,
00:14:11 [wseltzer]
... what's the best path here?
00:14:22 [justin]
aleecia, it's an important discussion that needs to get resolved eventually. But 30 minutes of that queue replicating the same exact arguments against Shane's definition would not be a good way to end the session. (For the record, I am sympathetic to the arguments.)
00:14:44 [wseltzer]
... I came in optimistic on Monday; I'd like to see if you can do something with that.
00:14:45 [Wileys]
Yes - at some point to lower risk it would be recommended to eventually destroy the key (but that is not required to reach de-identification)
00:15:17 [wseltzer]
aleecia: As former co-chair to current, ask for a round of applause for Peter for the last two days
00:15:21 [wseltzer]
[applause]
00:15:27 [vincent]
rvaneijk, I think the same key is used over a couple of weeks at least (am I right Wileys ?)
00:15:33 [wseltzer]
[adjourned]
00:15:42 [johnsimpson]
johnsimpson has left #dnt
00:15:52 [wseltzer]
s/[applause]/[vigorous applause]/
00:16:07 [Zakim]
-moneill2
00:16:16 [Zakim]
-vincent
00:16:49 [wseltzer]
RRSAgent, make logs public
00:16:55 [wseltzer]
RRSAgent, draft minutes
00:16:55 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/07-dnt-minutes.html wseltzer
00:18:58 [wseltzer]
RRSAgent, this meeting spans midnight
00:19:01 [wseltzer]
RRSAgent, draft minutes
00:19:01 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/07-dnt-minutes.html wseltzer
00:19:27 [strider]
strider has joined #dnt
00:20:40 [BerinSzoka]
"The Quest stands upon the edge of a knife. Stray but a little, and it will fail, to the ruin of all. Yet hope remains while the Company is true." -Galadriel
00:23:21 [Zakim]
-[Apple]
00:23:23 [Zakim]
T&S_Track(dntf2f)11:00AM has ended
00:23:23 [Zakim]
Attendees were [Apple], moneill2, +1.917.846.aaaa, moneill2?, +1.917.846.aabb, +1.917.846.aacc, mecallahan, vincent
00:25:46 [johnsimpson]
johnsimpson has joined #dnt
00:25:52 [johnsimpson]
johnsimpson has left #dnt
00:54:31 [AndChat|208329]
AndChat|208329 has joined #dnt
00:58:16 [dsinger__]
dsinger__ has joined #dnt
01:13:39 [efelten]
efelten has joined #dnt
01:57:14 [efelten]
efelten has joined #dnt
02:08:55 [afowler]
afowler has joined #dnt
02:09:14 [afowler]
afowler has left #dnt
03:18:30 [adrianba]
adrianba has joined #dnt
03:31:08 [jackhobaugh]
jackhobaugh has joined #dnt
03:33:24 [prestia]
prestia has joined #dnt
03:41:37 [W3C]
W3C has joined #dnt
03:47:20 [W3C1]
W3C1 has joined #dnt
03:50:24 [efelten]
efelten has joined #dnt
03:53:19 [dsinger]
dsinger has joined #dnt
03:57:22 [kulick]
kulick has joined #dnt
04:08:03 [W3C]
W3C has joined #dnt
04:16:58 [W3C1]
W3C1 has joined #dnt
04:57:05 [efelten]
efelten has joined #dnt
05:16:48 [fielding]
fielding has joined #dnt
05:51:49 [npdoty]
npdoty has joined #dnt
07:03:05 [schunter]
schunter has joined #dnt
08:45:23 [carloss]
carloss has joined #dnt
09:30:23 [Zakim]
Zakim has left #dnt
09:35:32 [carloss]
carloss has left #dnt
11:04:31 [fwagner]
fwagner has joined #dnt
12:06:49 [efelten]
efelten has joined #dnt
13:30:10 [W3C]
W3C has joined #dnt
14:43:20 [strider]
strider has joined #dnt
14:52:31 [simon]
simon has joined #dnt
14:55:24 [bilcorry]
bilcorry has joined #dnt
15:21:11 [vinay]
vinay has joined #dnt
15:24:00 [moneill2]
moneill2 has joined #dnt
15:30:15 [strider]
strider has joined #dnt
15:34:36 [npdoty]
npdoty has joined #dnt
15:40:26 [jackhobaugh]
jackhobaugh has joined #dnt
15:40:41 [MarkVickers]
MarkVickers has joined #dnt
15:43:44 [W3C]
W3C has joined #dnt
15:48:10 [fwagner]
fwagner has joined #dnt
15:48:20 [dsinger]
dsinger has joined #dnt
15:49:03 [efelten]
efelten has joined #dnt
15:50:46 [WaltMichel]
WaltMichel has joined #DNT
15:51:50 [adrianba]
adrianba has joined #dnt
15:52:37 [hwest]
hwest has joined #dnt
15:52:45 [rvaneijk]
rvaneijk has joined #dnt
15:53:23 [aleecia]
aleecia has joined #dnt
15:54:13 [hefferjr]
hefferjr has joined #dnt
15:54:17 [amyc]
amyc has joined #dnt
15:56:40 [adrianba_]
adrianba_ has joined #dnt
15:57:39 [jeffwilson]
jeffwilson has joined #dnt
15:58:55 [moneill2]
zakim, [IPCaller] is me
15:59:01 [npdoty]
Zakim, who is on the phone?
15:59:08 [npdoty]
Zakim, this is TRACK
15:59:12 [npdoty]
trackbot, start meeting
15:59:15 [trackbot]
RRSAgent, make logs world
15:59:15 [Zakim]
Zakim has joined #dnt
15:59:17 [trackbot]
Zakim, this will be
15:59:18 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
15:59:18 [trackbot]
Date: 08 May 2013
15:59:19 [Zakim]
I don't understand 'this will be', trackbot
15:59:42 [npdoty]
Zakim, who is on the phone?
15:59:42 [Zakim]
sorry, npdoty, I don't know what conference this is
15:59:43 [Zakim]
On IRC I see jeffwilson, amyc, hefferjr, aleecia, rvaneijk, hwest, adrianba, WaltMichel, dsinger, fwagner, MarkVickers, jackhobaugh, npdoty, moneill2, vinay, bilcorry, simon, rigo,
15:59:43 [Zakim]
... RRSAgent, wseltzer_cloud, MT01, trackbot, hober, tlr
15:59:49 [npdoty]
Zakim, this is TRACK
15:59:50 [bilcorry]
Zakim, mute me
15:59:51 [Zakim]
ok, npdoty; that matches T&S_Track(dntf2f)11:00AM
15:59:52 [Zakim]
bilcorry should now be muted
15:59:56 [npdoty]
Zakim, who is on the phone?
15:59:56 [Zakim]
On the phone I see [Apple], bilcorry (muted)
16:00:02 [Joanne]
Joanne has joined #DNT
16:00:08 [kulick]
kulick has joined #dnt
16:00:09 [Zakim]
+ +49.172.147.aadd
16:00:21 [Zakim]
+[IPcaller]
16:00:32 [moneill2]
zakim, [IPCaller] is me
16:00:33 [Zakim]
+moneill2; got it
16:01:06 [npdoty]
Zakim, aadd is schunter
16:01:06 [Zakim]
+schunter; got it
16:01:11 [Zakim]
-schunter
16:01:28 [npdoty]
Zakim, mute Apple
16:01:28 [Zakim]
[Apple] should now be muted
16:01:39 [Zakim]
+schunter
16:01:58 [npdoty]
in the meantime, everyone is getting coffee
16:02:45 [PaulGlist]
PaulGlist has joined #dnt
16:03:43 [prestia]
prestia has joined #dnt
16:03:52 [dsinger]
dsinger has joined #dnt
16:04:05 [vincent]
vincent has joined #dnt
16:04:46 [peterswire]
peterswire has joined #dnt
16:05:30 [jmayer]
jmayer has joined #dnt
16:05:33 [W3C]
W3C has joined #dnt
16:05:48 [efelten]
efelten has joined #dnt
16:05:53 [dsinger_]
dsinger_ has joined #dnt
16:05:54 [Zakim]
+Jonathan_Mayer
16:06:22 [adrianba]
adrianba has joined #dnt
16:07:09 [meme]
meme has joined #dnt
16:07:32 [robsherman]
robsherman has joined #dnt
16:07:49 [npdoty]
volunteers to scribe for the morning session?
16:08:16 [npdoty]
scribenick: amyc
16:08:26 [justin]
justin has joined #dnt
16:08:33 [Zakim]
-schunter
16:08:34 [npdoty]
three cheers for amyc for scribing!
16:08:53 [npdoty]
Zakim, unmute Apple
16:08:53 [Zakim]
[Apple] should no longer be muted
16:08:56 [paulohm]
paulohm has joined #dnt
16:09:08 [npdoty]
good morning everybody!
16:09:11 [jchester]
jchester has joined #dnt
16:09:22 [Yianni]
Yianni has joined #DNT
16:09:32 [amyc]
Peter: starting now, work must come from group, goodwill to getting work done
16:09:44 [johnsimpson]
johnsimpson has joined #dnt
16:09:50 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
16:10:02 [Zakim]
+schunter
16:10:04 [amyc]
... turning over to Thomas for process, then first session about conversations from last night
16:10:41 [fwagner]
fwagner has joined #dnt
16:11:08 [amyc]
... relates that some have asked for more text, looking for right mix; others may not have spoken up and may want to surface issues today
16:11:33 [jeffwilson]
jeffwilson has joined #dnt
16:11:49 [JC]
JC has joined #DNT
16:11:52 [amyc]
tlr: two points about process, important to have voices heard and issues on the table, also important that we make progress and don't let ourselves be stopped
16:12:21 [amyc]
... create space to make progress and path forward, this is driving agenda
16:12:25 [Chapell]
Chapell has joined #DNT
16:12:28 [susanisrael]
susanisrael has joined #dnt
16:12:49 [amyc]
... at end of day, getting back to writing spec, moving back from conceptual to textual level, and today will be bridge
16:13:05 [rachel_n_thomas]
rachel_n_thomas has joined #dnt
16:13:26 [fielding]
fielding has joined #dnt
16:13:28 [amyc]
... focus on topics on which we can make progress, other areas where we recite one anothers arguments
16:14:01 [wseltzer]
i|volunteers|Topic: Introduction and Agenda
16:14:19 [amyc]
... agenda, start with broader group about conversations last night, topics for constructive conversations, then use that conversation to extract topics for breakouts
16:14:32 [amyc]
... with quick report outs to group
16:14:36 [Chris_IAB]
Chris_IAB has joined #dnt
16:15:03 [amyc]
... hope that we will make progress, topics up to working group
16:15:21 [amyc]
... breakout rooms on screen, each is able to connect via phone
16:15:38 [JC]
What happens at end of day? Where are we statement?
16:16:04 [amyc]
... let's colelctively find out how far we can get
16:16:04 [wseltzer]
JC: I see plenary both before and after lunch
16:16:11 [Zakim]
+ +33.6.50.34.aaee
16:16:20 [vincent]
zakim, aaee is vincent
16:16:20 [Zakim]
+vincent; got it
16:16:22 [wseltzer]
s/JC:/JC,/
16:16:24 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
16:16:28 [sidstamm]
sidstamm has joined #dnt
16:16:40 [haakonfb]
haakonfb has joined #dnt
16:16:40 [peterswire]
q?
16:16:42 [amyc]
Peterswire: asking what were caucases last night, asking for suggestions to put on board
16:17:30 [amyc]
Robvaneijk: need to breakout before we can share, lots of developments
16:17:47 [rvaneijk]
s/Robvaneijk/rvaneijk/
16:18:01 [amyc]
Aleecia: agrees with breakouts first, asking about Shane's proposal from EOD yesterday
16:18:39 [amyc]
swiley: Adrian put diagram together, but have not put together text, will take 30 minutes to work through diagram with Adrian
16:18:52 [amyc]
tlr: suggests breakout session for Shane's proposal
16:19:23 [peterswire]
q?
16:19:26 [amyc]
rvaneijk: shane's proposal still on table
16:19:38 [rigo]
q+
16:20:09 [amyc]
tlr: everyone likely to know more about Shane's proposal, suggests that small group to prepare diagram and presentation on Shane's proposal
16:20:45 [amyc]
rvaneijk: advocates want time, suggests meeting separately and then reconvening
16:20:46 [wseltzer]
s/likely to know/likely to want to know/
16:21:27 [amyc]
rigo: is Susan ready to work on audience measurement? could work on that
16:21:29 [peterswire]
q?
16:21:36 [wseltzer]
ack rigo
16:21:36 [rigo]
ack ri
16:21:47 [amyc]
Susan: fine with that, Nielsen wants to participate too
16:22:05 [amyc]
dsinger: browser companies could work together too
16:22:30 [wseltzer]
q+
16:22:50 [amyc]
tlr: audience measurements in Muir Woods, advocates going to Legoland
16:23:38 [amyc]
...Sausalito for Shane, browsers in Catalina
16:23:58 [amyc]
wseltzer: offers staff assistance with scribing
16:24:13 [amyc]
tlr: good idea to have scribes in rooms for reporting back
16:24:19 [johnsimpson]
johnsimpson has left #dnt
16:25:07 [robsherman]
robsherman has joined #dnt
16:25:18 [Zakim]
-schunter
16:25:24 [Zakim]
-vincent
16:25:27 [Zakim]
-Jonathan_Mayer
16:25:42 [npdoty]
q- wseltzer
16:25:52 [mecallahan]
mecallahan has joined #dnt
16:26:07 [peterswire]
big basin and wmh are also available
16:28:33 [efelten]
efelten has joined #dnt
16:28:36 [W3C]
W3C has joined #dnt
16:30:05 [W3C]
W3C has joined #dnt
16:30:13 [robsherman1]
robsherman1 has joined #dnt
16:30:16 [Zakim]
-moneill2
16:30:23 [johnsimpson]
johnsimpson has joined #dnt
16:30:30 [sidstamm]
sidstamm has joined #dnt
16:31:59 [Chris_IAB]
Chris_IAB has joined #dnt
16:33:01 [fwagner]
fwagner has joined #dnt
16:33:19 [robsherman]
robsherman has joined #dnt
16:33:31 [tara]
tara has joined #dnt
16:33:45 [adrianba_]
adrianba_ has joined #dnt
16:34:38 [dsinger]
dsinger has joined #dnt
16:46:21 [AAIsham]
AAIsham has joined #dnt
16:52:19 [Zakim]
+[IPcaller]
16:52:46 [moneill2]
zkim, [IPCaller] is me
16:53:00 [moneill2]
zakim, [IPCaller] is me
16:53:00 [Zakim]
+moneill2; got it
16:54:20 [Zakim]
-moneill2
17:03:07 [Zakim]
+schunter
17:04:08 [Zakim]
+Rich_Schwerdtfeger
17:04:17 [moneill2]
zakim, [IPCaller] is me
17:04:17 [Zakim]
sorry, moneill2, I do not recognize a party named '[IPCaller]'
17:04:20 [Zakim]
-schunter
17:04:30 [Zakim]
-Rich_Schwerdtfeger
17:04:58 [Zakim]
+schunter
17:04:59 [TS]
TS has joined #DNT
17:06:40 [Zakim]
+[IPcaller]
17:06:55 [moneill2]
zakim, [IPCaller] is me
17:06:55 [Zakim]
+moneill2; got it
17:07:00 [Joanne]
Joanne has joined #DNT
17:08:41 [Zakim]
+Jonathan_Mayer
17:09:27 [jchester2]
jchester2 has joined #dnt
17:09:38 [meme]
meme has joined #dnt
17:12:41 [Zakim]
-schunter
17:15:28 [robsherman]
robsherman has joined #dnt
17:16:11 [prestia]
prestia has joined #dnt
17:17:03 [Zakim]
+schunter
17:17:21 [jmayer]
If I recall, many participants will have departed by the afternoon session.
17:18:18 [Zakim]
-schunter
17:18:36 [efelten]
efelten has joined #dnt
17:20:31 [moneill2]
cannot hear
17:20:41 [vinay]
havent started yet
17:22:18 [robsherman1]
robsherman1 has joined #dnt
17:22:39 [Dominique]
Dominique has joined #dnt
17:22:41 [W3C]
W3C has joined #dnt
17:23:41 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
17:23:45 [npdoty]
scribenick: ChrisPedigoOPA
17:23:51 [npdoty]
Zakim, unmute Apple
17:23:51 [Zakim]
[Apple] was not muted, npdoty
17:24:06 [ChrisPedigoOPA]
Peter: for this session, we're going to have readouts of breakout sessions
17:24:10 [npdoty]
Topic: Reports from Breakouts
17:24:18 [ChrisPedigoOPA]
with action items
17:24:22 [fielding]
fielding has joined #dnt
17:24:33 [Zakim]
+schunter
17:24:34 [susanisrael]
susanisrael has joined #dnt
17:24:39 [ChrisPedigoOPA]
follow-on discussion, then move to next breakouts
17:24:57 [paulohm]
paulohm has joined #dnt
17:25:01 [npdoty]
order -- audience measurement, browsers, advocates, Shane, Justin
17:25:11 [ChrisPedigoOPA]
Order of presentations: 1) audience measurement, 2) browsers, 3) Shane, 4) consumer groups
17:25:25 [Ari]
Ari has joined #dnt
17:25:42 [ChrisPedigoOPA]
Susan Israel: tried to understand EU law re audience measurement
17:25:45 [Zakim]
-schunter
17:25:53 [ChrisPedigoOPA]
tried to narrow scope
17:26:14 [sidstamm]
sidstamm has joined #dnt
17:26:19 [johnsimpson]
johnsimpson has joined #dnt
17:26:21 [Zakim]
+schunter
17:26:30 [johnsimpson]
Q?
17:26:34 [dsinger]
zakim, who is on the phone?
17:26:34 [Zakim]
On the phone I see [Apple], bilcorry (muted), moneill2, Jonathan_Mayer, schunter
17:26:49 [ChrisPedigoOPA]
Rigo: agreed on "to calibrate and validate"
17:26:56 [Yianni]
Yianni has joined #DNT
17:27:15 [Zakim]
-schunter
17:27:16 [ChrisPedigoOPA]
also agreed that audience measurement is focused on content, not on the user
17:27:20 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
17:27:34 [ChrisPedigoOPA]
susan: we know there are other concerns and more work needed
17:27:41 [Chris_IAB]
Chris_IAB has joined #dnt
17:27:49 [ChrisPedigoOPA]
Susan - will work wiht DAA
17:27:53 [dsinger]
zakim, [apple] has, like, zilliions of people
17:27:53 [Zakim]
I don't understand '[apple] has, like, zilliions of people', dsinger
17:28:06 [ChrisPedigoOPA]
Peter - next items?
17:28:46 [ChrisPedigoOPA]
Shane - issue exists for audience measurement
17:28:57 [npdoty]
issue-25?
17:28:57 [trackbot]
ISSUE-25 -- Possible exemption for research purposes -- pending review
17:28:57 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/25
17:29:08 [ChrisPedigoOPA]
Peter - will have concrete tasks for next two weeks
17:29:22 [amyc]
amyc has joined #dnt
17:29:23 [ChrisPedigoOPA]
David Singer - representing the browsers now
17:29:31 [Zakim]
+schunter
17:29:32 [npdoty]
we have generally used issue-25 for market research, with multiple proposals and pending review options
17:29:47 [ChrisPedigoOPA]
results from Browser breakout session
17:29:51 [Joanne]
Joanne has joined #DNT
17:30:03 [ChrisPedigoOPA]
looked at DAA principles and compliance doc
17:30:19 [Dominique]
Dominique has joined #dnt
17:30:27 [ChrisPedigoOPA]
users get a general improvement in collection/retention limits
17:30:33 [ChrisPedigoOPA]
principles good
17:30:47 [ChrisPedigoOPA]
details left to trade associations or regional orgs
17:30:57 [ChrisPedigoOPA]
discussed who turns on DNT
17:31:01 [Bin_Hu]
Bin_Hu has joined #dnt
17:31:10 [ChrisPedigoOPA]
must be turned on by a user, not an ISP, router
17:31:15 [Bin_Hu]
present+ Bin_Hu
17:31:19 [ChrisPedigoOPA]
not a default
17:31:28 [npdoty]
explicit action, by the user herself
17:31:35 [ChrisPedigoOPA]
Puzzled over concerns about non-browser user agent
17:32:02 [ChrisPedigoOPA]
cool with "these documents are focused on general user agents and other UAs..."
17:32:17 [ChrisPedigoOPA]
what's a general UA?
17:32:19 [vinay]
Was MSFT in the browser group? Are they okay with it not being set by default?
17:32:31 [ChrisPedigoOPA]
1 - can access the general browseable web
17:32:33 [jackhobaugh]
jackhobaugh has joined #dnt
17:32:37 [fwagner]
fwagner has joined #dnt
17:32:43 [justin]
justin has joined #dnt
17:32:54 [ChrisPedigoOPA]
work onexplanation page is underway
17:33:04 [ChrisPedigoOPA]
should reflect general principles
17:33:27 [ChrisPedigoOPA]
note that other trade associations have additional codes of conduct
17:33:35 [ChrisPedigoOPA]
with links to those standars
17:34:02 [ChrisPedigoOPA]
Overall, we liked the DAA document
17:34:09 [ChrisPedigoOPA]
Peter - next steps?
17:34:32 [ChrisPedigoOPA]
David - browsers would like to have Q&A with those who wrote the DAA principles
17:34:39 [ChrisPedigoOPA]
in a breakout session
17:35:01 [ChrisPedigoOPA]
David - might need a general session instead
17:35:01 [npdoty]
breakout sessions, about what it means, talk about user agent concerns
17:35:12 [ChrisPedigoOPA]
Dan Auerbach next from consumer groups
17:35:20 [ChrisPedigoOPA]
And Aleecia MacDonald
17:35:25 [npdoty]
... and more detail on the Draft Framework text, a little short
17:35:34 [ChrisPedigoOPA]
Dan - looked at de-id data
17:35:50 [ChrisPedigoOPA]
explored 3-state process
17:36:26 [___]
___ has joined #dnt
17:36:35 [npdoty]
[we will try to type what's written on the paper board]
17:36:35 [ChrisPedigoOPA]
Raw data - Red
17:36:51 [ChrisPedigoOPA]
Red, Yellow, Green states
17:36:57 [ChrisPedigoOPA]
Red = raw
17:37:17 [ChrisPedigoOPA]
Red can be used for permitted uses - security fraud, debugging
17:37:37 [Chapell]
Chapell has joined #DNT
17:37:40 [ChrisPedigoOPA]
Yellow - middle state
17:37:49 [ChrisPedigoOPA]
Green = fully deidentified data
17:38:01 [ChrisPedigoOPA]
Yellow - would include retention limits
17:38:10 [ChrisPedigoOPA]
Aleecia - retention limits
17:38:31 [ChrisPedigoOPA]
Aleecia - how do we set retention limits that work for consumer and industry groups
17:39:05 [ChrisPedigoOPA]
Aleecia - proposal: diff retention limits for each state
17:39:10 [ChrisPedigoOPA]
Green = forever
17:39:18 [ChrisPedigoOPA]
Red = short and proportional
17:39:27 [ChrisPedigoOPA]
Yellow = also proportional
17:39:35 [ChrisPedigoOPA]
Would use "should"
17:39:45 [tlr]
aleecia: should, if not, then must explain in privacy policy
17:40:28 [ChrisPedigoOPA]
Next steps?
17:40:39 [ChrisPedigoOPA]
will wait until after Shane's proposal
17:40:59 [ChrisPedigoOPA]
There's a discussion in the room about where Shane's proposal is
17:41:23 [wseltzer]
s/work onexplanation/work on explanation/
17:42:14 [ChrisPedigoOPA]
Shane now at the mic
17:42:17 [tlr]
zakim, who is muted?
17:42:17 [Zakim]
I see bilcorry muted
17:42:19 [ChrisPedigoOPA]
waiting....
17:42:25 [tlr]
zakim, who is on the phone?
17:42:25 [Zakim]
On the phone I see [Apple], bilcorry (muted), moneill2, Jonathan_Mayer, schunter
17:42:25 [ChrisPedigoOPA]
waiting...
17:42:28 [tlr]
zakim, mute schunter
17:42:28 [Zakim]
schunter should now be muted
17:42:32 [ChrisPedigoOPA]
still waiting.....
17:42:37 [hober]
Zakim, who is making noise?
17:42:43 [rvaneijk]
data retention must be proportiate to the use in the red-yellow-green
17:42:50 [Zakim]
hober, listening for 12 seconds I heard sound from the following: [Apple] (86%)
17:42:52 [ChrisPedigoOPA]
Shane - my proposal also has 3 states
17:42:56 [ChrisPedigoOPA]
for de-id data
17:43:43 [ChrisPedigoOPA]
diagram presented
17:43:50 [ChrisPedigoOPA]
state 1 - raw data
17:43:59 [ChrisPedigoOPA]
raw data can be stored for permitted uses
17:44:15 [ChrisPedigoOPA]
transparency required
17:44:30 [ChrisPedigoOPA]
then a "fork"
17:44:45 [npd]
npd has joined #dnt
17:44:56 [ChrisPedigoOPA]
one way hash key to remove any personal info
17:45:18 [ChrisPedigoOPA]
next step - remove IP and replace with broad geo data
17:45:19 [afowler]
afowler has joined #dnt
17:45:29 [ChrisPedigoOPA]
next - cleanse URL
17:45:55 [ChrisPedigoOPA]
cleansing user names, names or clue to reverse engineer
17:46:05 [ChrisPedigoOPA]
next - look at side facts
17:46:17 [ChrisPedigoOPA]
anything that could help reverse engineer the record
17:46:22 [ChrisPedigoOPA]
i.e. date of birth
17:46:40 [ChrisPedigoOPA]
at the end of process, data cannot be reverse engineered
17:47:14 [ChrisPedigoOPA]
Goal is to build record that can never be reidentified
17:47:38 [ChrisPedigoOPA]
Rule 2 - you can never create a map between raw and de-id data
17:47:47 [ChrisPedigoOPA]
accountability is required
17:48:23 [ChrisPedigoOPA]
3rd step - re-hash the data but destroy the key
17:48:57 [ChrisPedigoOPA]
end with truly unlinkable data set
17:49:07 [BerinSzoka]
BerinSzoka has joined #DNT
17:49:09 [npd]
rather than these specific means, do we intend this as an example of the principles?
17:49:16 [ChrisPedigoOPA]
Justin Brookman now coming to the mic
17:49:28 [ChrisPedigoOPA]
Justin - Build on previous comments
17:50:01 [ChrisPedigoOPA]
market research: people don't need unique users across sites
17:50:16 [ChrisPedigoOPA]
need unique visitors to sites so can use 1st party cookies
17:50:17 [wseltzer]
i/work on explanation/2 - has a preference interface that satisfies the requirements of the user to chose, 3 - can implement the TPE (notably the JS APIs etc.)/
17:50:30 [Walter]
Walter has joined #dnt
17:50:37 [ChrisPedigoOPA]
may not need market research exception
17:51:00 [ChrisPedigoOPA]
will work with Susan and Rigo on market research
17:51:10 [ChrisPedigoOPA]
on de-id data
17:51:18 [ChrisPedigoOPA]
seems that we all agree on normative language
17:51:22 [ChrisPedigoOPA]
just need to work out details
17:51:33 [ChrisPedigoOPA]
Peter - two next sesssions
17:51:47 [ChrisPedigoOPA]
1) overlap between groups
17:52:11 [ChrisPedigoOPA]
2) browser discussion with DAA - could be breakout or general session
17:52:36 [Zakim]
-schunter
17:52:43 [ChrisPedigoOPA]
Peter - do people feel like they want to be in both rooms
17:52:45 [ChrisPedigoOPA]
?
17:53:33 [ChrisPedigoOPA]
decision to have two groups meet separately
17:53:40 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/07-dnt-minutes.html wseltzer
17:53:48 [ChrisPedigoOPA]
two groups -
17:54:15 [ChrisPedigoOPA]
1) User Agent issues with DAA principles in Catalina Island
17:54:16 [Zakim]
+schunter
17:54:24 [RRSAgent]
I'm logging. I don't understand 'draft today's minutes', wseltzer. Try /msg RRSAgent help
17:54:35 [wseltzer]
rrsagent, pointer?
17:54:35 [RRSAgent]
See http://www.w3.org/2013/05/07-dnt-irc#T17-54-35
17:54:43 [ChrisPedigoOPA]
2) everybody else remains in big room for plenary session on de-id data
17:55:38 [ChrisPedigoOPA]
time for UA/DAA breakout will last 45 mins
17:55:39 [Zakim]
-schunter
17:55:55 [ChrisPedigoOPA]
break from 11:45 to noon, then another plenary session at noon
17:56:14 [Zakim]
+schunter
17:56:22 [jackhobaugh]
jackhobaugh has left #dnt
17:57:10 [ChrisPedigoOPA]
Getting ready for plenary session de-id data
17:58:45 [Zakim]
-schunter
17:59:47 [Zakim]
-moneill2
17:59:57 [haakonfb]
haakonfb has joined #dnt
18:02:41 [Zakim]
+[IPcaller]
18:02:50 [Joanne]
Joanne has joined #DNT
18:03:01 [moneill2]
zakim, [IPCaller] is me
18:03:01 [Zakim]
+moneill2; got it
18:03:42 [Zakim]
-moneill2
18:05:17 [W3C]
W3C has joined #dnt
18:06:02 [ChrisPedigoOPA]
Peter - beginning session on de-id data
18:06:13 [ChrisPedigoOPA]
Peter - a couple of goals
18:06:43 [johnsimpson]
q?
18:06:44 [amyc]
amyc has joined #dnt
18:06:50 [ChrisPedigoOPA]
some overlap between various proposals
18:07:21 [ChrisPedigoOPA]
Dan - our sense of areas of agreement/disagreement
18:07:25 [Zakim]
+[IPcaller]
18:07:31 [hwest]
hwest has joined #dnt
18:07:39 [moneill2]
zakim, [IPCaller] is me
18:07:39 [Zakim]
+moneill2; got it
18:07:50 [ChrisPedigoOPA]
working to get Shane's slide up
18:07:56 [fwagner]
fwagner has joined #dnt
18:08:01 [peterswire]
q?
18:08:08 [ChrisPedigoOPA]
Rob - this idea is a follow up on a Cambridge proposal
18:08:32 [ChrisPedigoOPA]
may be similar to consumer group proposal
18:08:56 [rvaneijk]
s/Rob/rvaneijk/
18:09:10 [ChrisPedigoOPA]
Dan - would there be a separate data stream where user profiles live?
18:09:31 [ChrisPedigoOPA]
Dan - retention limit for yellow state is a question
18:09:52 [ChrisPedigoOPA]
one way hash might not be the only way
18:10:20 [ChrisPedigoOPA]
Rob - shane and I agree that going from one state to another, there has to be processing involved
18:10:41 [ChrisPedigoOPA]
Shane - open question on user profile info
18:11:51 [ChrisPedigoOPA]
company could score a user's interest, but not the URL
18:12:04 [ChrisPedigoOPA]
data would be kept in aggregate
18:13:33 [ChrisPedigoOPA]
equation is altered if DNT:1 signal cannot be trusted
18:14:02 [ChrisPedigoOPA]
if DNT:1 can be trusted, then it could serve as an opt-out from profiling
18:14:22 [peterswire]
q?
18:14:35 [ChrisPedigoOPA]
Rob - question: would data be aggregated immediately?
18:15:22 [ChrisPedigoOPA]
Dan - is there a 3rd arrow for user profile info?
18:15:58 [ChrisPedigoOPA]
If DNT:1 signal is trusted, then no user profile info
18:16:09 [ChrisPedigoOPA]
If not, then user profile would be kept in aggregate
18:16:21 [ChrisPedigoOPA]
Shane - no more arrows
18:16:33 [ChrisPedigoOPA]
Peter - one way hashes or other techniques
18:17:04 [ChrisPedigoOPA]
Shane - yes, we could use many techniques to get to unlinked data
18:17:05 [Zakim]
-Jonathan_Mayer
18:17:15 [ChrisPedigoOPA]
many way to get there
18:17:41 [ChrisPedigoOPA]
Dan - devil in details, but I think we agree that strong techniques must be used to get to de-id data
18:18:05 [ChrisPedigoOPA]
John Simpson - question: data retention for yellow state?
18:18:40 [ChrisPedigoOPA]
Peter - next steps for "whta is a strong enough technique"
18:19:02 [ChrisPedigoOPA]
Dan - non-normative text satisfies?
18:19:16 [ChrisPedigoOPA]
Shane and Dan will work on text
18:19:42 [tlr]
ACTION: shane to work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures
18:19:43 [trackbot]
Created ACTION-402 - Work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures [on Shane Wiley - due 2013-05-15].
18:19:45 [ChrisPedigoOPA]
Shane and Dan will be assigned an action item to define going from yellow to green state
18:20:16 [ChrisPedigoOPA]
David Singer - question about de-id
18:21:17 [ChrisPedigoOPA]
David - q: if de-id user revisits, can you append new data to de-id record
18:21:18 [ChrisPedigoOPA]
?
18:21:53 [ChrisPedigoOPA]
You can never create a map between raw and de-id data
18:22:27 [ChrisPedigoOPA]
David - de-id record will be added to and will grow over time
18:22:31 [Vincent_]
Vincent_ has joined #dnt
18:23:18 [tlr]
q?
18:23:35 [ChrisPedigoOPA]
Shane - but this only happens for a short time because data will eventually move to 3rd state
18:23:46 [ChrisPedigoOPA]
Rob - de-id is not right term
18:24:24 [ChrisPedigoOPA]
Rob - data retention and purpose limitations need to be introduced
18:24:35 [ChrisPedigoOPA]
purpose limitations are permitted uses
18:24:49 [hefferjr]
q+
18:25:13 [ChrisPedigoOPA]
Peter - is middle phase (yellow) pdeudonymous?
18:25:16 [ChrisPedigoOPA]
Shane - no
18:26:03 [peterswire]
q?
18:26:17 [ChrisPedigoOPA]
diff between yellow and pseudonymous is pseudonymous includes an id
18:26:55 [ChrisPedigoOPA]
red state is pseudonymous
18:27:22 [ChrisPedigoOPA]
Peter - what I heard
18:27:52 [ChrisPedigoOPA]
yellow is psuedonymous but also cannot be used for production
18:28:10 [___]
___ has joined #dnt
18:28:22 [ChrisPedigoOPA]
Rob - need to get away from using "de-identified" term
18:29:33 [ChrisPedigoOPA]
John Simpson - question: red is raw data or pseudonymous?
18:29:48 [ChrisPedigoOPA]
Justin - same
18:30:01 [ChrisPedigoOPA]
Dan - let's not worry too much about term
18:30:08 [ChrisPedigoOPA]
important for EU
18:30:18 [ChrisPedigoOPA]
Dan - I care more about green state of data
18:30:33 [peterswire]
q?
18:31:03 [ChrisPedigoOPA]
Dan - industry wants flexibilty in yellow state and Dan wants data to get to green
18:31:04 [johnsimpson]
q?
18:31:08 [peterswire]
q?
18:31:41 [justin]
ack heff
18:31:45 [ChrisPedigoOPA]
Heffer - question about data flow from red to yellow
18:31:56 [ChrisPedigoOPA]
is it real-time?
18:32:06 [ChrisPedigoOPA]
Shane - could be real time
18:32:08 [jeff]
jeff has joined #dnt
18:32:21 [peterswire]
q?
18:32:31 [ChrisPedigoOPA]
but need to keep for permitted uses
18:32:57 [ChrisPedigoOPA]
companies would want to move data to yellow so they can immediately begin to use for reporting/analysis
18:33:21 [ChrisPedigoOPA]
this data set would never be used to affect a real person
18:33:29 [ChrisPedigoOPA]
Peter - let's move to data retention
18:33:32 [ChrisPedigoOPA]
and next steps
18:33:56 [ChrisPedigoOPA]
Shane - two data retention periods
18:34:01 [ChrisPedigoOPA]
1 for permitted uses
18:34:11 [ChrisPedigoOPA]
solution is transparency by companies
18:35:10 [rvaneijk]
q+
18:35:34 [ChrisPedigoOPA]
also same transparency for moving to different states of data
18:35:52 [dan_auerbach]
dan_auerbach has joined #dnt
18:36:02 [ChrisPedigoOPA]
Rob - need different retention periods for different permitted uses
18:36:16 [ChrisPedigoOPA]
also needs to be transparent
18:36:31 [dan_auerbach]
q?
18:36:36 [ChrisPedigoOPA]
Shane - agree with principle of proportionately
18:36:37 [haakonfb]
haakonfb has joined #dnt
18:36:37 [johnsimpson]
q+
18:36:59 [jmayer]
jmayer has joined #dnt
18:37:02 [ChrisPedigoOPA]
Peter - seems to be agreement on transparency and proportionately
18:37:14 [ChrisPedigoOPA]
proportionality
18:37:40 [ChrisPedigoOPA]
Justin - the document already includes this
18:38:00 [dan_auerbach]
q+
18:38:22 [ChrisPedigoOPA]
John - I thought Aleecia wanted normative retention limit for permitted uses
18:38:41 [dan_auerbach]
that's right
18:38:45 [ChrisPedigoOPA]
and then she wanted transparency around diverging from retention limit
18:39:07 [dsinger]
…rather, an 'if not otherwise justified' (should)
18:39:22 [ChrisPedigoOPA]
Aleecia advocated using "should" wrt to retention limits
18:39:57 [ChrisPedigoOPA]
Thomas - should language with specific retention limits could help with implementation
18:40:16 [ChrisPedigoOPA]
Peter - do we normative/non-normative/other?
18:40:27 [ChrisPedigoOPA]
Thomas - unclear
18:40:29 [johnsimpson]
q?
18:40:33 [rvaneijk]
q-
18:40:37 [johnsimpson]
q-
18:40:59 [ChrisPedigoOPA]
Peter - Ed Felten raised DAA code language
18:41:13 [ChrisPedigoOPA]
on de-id language
18:41:48 [peterswire]
q?
18:41:48 [dsinger]
q?
18:41:49 [johnsimpson]
Q
18:42:01 [dsinger]
q+
18:42:06 [johnsimpson]
q?
18:42:19 [ChrisPedigoOPA]
Ed Felten thinks the DAA Multi Site definition of de-id data might work
18:42:44 [tlr]
dan Auerbach: can live with DAA language for the green data
18:42:47 [ChrisPedigoOPA]
Dan - would prefer W3C language but not huge objection
18:42:48 [johnsimpson]
Q+
18:43:07 [ChrisPedigoOPA]
Peter - consumer groups should look at whether they can live with it
18:43:23 [ChrisPedigoOPA]
Dan - important to have non-normative examples, which do not exist in the DAA code
18:43:59 [tlr]
shane: DAA language going from red to yellow
18:44:09 [ChrisPedigoOPA]
DAA thinks their de-id language goes from red to yellow
18:44:27 [johnsimpson]
Q?
18:44:33 [johnsimpson]
q-
18:44:54 [ChrisPedigoOPA]
David - if there is a data breach in red data, that is significant
18:45:01 [ChrisPedigoOPA]
yellow data breach is smaller risk
18:45:13 [W3C]
W3C has joined #dnt
18:45:22 [ChrisPedigoOPA]
green data breach is insignificant
18:45:49 [ChrisPedigoOPA]
Shane - if we release yellow or green data, then there is little risk to user.
18:46:00 [ChrisPedigoOPA]
risk with yellow data is more about internal abuse
18:46:21 [ChrisPedigoOPA]
Shane - i.e. evil employee
18:46:40 [ChrisPedigoOPA]
Dan - I disagree. there is more risk with yellow data
18:46:54 [ChrisPedigoOPA]
Dan - need to focus on limits on yellow data
18:47:26 [ChrisPedigoOPA]
David - need to focus on principles
18:47:45 [ChrisPedigoOPA]
Peter - Ed Felten said something similar
18:47:53 [MarkVickers]
MarkVickers has joined #dnt
18:47:59 [ChrisPedigoOPA]
would prefer to have principles in normative text with examples in non-normative
18:48:09 [MarkVickers]
It's spec vs. best practices.
18:48:33 [ChrisPedigoOPA]
Peter - process going forward
18:49:27 [ChrisPedigoOPA]
Shane - I don't believe industry will be ok with "shoulds" on arbitrary retention limits
18:49:39 [ChrisPedigoOPA]
too many different business models
18:49:51 [ChrisPedigoOPA]
non-normative text might be ok
18:50:08 [ChrisPedigoOPA]
transparency applied to all data states is more important
18:50:39 [ChrisPedigoOPA]
Shane - only delta is the use of "shoulds" with transparency vs. always using transparency
18:51:03 [ChrisPedigoOPA]
Justin - proportionately doesn't provide an end point for use of data
18:51:26 [ChrisPedigoOPA]
there always seems to be another valid use
18:51:40 [ChrisPedigoOPA]
Peter - what do they use in the EU?
18:52:03 [ChrisPedigoOPA]
Rob - can use "legitimate business interest" test
18:52:22 [ChrisPedigoOPA]
in this case, you balance the size of the instrument vs the impact on the user
18:52:46 [ChrisPedigoOPA]
we don't say how long retention limits are
18:52:51 [peterswire]
q?
18:52:59 [dan_auerbach]
q+
18:53:19 [ChrisPedigoOPA]
Peter - will break soon, five more minutes
18:53:50 [ChrisPedigoOPA]
Dan - really hate vagueness, want precision
18:54:03 [ChrisPedigoOPA]
Dan - favor Aleecia's approach of using shoulds
18:54:40 [rvaneijk]
In European Union law there generally acknowledged to be four stages to a proportionality test, namely,[3] there must be a legitimate aim for a measure the measure must be suitable to achieve the aim (potentially with a requirement of evidence to show it will have that effect) the measure must be necessary to achieve the aim, that there cannot be any less onerous way of doing it the measure must be reasonable, considering the competing int[CUT]
18:54:45 [ChrisPedigoOPA]
Peter - have heard two positions here. Let's focus on next steps
18:54:53 [rvaneijk]
https://en.wikipedia.org/wiki/Proportionality_%28law%29
18:55:05 [ChrisPedigoOPA]
Privacy advocates to look at DAA definition of de-id data
18:55:43 [ChrisPedigoOPA]
What do we need to do to outline red, yellow, green states
18:55:52 [ChrisPedigoOPA]
Justin - need normative text on this
18:56:22 [ChrisPedigoOPA]
Justin - ok with DAA definition, but need to clarify whether it applies to red-yellow or yellow-green
18:56:39 [ChrisPedigoOPA]
Justin - writing text on 3 states should be easy
18:56:45 [ChrisPedigoOPA]
Justin to draft
18:56:58 [tlr]
ACTION: justin to write language on red / yellow / green
18:56:58 [trackbot]
Created ACTION-403 - Write language on red / yellow / green [on Justin Brookman - due 2013-05-15].
18:56:59 [ChrisPedigoOPA]
Next steps on data retention?
18:57:26 [ChrisPedigoOPA]
John - are we talking about data retention for red state too?
18:58:18 [ChrisPedigoOPA]
Shane - would address retnetion for each state
18:58:54 [ChrisPedigoOPA]
Thomas - let's have a small group outline the differences or find a compromise
18:59:43 [ChrisPedigoOPA]
Thomas - 5 or 6 people precisely define open questions and/or find compromise
18:59:52 [fwagner]
fwagner has joined #dnt
19:00:08 [ChrisPedigoOPA]
John, Dan, Shane, Walt, Justin, Rob, others?
19:00:48 [ChrisPedigoOPA]
5-10 minute break and then reconvene for one more session before lunch
19:00:56 [ChrisPedigoOPA]
readouts from breakout sessions after 10 minute break
19:00:58 [Zakim]
-moneill2
19:07:27 [W3C]
W3C has joined #dnt
19:11:23 [Zakim]
+[IPcaller]
19:11:36 [moneill2]
zakim, [IPCaller] is me
19:11:36 [Zakim]
+moneill2; got it
19:14:02 [haakonfb]
haakonfb has joined #dnt
19:16:06 [vinay]
This session has two purposes: 1) get a lunch ticket from david -- take only 1; and 2) readouts from the two groups
19:16:08 [npdoty_]
npdoty_ has joined #dnt
19:16:13 [amyc]
amyc has joined #dnt
19:16:18 [vinay]
first is someone from the browser group
19:16:33 [vinay]
... but the browser group didn't delegate someone for the readout
19:16:43 [vinay]
... so we're going to start with hte readout from the other session
19:16:52 [npdoty_]
scribenick: vinay
19:16:52 [npdoty_]
Topic: Report back from Breakouts
19:17:03 [vinay]
Peter: on the de-id issue, as you all saw, there was important convergence amongst the sides
19:17:09 [vinay]
... but there are still hard issues people need to work on
19:17:14 [vinay]
... dont want to overstate the convergance
19:17:27 [vinay]
... there's a group of 7 people tasked at taking a shot at next steps/work items
19:17:49 [vinay]
... one thing he's asked is for people to look at normative language in DAA code (which ed felton thought worth considering ...)
19:17:57 [npdoty_]
Zakim, who is on the phone?
19:17:57 [Zakim]
On the phone I see [Apple], bilcorry (muted), moneill2
19:18:14 [vinay]
... if it turns out as good (or better), it may help since a lot of companies have already committed to complying
19:18:24 [vinay]
... there was also talk on drafting language on the 3 stages
19:18:30 [vinay]
... Justin took that action item
19:18:36 [afowler]
afowler has joined #dnt
19:18:37 [vinay]
... the subgroup of 7-8 are meeting now
19:18:46 [vinay]
... Peter asking Wendy for a brief read out
19:19:22 [vinay]
TLR: Are we talking about a situation a bit more time is needed before we need a useful conversation in the group?
19:19:27 [vinay]
... what stage are we at?
19:19:50 [vinay]
Alan C: yes, a lot of progress has been made. Pretty wide consensus on what we're talking about when we say browser.
19:20:13 [vinay]
... hope that there is some language in the near future to share iwth the group
19:20:28 [vinay]
... encouraged. one of the more constructive groups he's been on
19:21:25 [vinay]
Adrian: Spent bulk of time talking about a few points: 1) distinction between browsers and things that aren't browsers; 2) trying to get away from misunderstandings of what a user agent is/isn't
19:21:36 [vinay]
(we think about people browsing the web when we speak about browsers)
19:22:06 [vinay]
... if we agree that a user must be involved in setting/clearing the DNT preference, those things that are not browsers that get in the way of setting DNT are automatically excluded
19:22:37 [vinay]
... as we see more devices get connected to the internet, we don't want to get bogged down with this
19:22:47 [Chapell]
Chapell has joined #DNT
19:22:53 [vinay]
... more gray areas we need to think about. there's a line somewhere. We need to think clearly how we define that line
19:23:00 [vinay]
.... and who decides who falls on what side of that line
19:23:34 [vinay]
... while we can agree that the device requring many steps (not sure I got this right) is out of scope, whereas FF is within scope.. There's a lot in between.
19:23:44 [vinay]
... there's some homework we need to do, but there is greater clarity
19:24:09 [vinay]
... second thing they talked about is who is responsible for ensuring that the signal sent from the browser is following the setting that the user set
19:24:18 [vinay]
... in the draft framework, point 6c
19:24:47 [vinay]
... some of what they talked about went back to the general principles (that we all agree this is something the user is involved in setting)
19:25:02 [vinay]
... from Adrian's perspective (and he thinks there is some support for this) that this is something we have to address over time
19:25:16 [vinay]
... can't tell right now how this setting may be attacked by different entities over time
19:25:38 [vinay]
... prefers not to think thru all attacks now because the attack may not be an actual attack used
19:26:09 [vinay]
Peter: here's procedurally what we anticipate
19:26:21 [vinay]
... when we break from this, the de-id group will gather
19:26:45 [vinay]
... there is an effort/task to write-up the browser meeting to accurately reflect next steps
19:26:55 [vinay]
... the idea is that the group decide the next steps
19:27:16 [vinay]
... request for the groups to report back next steps
19:27:28 [vinay]
... believe we're heading to a session at 2pm to have a short document that reflects the next steps
19:27:34 [vinay]
... to discuss how to describe it
19:27:52 [vinay]
... ex. we recommend: a) proceeding with this work; b) taking it back to x, y, and z.
19:28:03 [vinay]
... discuss how to proceed to move forward
19:28:13 [vinay]
... Yianni will be taking text (back on the room)
19:28:31 [vinay]
... susan will coordiante with yianni re: measurement; Wendy for brwosers; TLR for de-id
19:28:36 [vinay]
re-convene at 2pm
19:28:44 [vinay]
TLR: Suggest getting a large lunch table
19:28:55 [vinay]
David: we have the big tables in the back by the window reserved for us
19:29:01 [vinay]
TLR: Take the large table for de-id
19:29:33 [vinay]
... also, same question as before... are there other conversations that should be happening amongst subsets of the room between now and 2pm
19:29:49 [johnsimpson]
johnsimpson has left #dnt
19:30:06 [vinay]
Dan: We still haven't made progress on de-ids... i hope the lack of a breakout session isn't interpreted to mean it isn't important
19:30:15 [vinay]
break for lunch. start promptly at 2
19:30:23 [robsherman]
robsherman has joined #dnt
19:30:32 [Zakim]
-moneill2
19:30:45 [Zakim]
-bilcorry
19:31:57 [efelten]
efelten has joined #dnt
19:42:27 [afowler]
afowler has joined #dnt
19:48:55 [efelten]
efelten has joined #dnt
20:00:34 [robsherman]
robsherman has joined #dnt
20:08:32 [afowler]
afowler has joined #dnt
20:16:49 [npdoty]
npdoty has joined #dnt
20:17:13 [vinay]
vinay has joined #dnt
20:27:46 [fielding]
fielding has joined #dnt
20:32:45 [npdoty_]
npdoty_ has joined #dnt
20:40:06 [justin]
justin has joined #dnt
20:41:09 [afowler]
afowler has joined #dnt
20:43:45 [Dominique]
Dominique has joined #dnt
20:56:11 [npdoty_]
Zakim, who is on the phone?
20:56:11 [Zakim]
On the phone I see [Apple]
20:56:29 [npdoty_]
Zakim, mute Apple
20:56:29 [Zakim]
sorry, npdoty_, muting is not permitted when only one person is present
20:58:01 [afowler]
afowler has joined #dnt
20:58:47 [Zakim]
+[IPcaller]
20:58:51 [Zakim]
-[IPcaller]
20:59:08 [Zakim]
+bilcorry
20:59:17 [bilcorry]
Zakim, mute me
20:59:17 [Zakim]
bilcorry should now be muted
20:59:25 [Zakim]
+[IPcaller]
20:59:32 [moneill2]
zakim, [IPCaller] is me
20:59:32 [Zakim]
+moneill2; got it
20:59:50 [bryan]
bryan has joined #dnt
20:59:59 [jeffwilson]
jeffwilson has joined #dnt
21:01:10 [Zakim]
+ +1.917.318.aaff
21:02:42 [Zakim]
+ +1.215.480.aagg
21:02:57 [npdoty_]
Zakim, aaff is Chapell
21:02:57 [Zakim]
+Chapell; got it
21:03:10 [npdoty_]
Zakim, aagg is WaltMichel_Comcast
21:03:10 [Zakim]
+WaltMichel_Comcast; got it
21:04:58 [Zakim]
+Mark_Vickers
21:05:38 [Joanne]
Joanne has joined #DNT
21:05:41 [robsherman]
robsherman has joined #dnt
21:06:08 [Zakim]
+Bryan
21:06:29 [efelten]
efelten has joined #dnt
21:10:53 [robsherman1]
robsherman1 has joined #dnt
21:11:26 [Zakim]
-WaltMichel_Comcast
21:11:30 [npdoty_]
Zakim, mute Apple
21:11:30 [Zakim]
[Apple] should now be muted
21:11:38 [npdoty_]
Zakim, unmute Apple
21:11:38 [Zakim]
[Apple] should no longer be muted
21:11:39 [meme]
meme has joined #dnt
21:11:44 [Zakim]
+WaltMichel_Comcast
21:11:57 [npdoty_]
another 10 or 15 minutes, thanks; restart by 2:30
21:12:16 [npdoty_]
Zakim, mute Apple
21:12:17 [Zakim]
[Apple] should now be muted
21:12:18 [Zakim]
-moneill2
21:12:18 [Zakim]
-Chapell
21:12:29 [Joanne]
Joanne has joined #DNT
21:12:29 [Zakim]
-bilcorry
21:26:02 [Zakim]
-Mark_Vickers
21:27:44 [Zakim]
+bilcorry
21:27:50 [bilcorry]
Zakim, mute me
21:27:50 [Zakim]
bilcorry should now be muted
21:28:20 [Zakim]
+[IPcaller]
21:28:41 [moneill2]
zakim, [IPCaller] is me
21:28:41 [Zakim]
+moneill2; got it
21:28:42 [Zakim]
+Chapell
21:28:55 [strider]
strider has joined #dnt
21:30:55 [npdoty_]
Zakim, who is making noise?
21:31:06 [Zakim]
npdoty_, listening for 10 seconds I heard sound from the following: moneill2 (19%)
21:31:11 [npdoty_]
Zakim, mute moneill2
21:31:11 [Zakim]
moneill2 should now be muted
21:31:29 [Dominique]
Dominique has joined #dnt
21:34:15 [dsinger_]
dsinger_ has joined #dnt
21:40:07 [Zakim]
-moneill2
21:40:23 [adrianba_]
adrianba_ has joined #dnt
21:40:28 [W3C]
W3C has joined #dnt
21:40:46 [Zakim]
+[IPcaller]
21:40:58 [Zakim]
-[IPcaller]
21:41:15 [Zakim]
+[IPcaller]
21:41:20 [npdoty_]
Zakim, who is on the phone?
21:41:20 [Zakim]
On the phone I see [Apple] (muted), Bryan, WaltMichel_Comcast, bilcorry (muted), Chapell, [IPcaller]
21:41:26 [npdoty_]
npdoty_ has joined #dnt
21:41:29 [moneill2]
zakim, [IPCaller] is me
21:41:29 [Zakim]
+moneill2; got it
21:41:51 [npdoty_]
Zakim, who is making noise?
21:42:03 [Zakim]
npdoty_, listening for 10 seconds I could not identify any sounds
21:42:05 [jchester2]
jchester2 has joined #dnt
21:42:27 [npdoty_]
Topic: Afternoon
21:42:35 [npdoty_]
scribenick: npdoty
21:42:45 [npdoty_]
peterswire: apologies for the delay, slow in getting text from all these places
21:43:04 [justin]
q?
21:43:06 [npdoty_]
... while waiting on copies, I want to get a sense of the room on how today went
21:43:22 [moneill2]
cant hear
21:43:31 [npdoty_]
... Dan wanted to make some comments on behalf of some privacy folks
21:43:34 [JC_]
JC_ has joined #DNT
21:43:34 [afowler]
afowler has joined #dnt
21:43:37 [jchester]
jchester has joined #dnt
21:43:38 [amyc_]
amyc_ has joined #dnt
21:43:40 [Ari]
Ari has joined #dnt
21:43:46 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
21:43:56 [johnsimpson]
johnsimpson has joined #dnt
21:43:58 [Zakim]
-moneill2
21:44:36 [Zakim]
+[IPcaller]
21:45:02 [moneill2]
I am getting no sound when I call in
21:45:05 [Zakim]
-Chapell
21:45:35 [Zakim]
+Chapell
21:45:52 [moneill2]
zakim, [IPCaller] is me
21:45:52 [Zakim]
+moneill2; got it
21:46:03 [Zakim]
-Chapell
21:46:15 [npdoty_]
<interruption as ducks get into rows, and computers are found>
21:46:20 [JC]
JC has joined #DNT
21:46:23 [aleecia]
aleecia has joined #dnt
21:46:58 [peterswire]
peterswire has joined #dnt
21:47:21 [Zakim]
-moneill2
21:47:44 [Zakim]
+[IPcaller]
21:47:50 [npdoty]
<welcome back>
21:48:04 [moneill2]
I still cant hear
21:48:10 [adrianba]
adrianba has joined #dnt
21:48:12 [npdoty]
Zakim, unmute Apple
21:48:12 [Zakim]
[Apple] should no longer be muted
21:48:18 [moneill2]
ok now
21:48:22 [npdoty]
peterswire: a number of issues where progress has been made
21:48:30 [npdoty]
... want to thank you for stepping up last night and working today
21:48:35 [paulohm]
paulohm has joined #dnt
21:48:39 [npdoty]
... appreciated, because this is work should be doing
21:48:51 [npdoty]
... anybody who wants to make opening comments from the day?
21:48:53 [peterswire]
q?
21:48:56 [wseltzer]
i|ok now|Topic: Wrap Up
21:48:59 [npdoty]
q+ lmastria
21:49:08 [dsinger]
q-
21:49:14 [npdoty]
ack Lmastria
21:49:15 [johnsimpson]
johnsimpson has joined #dnt
21:49:17 [johnsimpson]
q?
21:49:23 [npdoty]
Lmastria_DAA: would echo peter's comments on constructive dialog today
21:49:27 [dan_auerbach]
dan_auerbach has joined #dnt
21:49:38 [Chris_IAB]
Chris_IAB has joined #dnt
21:49:42 [npdoty]
... my sense is that there's been a fair amount of progress made today that wasn't made at other w3c events I've been at, so I'm grateful for that
21:49:54 [Bryan]
Bryan has joined #dnt
21:49:54 [npdoty]
... see a path forward, using the framework as a skeletal document that's how I see it at least
21:50:08 [npdoty]
... we are committed to seeing if we can put flesh on those bones, a lot of hard work, frankly
21:50:25 [peterswire]
q?
21:50:26 [npdoty]
... what we are committing to here is a lot of hard work, but if there is progress to be made, we are certainly supportive of moving forward in that direction
21:50:46 [npdoty]
peterswire: I'm going to walk through the term sheet, an attempt to capture the work from this morning
21:51:15 [npdoty]
... I'll read through it basically, chance for edits and chance to make points
21:51:34 [Dominique]
Dominique has joined #dnt
21:51:49 [npdoty]
... at the top, "At the close of our meeting... " "sufficient progress ... to merit moving ahead toward the Last Call deadline"
21:52:33 [npdoty]
... audience measurement, specific changes to esomar text, from Rigo and Susan, "calibrate and validate", work with Rob and Jeff and DAA as well
21:52:57 [npdoty]
... second topic concerns browsers, initial versions of our spec will address general browsers for the Web
21:53:07 [npdoty]
... a few principles, vendor neutral
21:53:17 [npdoty]
... Do Not Track should reflect user choice, anti-tampering to be considered
21:53:17 [Zakim]
-[IPcaller]
21:53:42 [Zakim]
+[IPcaller]
21:53:49 [Bryan]
Link to paper being described?
21:53:57 [npdoty]
... third part on de-identification, three-state as proposed by Shane, proportionality requirements and transparency and retention for those different states
21:54:11 [npdoty]
... homework assigned to review the DAA language that may be helpful
21:54:16 [Zakim]
-[IPcaller]
21:54:43 [Zakim]
+[IPcaller]
21:55:00 [npdoty]
... 4. retention periods remain an important issue: proportionality, transparency, no precise MUST limits
21:55:13 [Zakim]
-[IPcaller]
21:55:18 [jmayer]
jmayer has joined #dnt
21:55:24 [npdoty]
... 5. ongoing discussions of unique identifiers as a critical issue for advocates, inviting proposals to solve this problem
21:55:41 [npdoty]
... super importance of this issue to many members of the working group, so may continue even beyond Last Call
21:55:45 [johnsimpson]
q+
21:55:51 [jmayer]
q+
21:56:15 [npdoty]
... I've heard it a bunch of times, said it on Monday Tuesday Wednesday, that the ability to say that Do Not Track will mean in a simple thing to say to users is that no identifier cookies
21:56:26 [npdoty]
... a couple minutes for Dan to give perspective
21:56:27 [paulohm]
q+
21:56:29 [peterswire]
q?
21:56:38 [npdoty]
dan_auerbach: big thanks to the chairs, an incredible amount of work you've put in
21:56:41 [npdoty]
<large applause>
21:56:41 [jchester]
+q
21:57:09 [npdoty]
dan_auerbach: appreciating that some progress was made today, but wanted to note that we punted on unique identifiers today, pushing harder issues further down
21:57:22 [npdoty]
... can't do that indefinitely, and that's what you see here in bullet point 5
21:57:41 [npdoty]
... without that, I think we should come to some agreement to disagree -- without a path forward, don't want to continue spinning our wheels indefinitely
21:57:44 [hober]
ack dan_auerbach
21:58:27 [npdoty]
... shouldn't signal that at Last Call we still have a shouting match, wouldn't want to have all these major issues undecided
21:58:51 [npdoty]
peterswire: want to repeat, this has to come from you all, not from chairs and w3c staff
21:59:07 [Zakim]
+MikeO
21:59:18 [fielding]
q+
21:59:19 [peterswire]
q?
21:59:42 [npdoty]
... when there's hard things, w3c process works best when we have people go off to hard issues and come back with smart proposals
21:59:57 [npdoty]
johnsimpson: want to echo congratulations for chair and staff, I think possibly there's been incremental progress
21:59:59 [WaltMichel]
WaltMichel has joined #DNT
22:00:06 [susanisrael]
susanisrael has joined #dnt
22:00:20 [susanisrael]
q+
22:00:34 [npdoty]
... but what I have sensed is that we have stepped back to deal with high-level principles, sense of agreement may be because of high-level principles, as we all agree about transparency
22:00:37 [npdoty]
... devil is in the details
22:00:48 [npdoty]
... as was documented by the list of many still open issues
22:00:57 [npdoty]
... may just be as a pessimist, I'm always being positively surprised
22:01:07 [npdoty]
... not sure about reaching agreement by the end of July
22:01:35 [npdoty]
... I've been committed to this and also been party to some outside talks that may or may not have made progress
22:02:44 [dsinger]
q+ to suggest that the chairs and staff do a pass on the Compliance Issues and Action Items and propose a clean-up (many are 6 months old and might not be relevant)
22:02:44 [dsinger]
q?
22:02:44 [johnsimpson]
johnsimpson has left #dnt
22:02:47 [adrianba_]
adrianba_ has joined #dnt
22:02:52 [peterswire]
q?
22:02:59 [npdoty]
... just might not happen, doesn't mean that we're bad people or that W3C is a bad place, just couldn't
22:02:59 [npdoty]
jmayer: echo thanks to peter, thomas, nick and matthias remotely
22:02:59 [npdoty]
... feeling of cooperation, glad to work with all of you, has genuinely been a pleasure
22:03:00 [npdoty]
... but it's very difficult to see consensus or a path to consensus at this point
22:03:00 [npdoty]
... have this parking lot over here (UAs and UIs, unique IDs, deidentification, )
22:03:01 [rigo]
ack johnsim
22:03:07 [rigo]
ack jmayer
22:03:39 [npdoty]
... may have made some progress, but if we were this far apart before, we are this far apart now [with arms, showing only slightly closer]
22:04:47 [adrianba__]
adrianba__ has joined #dnt
22:04:51 [npdoty]
... very imprudent if we got to Last Call deadline and then just pushed again
22:04:51 [npdoty]
jchester: reiterate thanks to staff, chairs and colleagues
22:04:51 [npdoty]
... have to address the issues in the parking lot
22:04:51 [npdoty]
... I know for us we cannot go forward postponing the unique ID decision before the last call, it has to be a part and can be a part of the framework we address in the next few weeks
22:04:53 [npdoty]
... without it I don't think we can make the progress
22:05:18 [johnsimpson]
johnsimpson has joined #dnt
22:05:23 [npdoty]
fielding: progress on this depends on the definition of tracking, willing to turn off anything if it's part of the definition of tracking, but not willing to turn off user identifiers for reasons that are not following a user across multiple sites
22:05:25 [johnsimpson]
Q?
22:05:39 [npdoty]
... reason is not that we want to track you, just don't want to inhibit innovation for non-privacy-concerns
22:05:41 [Zakim]
+Chapell
22:05:41 [johnsimpson]
q+ to address text
22:05:41 [wseltzer]
ack jchester
22:05:44 [wseltzer]
ack fielding
22:05:47 [jmayer]
My concern: there is a very high probability that we get to Last Call without consensus on the major issues, nor even a viable path to consensus on those issues.
22:05:47 [wseltzer]
ack susanisrael
22:05:50 [npdoty]
... if there are actual privacy concerns we'll address them
22:06:17 [Bryan]
Can't hear the speakers well
22:06:25 [npdoty]
susanisrael: if we define the scope of what we're trying to achieve in the Last Call is narrower than the list of tracking-related issues, can we address those in later versions?
22:07:08 [npdoty]
dsinger: simple text change, remove "preference" before "interface"
22:07:26 [npdoty]
... don't want to have an apparent preference for existing browsers
22:07:38 [npdoty]
peterswire: serious heartache? -- no.
22:07:52 [npdoty]
dsinger: ask the chairs and staff to go through issues and actions and orphan the ones that are no longer relevant.
22:08:02 [npdoty]
peterswire: the chair welcomes that, now will do that now that we have some clarity
22:08:04 [peterswire]
q?
22:08:09 [Wileys]
Wileys has joined #DNT
22:08:12 [npdoty]
paulohm: thank you for welcoming in a stranger
22:08:19 [npdoty]
... wanted to put a marker down rather than specific text
22:08:20 [Ari]
Ari has joined #dnt
22:08:32 [jmayer]
+q
22:08:40 [aleecia]
aleecia has joined #dnt
22:08:46 [aleecia]
q?
22:08:48 [aleecia]
q+
22:08:50 [npdoty]
... the room I think I had a lot of consensus about the general browsing interface, that was a big issue for Ed (and wasn't in the room)
22:09:17 [npdoty]
... suggest brackets around the first sentence
22:09:23 [aleecia]
ack paulohm
22:09:48 [npdoty]
dsinger: tried to put a word for the general principles, the name is just the definition of the general principles, not an additional requirement
22:09:53 [aleecia]
ack dsinger
22:09:53 [Zakim]
dsinger, you wanted to suggest that the chairs and staff do a pass on the Compliance Issues and Action Items and propose a clean-up (many are 6 months old and might not be
22:09:56 [Zakim]
... relevant)
22:09:57 [aleecia]
ack johnsimpson
22:09:57 [Zakim]
johnsimpson, you wanted to address text
22:10:09 [npdoty]
johnsimpson: appreciate your highlighting the issue of unique identifiers all week long
22:10:26 [Zakim]
-Bryan
22:10:41 [npdoty]
... my concrete proposal for the text, would remove "potentially structuring ongoing work past last call"
22:10:45 [peterswire]
q?
22:10:52 [npdoty]
peterswire: see no strong objections to that?
22:11:06 [npdoty]
lmastria: just want to point out for today, we can evaluate the problem and see what solutions there might be
22:11:17 [npdoty]
... to commit ourselves to solve the problem period may be a step too far between now and Last Call
22:11:29 [adrianba]
q+
22:11:35 [npdoty]
... don't want to prejudice one way or another, just be transparent about it
22:11:42 [Chapell]
Chapell has joined #DNT
22:11:43 [npdoty]
peterswire: is the problem "solve"?
22:11:49 [jchester]
+q
22:12:09 [anon]
anon has joined #dnt
22:12:23 [dsinger]
…um, the working group decides whether to go to last call, not any individual participant. we may decide to get that industry review knowing we have a question open.
22:12:45 [npdoty]
johnsimpson: if we can't find a way to solve that issue, I don't think we can go to Last Call
22:12:45 [npdoty]
... I hope we can solve it, I've seen some hints in this room and other places, but I don't see how you go to Last Call with a major issue hanging out there
22:12:45 [npdoty]
peterswire: I've heard caution from Lou about saying that this can be done by then
22:13:02 [npdoty]
... the language of ongoing discussions doesn't define a certain outcome
22:13:09 [peterswire]
q?
22:13:19 [TS]
TS has joined #DNT
22:13:21 [npdoty]
johnsimpson: agree, the point I'm trying to make is that this is so important we can't go to Last Call without addressing it
22:13:22 [aleecia]
ack jmayer
22:13:53 [npdoty]
jmayer: to PaulOhm, "general user agents" might rule out Operating Systems, which I don't think we want to
22:14:09 [npdoty]
peterswire: can't speak to that particular meeting
22:14:33 [npdoty]
jmayer: suggest that we account for user agents other than general purpose web browsers, stuff that we know about already
22:14:53 [npdoty]
... in the interest of future proofing it would be a mistake to scope that down
22:15:32 [npdoty]
paulohm: principle 1 about "general" Web, reserving the possibility that that might be an issue for Ed and the agency
22:15:33 [npdoty]
dsinger: maybe I should explain why this is relevant ...
22:15:38 [adrianba_]
adrianba_ has joined #dnt
22:15:48 [npdoty]
... in a closed garden, just a piece of software that loads its own help pages, we're just not concerned about you
22:16:07 [npdoty]
... point 2, you have the ability for a user to express his choice, if you can't do that, we're not sure how to work with you because it's important that you can express a choice
22:16:33 [npdoty]
... point 3, that you actually implement the protocol as designed, use the confirmation (in JavaScript), ask for and receive an exception
22:16:47 [peterswire]
q?
22:16:47 [npdoty]
... all about how to scope to how to make the thing work, rather than limiting innovation
22:17:09 [npdoty]
... the other concern was simply that we haven't spent a lot of time discussing different user agents in this room, and they might raise interesting questions
22:17:24 [npdoty]
peterswire: there was a productive meeting around the things in Item 2, but don't have specific normative language
22:17:46 [npdoty]
... would be having the normal process, proposing and objecting to and discussing normative text
22:18:12 [npdoty]
paulohm: agree that we should discuss; I just think ed will want to say something about this and don't want him to give up any chance
22:18:32 [npdoty]
peterswire: we make consensus on this text based on who we have in the room
22:18:37 [rigo]
Edited wording from Susan & Rigo on point 1:
22:18:38 [peterswire]
q?
22:18:40 [rigo]
http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
22:18:46 [npdoty]
paulohm: then I think we should talk now and I can try to represent him
22:19:04 [justin]
q+
22:19:06 [npdoty]
tlr: jmayer expressed concern about future proofing, would it help to note an opening and interest in looking future-ward to other user agents
22:19:28 [npdoty]
paulohm: if this has to be language we all agree on
22:19:36 [npdoty]
... "can access the Web" would be principle 1
22:19:45 [npdoty]
... 2 and 3 are still pretty limitative
22:20:04 [Chapell]
"Can access the web" is extremely broad and cuts away at the spirit of what was discussed in today's one-off session
22:20:35 [npdoty]
tlr: I think "Web" is something we all know what we mean by it
22:20:51 [npdoty]
jmayer: how about just things that speak HTTP?
22:21:22 [aleecia]
ack aleecia
22:21:35 [npdoty]
... there are things that speak HTTP, are Web APIs
22:21:36 [jmayer]
+q
22:21:39 [npdoty]
... I have additional points
22:21:41 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
22:21:48 [BerinSzoka]
BerinSzoka has joined #DNT
22:21:55 [Chapell]
I would suggest we wait to discuss #1 until Ed is in the room (also me)
22:21:58 [Ari]
Ari has joined #dnt
22:22:05 [Lmastria_DAA]
q+
22:22:09 [npdoty]
aleecia: I could not support the document exactly as is, have to leave, can get there from here but maybe adopt on the next phone call
22:22:27 [dan_auerbach]
+1 to aleecia on #1
22:22:31 [npdoty]
... for example, on #1, we could after we have text determine whether audience measurement is a permitted use
22:23:02 [npdoty]
... on #2, fine to have priorities on the agenda, I would have a problem to punt non-browser UAs beyond Last Call
22:23:23 [npdoty]
... 4, wouldn't want to guarantee that we don't have MUSTs on time limits
22:23:33 [jmayer]
another +1 that we still need to decide whether there's a permitted use for audience measurement for #1
22:23:44 [npdoty]
... 5, just want a resolution on unique identifiers
22:23:58 [npdoty]
... don't think Last Call in July, but I agree that it's worth continuing
22:24:03 [dsinger]
q?
22:24:04 [aleecia]
ack adrian
22:24:06 [npdoty]
ack adrianba
22:24:20 [npdoty]
adrianba_: if worst came to worst, I can live with Section 2, but I had a couple points to make:
22:24:46 [npdoty]
... re "meaningful information" minor concern that we were being too restrictive about "settings and help" screens, I thought it was rather all of the user interface
22:24:55 [npdoty]
... instead "provide meaningful interface to users
22:24:59 [npdoty]
... but a minor point
22:25:38 [npdoty]
... going back to the Web, general web, world wide web, "general browsable web" was my term which came from a past w3c meeting to distinguish between Web pages and services that are on the Web, browsed to by a browser
22:25:47 [npdoty]
... my explanation of what I meant
22:26:01 [susanisrael]
susan and rigo have put a link to a shorter version of point 1, more appropriate to the term sheet, above in irc http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
22:26:10 [aleecia]
reminder: DNT applies to more than HTTP
22:26:28 [npdoty]
peterswire: suggest put back "general browseable web" for that meaning
22:26:32 [aleecia]
SPDY is long since agreed to
22:26:49 [peterswire]
q?
22:27:03 [npdoty]
paulohm: not services, but other things that might matter but don't count as "general browseable web"
22:27:21 [npdoty]
adrianba_: fine with that, my comments are in the minutes
22:27:39 [npdoty]
peterswire: you also said meaningful information to users, that was a text proposal change? adrianba: yes.
22:27:51 [peterswire]
q?
22:27:58 [wseltzer]
rrsagent, pointer?
22:27:58 [RRSAgent]
See http://www.w3.org/2013/05/07-dnt-irc#T22-27-58
22:28:10 [npdoty]
Lmastria_DAA: the way we began the week was the framework, the framework that it would be uniform inside settings as we think of them today, that's the origin
22:28:28 [npdoty]
adrianba_: I understand that that's there for that reason, but I don't think that's what we came out of with agreement to
22:28:39 [npdoty]
... we did not talk about scoping down the places in which this might be displayed
22:28:59 [npdoty]
... if we're all saying is that we're only interested in pursuing conversation about text that's displayed in settings and helps screens
22:29:18 [npdoty]
peterswire: what about "such as, settings and help screens" to give a familiar example, are you okay with that?
22:29:31 [npdoty]
room: some yeses. lmastria: let me think about it, I'd to have to reconsider how it flows
22:29:37 [BerinSzoka]
we can't read the screen. could we please increase the screen size and maximize the window?
22:29:48 [BerinSzoka]
er, text size
22:30:48 [npdoty]
peterswire: "with reference to user agents that can"
22:31:13 [aleecia]
historically untrue
22:31:30 [haakonfb]
haakonfb has joined #dnt
22:31:35 [npdoty]
Lmastria_DAA: we've spent 14 18 more months on browser-based mechanisms, browsers as we thought of them about the desktop web
22:31:40 [npdoty]
... a lot has changed since then, sure, there should be work done on mobile browsers and refridgerators
22:31:47 [npdoty]
... let's scope to what we've really been thinking about
22:31:51 [aleecia]
From very very early on we have talked about apps, mobile, SPDY.
22:31:58 [npdoty]
... 1.1 can be for other things
22:32:09 [npdoty]
... we're trying to scope appropriately to what our expectations have been all throughout
22:32:11 [aleecia]
We agreed to put in terms of HTTP but not limit to, to make it easier to talk about
22:32:13 [aleecia]
q+
22:32:21 [npdoty]
... making that change, we are in effect trying to boil the ocean here
22:32:38 [npdoty]
peterswire: strikes me as an important discussion, heard it expressed strongly by Paul Ohm and Lou, in different directions
22:32:57 [npdoty]
... we're going to need to figure out what -- this paragraph could disappear or be shortened
22:33:31 [npdoty]
PaulGlist: to not the lose good consensus building from the breakout session on this point, I suggest restoring "general browseable" before "Web" and pointing people to "other user agents warrant future study"
22:33:43 [npdoty]
... there was an intention to scope the work to everything we know as current browser base
22:34:18 [npdoty]
paulohm: [no longer channeling ed] I heard that we'll take those three bullets back and study what they mean
22:34:40 [npdoty]
... felt like it was an incomplete agreement, not sure general browseable was the main thing that we're working on
22:35:08 [npdoty]
aleecia: we have been talking from the very beginning about this, not just HTTP, yes this is mobile, yes this is apps, agreement from the beginning
22:35:30 [npdoty]
... talk about it in terms of browsing the web, from the very beginning of this group, the consensus we had arrived at before some people in the room arrived, just want to make the history of that clears
22:35:30 [Zakim]
+[IPcaller]
22:35:35 [Zakim]
-MikeO
22:35:58 [npdoty]
peterswire: when there was an event with the FTC Chairman and the White House last year, there was an announcement of a browser-based choice mechanism
22:36:02 [moneill2]
zakim, [IPCaller] is me
22:36:02 [Zakim]
+moneill2; got it
22:36:16 [npdoty]
... we have real history that points both ways here, in good faith, those different histories are coming together here
22:36:43 [npdoty]
... an effort to move to functional criteria, but there's an important part of work from people who are comfortable using browsers
22:36:52 [npdoty]
... I had thought we had some agreement on that this morning
22:37:33 [npdoty]
jchester: we did go beyond, lou said we do go back and talk to colleagues, talked about apps with browsers, acknowledged a broad range of browser use, talking about mobile app capabilities and you folks are very comfortable with and a norm with which people will interact
22:37:37 [MarkVick_]
MarkVick_ has joined #dnt
22:37:41 [peterswire]
q?
22:37:42 [justin]
?
22:37:43 [justin]
q?
22:37:52 [npdoty]
adrianba_: what aleecia said about the text of the draft specs including things beyond the browsers is true
22:38:02 [npdoty]
... the goal of the session today was to see where would we find agreement
22:38:19 [npdoty]
... let's start right now by scoping the impact of things that we now are well-understood
22:38:25 [justin]
ack jchester
22:38:26 [Mark_Vickers]
Mark_Vickers has joined #dnt
22:38:26 [npdoty]
... not limit the future implication
22:38:36 [npdoty]
... scope this narrower than what we've talked about in the past
22:38:50 [npdoty]
... of course there's the future, but we're trying to work on the current document right now
22:38:55 [dsinger__]
dsinger__ has joined #dnt
22:39:02 [Mark_Vickers]
q+
22:39:27 [Mark_Vickers]
q-
22:39:44 [rigo]
ack aleecia
22:39:46 [npdoty]
jchester: have a problem with 5, don't want to call it a "problem", rather "an issue we must address now"
22:40:20 [npdoty]
... suggest: "We acknowledge we must address this now."
22:40:40 [npdoty]
... a serious way that this be addressed in the next few weeks
22:41:00 [npdoty]
<debate about consensus>
22:41:12 [npdoty]
problem / issue / challenge ?
22:41:13 [amyc_]
i think that there are limits to benefits of real-time editing term sheet when we are going to need to review normative spec text later
22:41:35 [npdoty]
peterswire: I understood this as "we agree to work on these issues, not a final statement of answers"
22:41:55 [npdoty]
... when we are scoping work, I would think we have a lot more room to say that we are going to work in this direction and at that point work out particular words
22:42:07 [npdoty]
... I have a concern, partly about time that we won't have everyone in the room for all of this
22:42:13 [BerinSzoka]
I can't live with this document as written. I need to see more Oxford commas before I can support it.
22:42:31 [npdoty]
... shows a resurgence of some positional things that I don't think are @@@ productive
22:43:01 [npdoty]
peterswire: underscore "the following specific tasks have emerged from this face-to-face", the task for this paper is to note that we have work to do and note that there's work to do, not agreement on final text
22:43:08 [npdoty]
... it could be there are people who don't want to have text today
22:43:18 [npdoty]
... we could discuss whether we should have text today
22:43:40 [npdoty]
... I had hoped talking to many of you before that we had a close idea that this is what we're going to work on, that's what I saw our exercise as
22:43:59 [susanisrael]
on point 5, can you say you invite proposals to address this issue, without then saying going forward, thus not determining whether we do it in the near or long term (as that is to be determined)
22:44:01 [npdoty]
... there may be reasons why some of you don't want to have a position "we are going to work on"
22:44:23 [npdoty]
... saying "we agree that this will be solved" seems different from "serious list of things we're going to talk about"
22:44:42 [npdoty]
... "critical" is a quite strong word
22:44:55 [npdoty]
tlr: what I heard is that jchester is fine with 5 now
22:45:13 [npdoty]
fielding: we're talking about things out of this meeting
22:45:17 [BerinSzoka]
could someone point out that the IRC screen isn't updating because the scroll bar isn't at bottom?
22:45:28 [npdoty]
peterswire: you have not waived your ability to say that there are other issues in the spec
22:45:46 [npdoty]
... we had a good conversation on browser stuff, everyone told me it was a good conversation and we can move forward
22:45:56 [npdoty]
... we had a discussion on retention limits, green-yellow-red
22:46:11 [npdoty]
... highlight a critical issue for advocates that advocates wanted to be highlighted
22:46:36 [npdoty]
peterswire: is the group able to live with the document?
22:46:55 [npdoty]
tlr: we have about five points here that are summaries of discussions today, by their nature imperfect
22:47:21 [npdoty]
... an attempt to summarize the conversations we had; if the summary is inaccurate or if there are things we can't live with
22:47:53 [npdoty]
... go through the individual paragraphs, and then talk about the top paragraph
22:48:36 [npdoty]
peterswire: didn't post it online because we didn't want it to be attributed to people in the room without getting agreement
22:48:43 [npdoty]
tlr: fine on 5? room: yes.
22:48:48 [Zakim]
-Chapell
22:48:56 [npdoty]
susan: rigo and I posted a link in IRC to a shorter version
22:49:11 [npdoty]
http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
22:49:13 [rigo]
http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
22:49:39 [npdoty]
justin: whatever language we go with, we don't have agreement that a permitted use is necessary, I remain convince that we won't need this
22:50:04 [npdoty]
rigo: you have an alternative suggestion, we have to figure out whether this address their issue
22:50:08 [Zakim]
+Chapell
22:50:29 [npdoty]
justin: Shane's proposal too, just want to make clear that not consensus that a permitted use will be needed
22:50:56 [npdoty]
amyc: I think what Peter is saying is that for a lot of this stuff is something being discussed today, all of this end up as normative text where we can tweak and discuss normative text
22:51:18 [npdoty]
... maybe have something in the first paragraph that everything is subject to our discussion and approval as a group
22:51:35 [npdoty]
justin: fix spelling.
22:52:25 [npdoty]
Wileys: many side conversations about living in the yellow vs. the red state
22:52:52 [npdoty]
peterswire: substantive requirement in the current proposed text that it be pseudonymous
22:53:02 [npdoty]
tlr: important point, we have it in the minutes, can live without it being in the document
22:53:10 [BerinSzoka]
oxford commas!
22:53:13 [npdoty]
... other pieces in 1 that need to be in the document?
22:53:42 [justin]
We could add the phrase ", as well as whether data must be deidentified for this use." to the last sentence.
22:53:47 [npdoty]
Lmastria_DAA: I don't know if this helps, "term sheet" means a lot of stuff, perhaps a different phrasing might help
22:53:52 [npdoty]
room: "work plan"?
22:54:22 [afowler]
afowler has joined #dnt
22:54:26 [johnsimpson]
Document title: "Consensus Statement."
22:54:35 [npdoty]
Lmastria_DAA: the second piece, maybe walking backwards a little, if we are as a group having some issues about putting too much language in one place or another, could we just bullet point rather than being so descriptive / detailed?
22:54:53 [npdoty]
tlr: I think we are close to agreement on 2 out of the 5, then starting text and the title / then the entire thing
22:55:17 [npdoty]
peterswire: any changes to 3? not live with?
22:55:33 [npdoty]
Wileys: I think something a little clearer would be that two new action items were created
22:55:49 [npdoty]
... 1) state the three-state in a principled way (tied to proportionality and retention limits)
22:56:18 [dsinger__]
...wants to get important people's input but notes the agenda runs to 5pm...
22:56:49 [npdoty]
... Yahoo diagram stuff would be non-normative text and Dan's non-normative text of examples that would satisfy those principles
22:56:57 [npdoty]
... Dan has agreed to build the transparency template
22:58:09 [npdoty]
jmayer: on 3, use "three-state", a reference to Shane's proposal with one-way hashing -- three states in general, not just Yahoo! specific?
22:58:21 [npdoty]
... not agreement that Shane's example would be sufficient
22:58:53 [npdoty]
tlr: one approach would be that we take that model, alternatively, abstract one level up to principles and separate principles and implementation
22:59:06 [npdoty]
... might just be an issue with non-grammatical rough version
22:59:16 [npdoty]
tlr: "possible approach"
22:59:31 [npdoty]
jmayer: is this just agreement to a possible approach that many people disagree with?
22:59:39 [npdoty]
<cross-talk>
22:59:50 [npdoty]
wileys: just intended as a proposal
23:00:02 [npdoty]
Lmastria_DAA: on #4, suggest we pull out the stuff about a template, not something I've heard about
23:00:34 [BerinSzoka]
Anyone driving up to San Francisco? I'm looking for a ride
23:00:36 [npdoty]
tlr: idea was that Dan would write down what he thought would be important pieces about transparency
23:00:49 [npdoty]
... a work item rather than an agreement
23:00:58 [npdoty]
peterswire: add "for consideration, by the group"
23:01:01 [dsinger__]
...would really appreciate it if people could express their own concerns and leave the chairs to do their job of determining consensus
23:01:08 [npdoty]
Lmastria_DAA: the whole idea of a template is a little troubling, partly because of the surprise
23:01:10 [vinay]
Berin - I wonder if you can ride one of Apple's shuttles up to SF. Might be a question to David
23:01:34 [paulohm]
paulohm has joined #dnt
23:01:35 [npdoty]
wileys: fine to remove it, but the work item will still happen
23:01:50 [npdoty]
tlr: is the problem the word "template"? lou: yes.
23:02:12 [npdoty]
peterswire: on 3 and 4, any other significant changes needed?
23:02:58 [npdoty]
justin: suggest we take out the "not include MUST level limits", both incorrect given the current state, and aleecia's concern, and I suggest that we remove it
23:03:05 [Zakim]
-bilcorry
23:03:29 [Zakim]
-Chapell
23:03:45 [npdoty]
danauer: this is all part of a proposal, a new idea that we're exploring
23:04:25 [npdoty]
justin: "agreement to examine" rather than just "agreement"
23:04:34 [npdoty]
[resolved by moving up to 3, instead of 4.]
23:04:41 [npdoty]
justin: just remove the clause, doesn't match other things
23:05:08 [npdoty]
peterswire: is there anyone with major heartburn if we don't have it? we know in the minutes that it's a thought and we'll study it
23:05:42 [npdoty]
... no other changes on 3
23:06:39 [npdoty]
jmayer: there were two three-state proposals, Shane and Dan
23:07:09 [npdoty]
danauer: "a three-state" and drop attribution room: general agreement.
23:07:52 [npdoty]
paulohm: minutes reflect my understanding of what general browseable web
23:08:27 [npdoty]
... general browseable web is a term used by w3c in other contexts
23:08:29 [fwagner]
fwagner has joined #dnt
23:08:37 [npdoty]
... to exclude devices that use http as a service
23:08:42 [npdoty]
... and exclude things like dog collars.
23:09:09 [dan_auerbach]
dan_auerbach has joined #dnt
23:09:11 [npdoty]
tlr: web services in the WS* meaning
23:09:22 [npdoty]
paulohm: jmayer also had objections
23:09:55 [npdoty]
jmayer: if the only limitation is about dog collars, I don't care... but if it doesn't encompass Firefox OS, or iOS which have pervasive implementations, then I'm not on board
23:10:16 [npdoty]
hober: we even used examples like embededd UI WebView
23:10:32 [npdoty]
jmayer: in firefox os, you could have an app that received DNT
23:10:47 [npdoty]
tlr: have a broad sense of view of the priorities is
23:11:10 [npdoty]
jmayer: my understanding is that platforms like ffx os and ios would access the general web
23:11:15 [npdoty]
q+
23:12:44 [justin]
q- justin
23:13:14 [BerinSzoka]
AMEN. Also, note, rush hour...
23:13:28 [npdoty]
npdoty: I wouldn't be comfortable just based on a breakout discussion foreclosing work that we've already done in the documents and ruling out clients that don't have JavaScript, use screen readers, etc.
23:13:48 [npdoty]
... fine with priorities, but wouldn't want to foreclose those technologies in the current version without having that full discussion
23:14:24 [npdoty]
dwainberg: isn't this just a not-commitment-to-particular-text agreement towards what we'd be doing
23:14:33 [npdoty]
<loud applause>
23:15:02 [npdoty]
agreement that it's not specific restriction to terms, but general priority
23:15:03 [BerinSzoka]
finally, I agree with John on something!
23:15:05 [npdoty]
title of the document
23:15:18 [npdoty]
johnsimpson: title should include "consensus"
23:16:08 [BerinSzoka]
I don't mean to be rude, but why are we still talking?
23:16:11 [npdoty]
jmayer: agree with Lou on revising title, noting "agreements" rather than "actions", suggest: "consensus conversation summary"
23:16:27 [susanisrael]
General agreement on work plan?
23:16:35 [npdoty]
"Consensus Action Summary", no one too bothered by that
23:17:13 [npdoty]
no corrections/objections to the intro? none.
23:17:21 [npdoty]
any objections to sending out the document?
23:17:32 [npdoty]
johnsimpson: refer to people by full names.
23:17:39 [aleecia]
aleecia has joined #dnt
23:17:53 [npdoty]
dsinger: destroy bits of paper of the early versions
23:18:36 [npdoty]
justin: "sufficient progress" -- is the progress really "sufficient"?
23:18:44 [robsherman]
robsherman has joined #dnt
23:18:48 [Zakim]
-moneill2
23:18:50 [Zakim]
-WaltMichel_Comcast
23:19:04 [npdoty]
npd: sufficient just modulo to "merit moving ahead" not a general normative term
23:19:13 [npdoty]
peterswire: thanks to David Singer for wonderful hosting
23:19:20 [npdoty]
<loud applause>
23:19:22 [npdoty]
adjourned.
23:19:30 [johnsimpson]
johnsimpson has left #dnt
23:20:28 [npdoty]
rrsagent, please draft the minutes
23:20:28 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/07-dnt-minutes.html npdoty
23:20:29 [Zakim]
-[Apple]
23:20:30 [Zakim]
T&S_Track(dntf2f)11:00AM has ended
23:20:30 [Zakim]
Attendees were +49.172.147.aaaa, [Apple], +49.172.147.aabb, dsinger, +49.172.147.aacc, bilcorry, +49.172.147.aadd, moneill2, schunter, Jonathan_Mayer, +33.6.50.34.aaee, vincent,
23:20:30 [Zakim]
... Rich_Schwerdtfeger, +1.917.318.aaff, +1.215.480.aagg, Chapell, WaltMichel_Comcast, Mark_Vickers, Bryan, MikeO
23:20:33 [aleecia]
do we have a pointer to the later draft? What did yinz agree upon?
23:21:38 [npdoty]
aleecia, to come briefly to mailing list, I believe
23:21:44 [aleecia]
Thank you Nick
23:21:45 [npdoty]
rrsagent, pointer?
23:21:45 [RRSAgent]
See http://www.w3.org/2013/05/07-dnt-irc#T23-21-45
23:22:17 [aleecia]
Do we still claim a July LC?
23:26:04 [wseltzer]
minutes at http://www.w3.org/2013/05/08-dnt-minutes.html
23:28:16 [npdoty]
yay wseltzer
23:30:01 [dsinger__]
dsinger__ has joined #dnt
23:59:02 [AndChat|208329]
AndChat|208329 has joined #dnt
00:00:08 [haakonfb]
haakonfb has left #dnt
00:01:21 [dsinger__]
dsinger__ has joined #dnt
00:03:34 [dsinger___]
dsinger___ has joined #dnt
00:11:22 [npd]
npd has joined #dnt
00:13:42 [npdoty]
npdoty has joined #dnt
00:43:11 [robsherman]
robsherman has joined #dnt
00:54:12 [fwagner]
fwagner has joined #dnt
01:16:00 [rvaneijk]
rvaneijk has joined #dnt
01:37:39 [robsherman]
robsherman has joined #dnt
02:37:29 [afowler]
afowler has joined #dnt
03:39:52 [W3C]
W3C has joined #dnt
03:42:38 [W3C1]
W3C1 has joined #dnt
04:40:42 [npdoty]
npdoty has joined #dnt
05:18:21 [npdoty]
npdoty has joined #dnt
05:34:25 [kulick]
kulick has joined #dnt
05:40:58 [fwagner]
fwagner has joined #dnt
05:56:10 [kulick_]
kulick_ has joined #dnt
05:57:39 [npdoty]
npdoty has joined #dnt
08:05:28 [strider]
strider has joined #dnt
09:05:50 [strider]
strider has joined #dnt
10:09:26 [strider]
strider has joined #dnt
11:09:53 [strider]
strider has joined #dnt
11:29:53 [Zakim]
Zakim has left #dnt
12:10:30 [strider]
strider has joined #dnt
13:10:51 [strider]
strider has joined #dnt
13:44:27 [W3C]
W3C has joined #dnt
13:59:39 [W3C]
W3C has left #dnt
14:11:16 [strider]
strider has joined #dnt
14:19:23 [strider]
strider has joined #dnt
14:19:35 [strider1]
strider1 has joined #dnt
15:03:03 [hober]
hober has joined #dnt
15:30:49 [kulick]
kulick has joined #dnt
17:10:34 [npdoty]
npdoty has joined #dnt
17:34:32 [strider]
strider has joined #dnt
18:19:43 [npdoty]
npdoty has joined #dnt
18:20:16 [strider1]
strider1 has joined #dnt
18:21:39 [strider2]
strider2 has joined #dnt
19:22:26 [npdoty]
npdoty has joined #dnt
19:24:10 [kulick]
kulick has joined #dnt
19:24:21 [strider]
strider has joined #dnt
19:46:02 [kulick]
kulick has joined #dnt
19:51:05 [strider]
strider has joined #dnt