IRC log of dnt on 2013-05-22

Timestamps are in UTC.

15:42:08 [RRSAgent]
RRSAgent has joined #dnt
15:42:08 [RRSAgent]
logging to http://www.w3.org/2013/05/22-dnt-irc
15:42:10 [trackbot]
RRSAgent, make logs world
15:42:10 [Zakim]
Zakim has joined #dnt
15:42:12 [trackbot]
Zakim, this will be
15:42:12 [Zakim]
I don't understand 'this will be', trackbot
15:42:13 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
15:42:13 [trackbot]
Date: 22 May 2013
15:42:19 [npdoty]
Zakim, this will be 87225
15:42:19 [Zakim]
ok, npdoty; I see T&S_Track(dnt)12:00PM scheduled to start in 18 minutes
15:50:01 [efelten]
efelten has joined #dnt
15:52:54 [rvaneijk]
rvaneijk has joined #dnt
15:55:55 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:56:03 [Zakim]
+schunter
15:57:16 [Zakim]
+efelten
15:58:16 [Zakim]
+npdoty
15:58:37 [fielding]
fielding has joined #dnt
15:58:46 [Yianni]
Yianni has joined #DNT
15:58:55 [tlr]
zakim, call thomas-781
15:58:55 [Zakim]
ok, tlr; the call is being made
15:58:56 [Zakim]
+Thomas
15:59:14 [tlr]
zakim, I am thomas
15:59:14 [Zakim]
ok, tlr, I now associate you with Thomas
15:59:16 [tlr]
zakim, mute me
15:59:16 [Zakim]
Thomas should now be muted
15:59:20 [Zakim]
+Yianni
15:59:26 [Zakim]
+Chris_IAB
15:59:27 [schunter]
Zakim, who is on the phone
15:59:28 [Zakim]
I don't understand 'who is on the phone', schunter
15:59:31 [Yianni]
Zakim, mute me
15:59:31 [Zakim]
Yianni should now be muted
15:59:38 [Chris_IAB]
Chris_IAB has joined #dnt
15:59:39 [npdoty]
Zakim, who is on the phone?
15:59:39 [Zakim]
On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB
15:59:42 [Zakim]
+RichardWeaver
15:59:52 [Zakim]
+kulick
15:59:54 [Richard_comScore]
Richard_comScore has joined #dnt
15:59:59 [jchester2]
jchester2 has joined #dnt
16:00:01 [Chris_IAB]
is there a call today?
16:00:04 [samsilberman]
samsilberman has joined #dnt
16:00:07 [Zakim]
+Fielding
16:00:17 [Lmastria_DAA]
Lmastria_DAA has joined #dnt
16:00:34 [Zakim]
+jchester2
16:00:35 [Zakim]
+phildpearce
16:00:36 [Zakim]
+Peder_Magee
16:00:36 [Zakim]
+ +1.415.436.aaaa
16:00:36 [jchester2]
zakim, mute me
16:00:38 [Zakim]
jchester2 should now be muted
16:00:40 [Zakim]
+ +1.781.482.aabb
16:00:43 [WileyS]
WileyS has joined #DNT
16:00:46 [phildpearce]
phildpearce has joined #dnt
16:00:49 [Chris_IAB]
I'm joining from 212-380-xxxx
16:00:52 [Zakim]
+Chris_Pedigo
16:00:54 [adrianba]
adrianba has joined #dnt
16:00:57 [Zakim]
+[DAA]
16:01:01 [dan_auerbach]
dan_auerbach has joined #dnt
16:01:01 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
16:01:02 [peterswire]
peterswire has joined #dnt
16:01:08 [paulohm]
paulohm has joined #dnt
16:01:11 [susanisrael]
susanisrael has joined #dnt
16:01:12 [samsilberman]
zakim aabb is samsilberman
16:01:13 [hefferjr]
hefferjr has joined #dnt
16:01:18 [_023263538magee]
_023263538magee has joined #dnt
16:01:23 [Chris_IAB]
npdoty, thanks-- I'm on the East Coast today, so I guess I was just "early"
16:01:39 [Zakim]
+ +1.212.231.aacc
16:01:41 [Zakim]
+paulohm
16:01:55 [sidstamm]
sidstamm has joined #dnt
16:02:02 [vincent]
vincent has joined #dnt
16:02:08 [Zakim]
+ +1.301.365.aadd
16:02:09 [Zakim]
+Craig_Spiezle
16:02:12 [Zakim]
+ +49.431.98.aaee
16:02:21 [peterswire]
301.365.0653 is peter swire's line today
16:02:22 [npdoty]
Zakim, aaee is ninjamarnau
16:02:22 [Zakim]
+ninjamarnau; got it
16:02:25 [Zakim]
+vinay
16:02:29 [tlr]
zakim, mute thomas
16:02:29 [Zakim]
Thomas was already muted, tlr
16:02:29 [npdoty]
Zakim, aadd is peterswire
16:02:31 [Zakim]
+??P51
16:02:31 [Zakim]
+peterswire; got it
16:02:32 [Zakim]
-??P51
16:02:33 [susanisrael]
susanisrael has joined #dnt
16:02:34 [samsilberman]
Zakim, aabb is samsilberman
16:02:35 [CraigSpiezle]
CraigSpiezle has joined #dnt
16:02:37 [Zakim]
+samsilberman; got it
16:02:37 [schunter]
Zakim, aadd is swire
16:02:38 [Zakim]
sorry, schunter, I do not recognize a party named 'aadd'
16:02:43 [Zakim]
+[Mozilla]
16:02:48 [sidstamm]
Zakim, Mozilla has sidstamm
16:02:48 [Zakim]
+sidstamm; got it
16:02:52 [Zakim]
+hefferjr
16:02:53 [npdoty]
Zakim, who is on the phone?
16:02:53 [Zakim]
On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce,
16:02:56 [Zakim]
... +1.415.436.aaaa, samsilberman, Chris_Pedigo, [DAA], paulohm, +1.212.231.aacc, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr
16:02:56 [Zakim]
[Mozilla] has sidstamm
16:03:07 [Zakim]
+vincent
16:03:13 [WileyS]
zakim, aacc is WileyS
16:03:13 [Zakim]
+WileyS; got it
16:03:14 [Zakim]
+ +1.202.787.aaff
16:03:30 [cOlsen]
cOlsen has joined #dnt
16:03:30 [Zakim]
+BerinSzoka
16:03:33 [susanisrael]
Zakim 917.934.1044 is susanisrael
16:03:35 [Zakim]
+ +1.202.344.aagg
16:03:37 [JC]
JC has joined #DNT
16:03:43 [Lmastria_DAA]
am on phone from 212.790.xxxx
16:03:47 [npdoty]
scribenick: susanisrael
16:04:12 [Zakim]
+[Microsoft]
16:04:28 [npdoty]
Zakim, [DAA] has Lmastria_DAA
16:04:28 [Zakim]
+Lmastria_DAA; got it
16:04:32 [susanisrael]
schunter: will run call in 2 parts, 1st, TPE, 2nd, compliance
16:04:41 [Zakim]
+Wendy
16:04:57 [npdoty]
issue-194?
16:04:57 [trackbot]
ISSUE-194 -- How should we ensure consent of users for DNT inputs? -- open
16:04:57 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/194
16:05:04 [Mike_Zaneis]
Mike_Zaneis has joined #dnt
16:05:07 [Zakim]
+[Microsoft.a]
16:05:14 [adrianba]
zakim, [Microsoft.a] is me
16:05:14 [Zakim]
+adrianba; got it
16:05:26 [susanisrael]
schunter: I provided several issues to discuss. 194. how decide content of users for dnt input?
16:05:37 [npdoty]
Zakim, who is on the phone?
16:05:37 [Zakim]
On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce,
16:05:40 [Zakim]
... +1.415.436.aaaa, samsilberman, Chris_Pedigo, [DAA], paulohm, WileyS, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr, vincent, +1.202.787.aaff, BerinSzoka,
16:05:40 [Zakim]
... +1.202.344.aagg, [Microsoft], Wendy, adrianba
16:05:40 [Zakim]
[DAA] has Lmastria_DAA
16:05:40 [Zakim]
[Mozilla] has sidstamm
16:05:49 [susanisrael]
...currently dnt tools have input 1 and 0 but so do many tools so hard to say if they compliance
16:05:50 [Zakim]
+mecallahan
16:05:56 [Zakim]
+[FTC]
16:06:00 [mecallahan]
mecallahan has joined #dnt
16:06:01 [fielding]
q+
16:06:11 [Zakim]
+WaltMichel_Comcast
16:06:23 [Zakim]
+jeffwilson
16:06:29 [Brooks]
Brooks has joined #dnt
16:06:32 [Zakim]
+dwainberg
16:06:36 [kulick]
kulick has joined #dnt
16:06:38 [dwainberg]
dwainberg has joined #dnt
16:06:40 [susanisrael]
one idea at f2f was to introduce tools ....including 2 and 4 ....there are legacy things that send 1, 0 and new ones that send 2, 4
16:06:49 [Mike_Zaneis]
Zakim 202.344.aagg is me
16:06:53 [npdoty]
q+ to ask whether we didn't decide that legacy *wasn't* the problem
16:07:02 [efelten]
s/2 and 4/true and false/
16:07:04 [susanisrael]
if they receive 2, 4 they must follow guidance, and if they get legacy signals they have to decide....
16:07:06 [npdoty]
Zakim, aagg is Mike_Zaneis
16:07:06 [Zakim]
+Mike_Zaneis; got it
16:07:16 [efelten]
s/2, 4/true, false/
16:07:25 [dan_auerbach]
q+
16:07:26 [susanisrael]
*tx e felten. having trouble hearing schunter
16:07:43 [tlr]
q?
16:07:45 [hefferjr]
q+
16:07:45 [schunter]
q?
16:07:46 [susanisrael]
would like feedback and 2, 4/true/false.....
16:07:52 [sidstamm]
q+ to ask: what will stop the (noncompliant/legacy) tools from sending the new signals?
16:07:54 [schunter]
ack fielding
16:07:58 [Zakim]
+hwest
16:08:03 [WileyS]
I don't believe there is much value for the true/false flags. The effort to update code to this area doesn't seem to buy us any protection
16:08:08 [hwest]
hwest has joined #dnt
16:08:13 [WileyS]
+1 to Roy
16:08:28 [schunter]
ack npdoty
16:08:28 [Zakim]
npdoty, you wanted to ask whether we didn't decide that legacy *wasn't* the problem
16:08:32 [sidstamm]
yes, +1 to fielding
16:08:35 [susanisrael]
...fielding: problem is that only problems we are having with UAs right now is deliberate mis-sending of signals and i don't want to send more data over wire, particularly more variations of same, doesn't solve anything
16:08:35 [rvaneijk]
What did Roy say??
16:08:46 [rvaneijk]
ok
16:08:48 [sidstamm]
q- since my question was asked
16:08:54 [sidstamm]
q-
16:08:57 [susanisrael]
npdoty: was going to echo roy, but thought we decided at f2f that legacy not the issue.....
16:08:58 [schunter]
q?
16:09:03 [susanisrael]
schunter: what to do?
16:09:11 [schunter]
ack dan_auerbach
16:09:15 [susanisrael]
npdoty: thought we decided to stick with 0 and 1
16:09:36 [susanisrael]
danauerbach: agree with roy and nick and it would create unhelpful clutter
16:09:36 [schunter]
q?
16:09:46 [schunter]
ack hefferjr
16:09:46 [npdoty]
ack hefferjr
16:09:48 [fielding]
I said that the issue right now is UAs (and others) deliberately sending a signal that is not based on user choice -- adding two more signals does not solve anything.
16:10:10 [fielding]
… and I really don't want to send more bytes on the wire than 8.
16:10:12 [sidstamm]
not sure waiting will help
16:10:16 [susanisrael]
hefferjr: have no opinion on value of abandoning 0 and 1 but if we do let's delay until spec and responsibilities are finalized before we change signals
16:10:54 [schunter]
q?
16:10:57 [susanisrael]
schunter: i think about signals, True can be abbreviated with "T" but if no one wants True and False in addition to 0, 1 we can close issue....does anyone want more signals?
16:11:02 [npdoty]
is there anyone who wants to have more signals than 0 and 1, for any reason?
16:11:07 [WileyS]
+q
16:11:08 [susanisrael]
schunter: doesn't seem to be the case....
16:11:29 [npdoty]
I think we wouldn't close issue-194, as it covers some other topics
16:11:29 [susanisrael]
schunter: so if you go back to the issue.....
16:11:29 [schunter]
q?
16:11:31 [npdoty]
ack WileyS
16:11:33 [schunter]
ack Wil
16:11:52 [moneill2]
moneill2 has joined #dnt
16:12:07 [sidstamm]
mostly non-user-agent http clients
16:12:19 [susanisrael]
wileys: i think roy caught this in irc, but want to reiterate this from f2f, we have many user agents sending signals without user preference so I don't see value in this approach, just as easy to game the system with new flags
16:12:23 [Chris_IAB]
agree with Shane
16:12:52 [sidstamm]
WileyS, do you mean user agents like browsers or things like firewalls?
16:12:55 [npdoty]
I think "DNT: 1" is explicitly misstating in these cases, given our definition of DNT: 1
16:12:57 [susanisrael]
schunter: to some extent i agree, the argument i heard was that if bad agents are required to explicitly misstate what they do this creates a hook for legal action
16:13:06 [WileyS]
Sid, all the above
16:13:15 [sidstamm]
ok, so they would be noncompliant
16:13:16 [peterswire]
+q
16:13:29 [susanisrael]
.....naturally anyone can send these signals but they are misstating but if no one thinks this make sense or is useful we should not do it....
16:13:33 [Chris_IAB]
q+
16:13:42 [sidstamm]
q+
16:13:47 [npdoty]
ack peterswire
16:13:50 [schunter]
ack pet
16:13:56 [WileyS]
Sid, yes, if the final standard states sending DNT:1 without specific and express user action/preference setting, then they would be in non-compliance.
16:14:18 [sidstamm]
makes sense, WileyS
16:14:20 [schunter]
Sending "t" is as much bytes as sending "1"
16:14:41 [schunter]
q?
16:14:45 [susanisrael]
peterswire: i have no view on right answers, but what mattias stated is what i heard from some people, especially on site side. for example, i heard that if anti-virus is sending signals this might help in legal action if people say they are sending false signals
16:14:46 [npdoty]
ack Chris_IAB
16:14:48 [schunter]
ack Chris
16:15:32 [npdoty]
peterswire, would you want to follow up with any of those people directly to see if they want to come forward subsequently with a text proposal or use case?
16:15:34 [npdoty]
q?
16:15:34 [susanisrael]
chris_iab: agree with shane, the problem is the signal can be hijacked. one of the fundamental problems with sending http signals. so i dont think this adds credibility to argument that this provides a legal hook of some sort
16:15:39 [npdoty]
ack sidstamm
16:15:39 [schunter]
ack sidstamm
16:15:41 [dan_auerbach]
everyone should use HTTPS so that network intermediaries can't hijack. i know this doesn't fully solve the problem, but it helps...
16:15:48 [npdoty]
Zakim, who is on the phone?
16:15:48 [Zakim]
On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce,
16:15:51 [Zakim]
... +1.415.436.aaaa, samsilberman, Chris_Pedigo, [DAA], paulohm, WileyS, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr, vincent, +1.202.787.aaff, BerinSzoka,
16:15:51 [Zakim]
... Mike_Zaneis, [Microsoft], Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast, jeffwilson, dwainberg, hwest
16:15:51 [Zakim]
[DAA] has Lmastria_DAA
16:15:51 [Zakim]
[Mozilla] has sidstamm
16:16:20 [dan_auerbach]
npdoty, yes i am
16:16:24 [susanisrael]
sidstamm: made this point at f2f, but important so repeating. With TPE there will have to be some trust on both sides of protocol. sure, UAs who don't get consent "properly" are noncompliant.....
16:16:28 [dan_auerbach]
apologies, didn't realize my # wasn't saved
16:16:28 [npdoty]
Zakim, aaaa is dan_auerbach
16:16:28 [Zakim]
+dan_auerbach; got it
16:16:37 [Zakim]
+[IPcaller]
16:16:53 [moneill2]
zakim, [IPCaller] is me
16:16:53 [Zakim]
+moneill2; got it
16:16:55 [susanisrael]
but for purpose of TPE, we need to assume everyone is being honest. For TPE doc, let's just focus on protocol itself.
16:16:59 [schunter]
q?
16:17:36 [npdoty]
q+
16:17:40 [susanisrael]
schunter: so we seem to have agreement to leave 1,0 signals. a related question i have is can we close issue 194? since we have no idea how to protect signals? or keep it open?
16:17:48 [sidstamm]
yes, we can reopen if someone finds up with a way to guarantee authenticity of the signal.
16:17:53 [schunter]
http://www.w3.org/2011/tracking-protection/track/issues/194
16:17:55 [peterswire]
+q
16:17:58 [BerinSzoka]
BerinSzoka has joined #DNT
16:17:59 [BerinSzoka]
+q
16:18:00 [tlr]
issue-194?
16:18:00 [trackbot]
ISSUE-194 -- How should we ensure consent of users for DNT inputs? -- open
16:18:00 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/194
16:18:51 [susanisrael]
npdoty: i am all for decreasing number of issues, but in this case i think issue 194 is intended to cover more than whether we would change syntax of dnt signal, so i think we should just add a note about sticking with 0, 1 to issue
16:18:54 [npdoty]
ack npdoty
16:18:59 [susanisrael]
schunter: agree
16:19:01 [schunter]
q?
16:19:06 [schunter]
ack peter
16:19:09 [Zakim]
-jeffwilson
16:19:32 [efelten]
Who proposed this?
16:19:37 [sidstamm]
we can re-open the issue if new information is provided
16:19:39 [tlr]
q+
16:19:50 [Chris_IAB]
Chappell was on this issue, but is not on the call
16:19:54 [susanisrael]
peterswire: i might be misrembering but some people i think i remember discussing this with are not on call today, so i am not sure of procedure, but I would be inclined to follow up with them and make sure they have no strong views
16:20:10 [npdoty]
we can "close" this part of an issue, and re-open if we hear new concerns
16:20:16 [tlr]
+1
16:20:16 [tlr]
q-
16:20:18 [Chris_IAB]
FYI- NAI Summit is today, so low attendance from industry
16:20:20 [peterswire]
+1
16:20:22 [susanisrael]
schunter: suggest following nick's suggestion of putting comment in issue, then suggest people post to mailing list if they have strong feelings, ok?
16:20:32 [schunter]
Ack BerinSzoka
16:20:34 [Zakim]
+jeffwilson
16:20:38 [WileyS]
NAI Summit was yesterday
16:20:45 [tlr]
q+
16:21:01 [Chapell]
Chapell has joined #DNT
16:21:05 [WileyS]
NAI Board Meeting is today - which I'm ditching for 90 mins to be here :-)
16:21:13 [susanisrael]
berinszoka: i don't know enough to have an informed opinion, but as to chris's point, it's a problem if signal can be hijacked. Everyone here wants signal to be legally binding, and wants to trust it....
16:21:22 [npdoty]
issue-194: agreement that we would continue with DNT: 0 and DNT: 1 (rather than a change to obsolete legacy clients, or for other reasons), but issue-194 may cover additional things
16:21:22 [trackbot]
Notes added to ISSUE-194 How should we ensure consent of users for DNT inputs?.
16:21:48 [sidstamm]
I don't think we want any language about legal enforcability in a technical standard
16:21:50 [schunter]
q?
16:21:52 [susanisrael]
....so getting back to analogy of dock and ship, it might be a good thing for consumer advocates to make sure signal is robust. I think we may want to have a conversation about legal enforceability.
16:21:55 [schunter]
ack Thomas Roessler (DNT)
16:21:55 [tlr]
ack t
16:22:06 [susanisrael]
schunter: i think we all want strong signal
16:22:16 [npdoty]
Present+ Jack_Hobaugh
16:22:22 [npdoty]
Zakim, who is on the phone?
16:22:22 [Zakim]
On the phone I see schunter, efelten, npdoty, Thomas, Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce, dan_auerbach,
16:22:25 [Zakim]
... samsilberman, Chris_Pedigo, [DAA], paulohm, WileyS, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr, vincent, +1.202.787.aaff, BerinSzoka, Mike_Zaneis,
16:22:25 [Zakim]
... [Microsoft], Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast, dwainberg, hwest, moneill2, jeffwilson
16:22:25 [Zakim]
[DAA] has Lmastria_DAA
16:22:25 [Zakim]
[Mozilla] has sidstamm
16:22:25 [Chris_IAB]
peterswire, Chapell just joined
16:22:30 [BerinSzoka]
Thomas, could you just explain why you think we're meeting htt threshold?
16:22:35 [BerinSzoka]
htt=that
16:22:50 [Chapell]
sorry folks - i'm having trouble extricating myself from the nai board meeting
16:22:50 [Chris_IAB]
peterswire, to your last point about not having the right folks on the call re the last issue
16:22:52 [susanisrael]
tlr: i agree with berin that signal should be reliable, and i think we are meeting that threshold in what we have,,,,but happy to reopen if we have actual technical means to strengthen it, but otherwise wouldn't reopen it.....
16:22:55 [npdoty]
Zakim, drop aaff
16:22:55 [Zakim]
+1.202.787.aaff is being disconnected
16:22:57 [Zakim]
- +1.202.787.aaff
16:22:58 [BerinSzoka]
I'm not saying we're not meeting the threshold. but some people seem to think we're not
16:23:04 [tlr]
berin, I'm making a symmetry argument.
16:23:11 [npdoty]
issue-137?
16:23:11 [trackbot]
ISSUE-137 -- Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) -- pending review
16:23:11 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/137
16:23:11 [susanisrael]
schunter: nick pls add note to issue
16:23:21 [tlr]
If HTTP is good enough to serve ads and information about ad impressions, then it's good enough for DNT.
16:23:22 [BerinSzoka]
explain?
16:23:24 [WileyS]
Thomas, I respectfully disagree - the signal is simply far to easy to hijack in its current form. Its such a fundamental issue that I don't know how we resolve this without significant technical overhead.
16:23:34 [Chapell]
+1 to shane
16:23:35 [susanisrael]
schunter: Issue 137 was David's but it seems he is not on call.....
16:23:54 [susanisrael]
schunter: so let's postpone this discussion
16:23:54 [WileyS]
Or we accept the signal will be gamed in high percentages and attempt to find balance elsewhere
16:24:37 [BerinSzoka]
I think we all need to look out for issues that could cause a #DNTFail in the future: as situation where all our work turns out for naught because, for example, some company starts hijacking the signal and servers stop respecting it.
16:24:39 [susanisrael]
schunter: we are trying to avoid having a chair decision, and so for now we are adding note and want to get to consensus, otherwise peter and i will decide with group input and call for objection.....
16:24:44 [Chris_IAB]
yes
16:24:46 [kulick]
yes
16:24:58 [susanisrael]
peterswire: is volume on call ok?
16:24:58 [npdoty]
Topic: Compliance
16:25:01 [Zakim]
-moneill2
16:25:20 [Chris_IAB]
peterswire, now that we have more folks on the call, do you want to go over the issue we skipped earlier
16:25:32 [Zakim]
+ +1.202.787.aahh
16:25:39 [schunter]
WileyS: If you assume that most signals are gamed, you can still re-validate consent locally while using the exception API to record your state.
16:25:39 [susanisrael]
peterswire: i propose to do quick check on sunnyvale issues, then go through jonathan's comments on issue merger and redefinition, then go through fuller list of issues in agenda
16:26:02 [WileyS]
Rob, I hope not - trying to find solutions going forward. As with de-identification not all solutions are purely technical in nature, so once the DNT standard becomes a standard, we'll be looking for ways to motivate non-compliance UAs to become compliant. Will be expensive and time consuming (whack-a-mole) but I believe it will be necessary.
16:26:02 [tlr]
ack htomas
16:26:15 [susanisrael]
peterswire: want to get full set of assignments today. I know tlr is on call only for a while. You are doing something on data retention.
16:26:29 [Chris_IAB]
sorry, interested in what?
16:26:47 [WileyS]
s/non-compliance/compliant
16:27:00 [tlr]
zakim, mute me
16:27:00 [Zakim]
Thomas should now be muted
16:27:06 [susanisrael]
tlr: update is that i got about a dozen notes from people who said they were interested but haven't been able to schedule yet. Hope to do so in next day or two, apologies for being slow.
16:27:09 [npdoty]
scribenick: npdoty
16:27:09 [WileyS]
Nick, definitely want to be there <raises hand>
16:27:17 [Chris_IAB]
got it. I'm interested, but I think I've already expressed as much :)
16:27:25 [npdoty]
peterswire: susanisrael, update or new date?
16:27:56 [npdoty]
susanisrael: I've had several conversations, trying to follow up with Jeff Chester with Rigo, but Rigo has been out [sick] for a few days
16:28:11 [npdoty]
... don't like to delay, but might be able to get the language in next week
16:28:19 [npdoty]
... need to go back and forth with Rigo
16:28:20 [jchester2]
I look forward to hearing from Susan and Rigo what their proposal is.
16:28:46 [npdoty]
susanisrael: owe jeff and justin a call. people have been very helpful, just scheduling issues rather than substantive issues
16:28:58 [npdoty]
action-404?
16:28:58 [trackbot]
ACTION-404 -- Susan Israel to further Fact finding on scope of audience measurement and the DAA exception (one page of text) -- due 2013-05-15 -- OPEN
16:28:58 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/404
16:29:15 [npdoty]
susanisrael: try for next week on audience measurement
16:29:23 [npdoty]
action-404 due 2013-05-29
16:29:23 [trackbot]
Set ACTION-404 Further Fact finding on scope of audience measurement and the DAA exception (one page of text) due date to 2013-05-29.
16:29:30 [npdoty]
scribenick: susanisrael
16:29:37 [npdoty]
action-402?
16:29:37 [trackbot]
ACTION-402 -- Shane Wiley to work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures -- due 2013-05-15 -- OPEN
16:29:37 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/402
16:29:46 [npdoty]
action-403?
16:29:46 [trackbot]
ACTION-403 -- Justin Brookman to write language on red / yellow / green -- due 2013-05-15 -- OPEN
16:29:46 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/403
16:29:48 [dan_auerbach]
I want to be part of crafting that language
16:30:06 [susanisrael]
peterswire: on red, yellow, green, shane you and i traded emails. I don't think i have an actual action item but I do have some things from f2f. I hope to have proposed normative text next week....
16:30:11 [tlr]
dan, audience measurement or traffic light?
16:30:26 [susanisrael]
....proposed idea is never have full history with url....
16:30:35 [dan_auerbach]
in particular, I'm hesitant to let any language get into even a draft spec without my signoff, given that this is a joint action item
16:30:41 [npdoty]
Zakim, drop aahh
16:30:41 [Zakim]
+1.202.787.aahh is being disconnected
16:30:43 [Zakim]
- +1.202.787.aahh
16:31:04 [susanisrael]
....this would be on top of normative text from daa and ftc, and would include examples from dan and some new examples from nonnormative. should have complete package next week......
16:31:08 [tlr]
ack thomas
16:31:21 [Zakim]
-[DAA]
16:31:25 [susanisrael]
peterswire: nick pls assign action item to shane
16:31:29 [npdoty]
action-402?
16:31:29 [trackbot]
ACTION-402 -- Shane Wiley to work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures -- due 2013-05-15 -- OPEN
16:31:29 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/402
16:31:40 [Chapell]
Chapell has joined #DNT
16:31:40 [dan_auerbach]
+q
16:31:42 [peterswire]
q?
16:31:43 [susanisrael]
wileys, i think the assigned action item with dan was for something different
16:31:49 [susanisrael]
tlr: your read, dan?
16:32:06 [WileyS]
Okay, I'll take first stab
16:32:17 [npdoty]
action-402 due 2013-05-28
16:32:17 [trackbot]
Set ACTION-402 Work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures due date to 2013-05-28.
16:32:37 [susanisrael]
dan: less concerned about dividing actions than whether we agree on text before it gets into a draft spec...on other hand if we want to hammer out text together happyp to do that....
16:32:38 [WileyS]
I'll take first stab to get to the group quickly - we can iterate from there
16:32:58 [npdoty]
action-402: text to group sooner rather than later is great, but might include Dan A. or Rob v.E.
16:32:58 [trackbot]
Notes added to ACTION-402 Work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures.
16:33:23 [susanisrael]
peterswire: one question, there was traffic on list as to what to call various different states, and it wasn't clear to some people from the sunnyvale doc. labeling of 3 states somewhat important in my mind....
16:33:59 [tlr]
zakim, mute me
16:33:59 [Zakim]
Thomas should now be muted
16:34:18 [susanisrael]
....my current understanding of de-identification language in daa code is analogous to yellow, and if you go all the way to green, that is unlinkable.....that term "de-identified means something different under hipaa....
16:34:24 [WileyS]
I believe de-identified data could be released to the public with little concern of it being reverse engineered
16:34:32 [WileyS]
The risk remains with the key holder
16:34:47 [rvaneijk]
WileyS that is a different discussion.
16:35:01 [WileyS]
NOTE - if the de-identified data has been appropriately stripped of side-data (data minimization)
16:35:19 [susanisrael]
....where it means it is so de-identified you can put it on the web. so in u.s. this term means really de-identified in hipaa, finding a name for that de-identified state is important, in my mind. ok as part of assignment shane?
16:35:35 [rvaneijk]
I am still screaming for a new def for de-identified, e.g. hashed pseudonym
16:35:39 [dan_auerbach]
+1 to peter that de-identification is bad naming
16:35:43 [dan_auerbach]
yes, agree with Rob
16:35:58 [npdoty]
Wileys, your version of de-identified data without the key (which is the same as described Green/Unlinkable) could be released to the public, yeah?
16:36:04 [WileyS]
Rob, I speaking in the context of HIPPA only
16:36:10 [rvaneijk]
I know.
16:36:15 [susanisrael]
wileys: i think labeling should be a separate issue. I think our de-identified state actually meets hipaa bar. It's contentious and has legal ramifications so maybe someone else should do it.
16:36:19 [tlr]
rob, can you take action item to propose different terms?
16:36:21 [npdoty]
rvaneijk, would you take a separate action on proposing new names?
16:36:44 [susanisrael]
rob seems to have strong feelings so perhaps he would be willing to take an action item...nick will follow up offline......
16:36:47 [rvaneijk]
@tlr yes, but see discussion on the list.
16:36:48 [WileyS]
Nick, I believe so - as long as the public doesn't have the key and the de-identified data has been appropriately minimized, there should be little to no risk of reidentification in public hands.
16:36:57 [npdoty]
action: van eijk to propose a new set of names around red-yellow-green de-identification
16:36:57 [trackbot]
'van' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., rvaneijk, wvanhols).
16:37:04 [dan_auerbach]
if it meets the HIPAA bar, will Yahoo release the data publicly? it would be an interesting and important test case for re-identification attacks to resolve our empirical disagreement
16:37:08 [rvaneijk]
ok
16:37:12 [susanisrael]
....other action item from sunnyvale had to do with user education and user interface.....was this lou's action item.....
16:37:28 [dan_auerbach]
WileyS, see my last comment
16:37:31 [rvaneijk]
action: rvaneijk to porpose a new set of names around yellow state
16:37:31 [trackbot]
Created ACTION-406 - Porpose a new set of names around yellow state [on Rob van Eijk - due 2013-05-29].
16:37:37 [efelten]
Shane, you keep saying that your proposed algorithm leaves data safe to release. What's your technical basis for that claim?
16:37:48 [dan_auerbach]
if there's any way Yahoo would be willing to release data, we can revisit the bet you proposed to me about re-identifying a user
16:37:53 [susanisrael]
i think the browsers were going to work on this and alan wanted to work on it. I also offered to help.
16:38:07 [WileyS]
Dan, we would likely not release it publically but perhaps release it to an independent org under NDA to test our assumptions of strength.
16:38:09 [susanisrael]
peterswire: i don't know whether we have a date for that language....
16:38:35 [Chapell]
Yep, I've offered to help -- I believe there was a discussion but I did not partipcate as they wanted to keep the group relatively small
16:38:39 [npdoty]
I don't believe we currently have that tracked under an action item
16:38:45 [Chris_IAB]
Chris Mejia can help
16:38:57 [Chris_IAB]
<---- this guy can help
16:39:08 [susanisrael]
peterswire: part of today's goal is to see when we will get some text for the full group.....
16:39:17 [susanisrael]
seeing that chris mejia can help.....
16:39:18 [Chapell]
I'd like to help as well
16:39:22 [npdoty]
hearing: Chapell, Chris_IAB interested
16:39:23 [WileyS]
Ed, if the record has been appropriately de-identified (see the steps in the graphic Brad Kulick circulated) then releasing that to a 3rd party should come with little risk of reidentification. Something to be tested...
16:39:26 [dan_auerbach]
Shane, that'd be a great thing to do, but hard to substitute for public release in terms of getting side channel data for effective attacks. still, feel free to keep me looped in on any release -- i am willing to be proven wrong in terms of the power of "yellow"
16:39:41 [Chapell]
sure
16:39:52 [efelten]
Shane, I was asking for a technical rationale. Repeating the claim is not a rationale.
16:40:01 [susanisrael]
peterswire: seeking traditional idea of people having assignments with date, let's say 2 weeks from alan and chris mejia
16:40:22 [susanisrael]
* i do think david singer was working on this as well and alex
16:40:43 [npdoty]
action: Mejia (with Alan Chapell) to draft text regarding browser education as discussed in Sunnyvale (Item 6 in Draft Framework, also in consensus action summary)
16:40:44 [trackbot]
Created ACTION-407 - (with Alan Chapell) to draft text regarding browser education as discussed in Sunnyvale (Item 6 in Draft Framework, also in consensus action summary) [on Chris Mejia - due 2013-05-29].
16:40:51 [susanisrael]
peterswire: going next to jonathan mayer's email. I hope it can be handled in a fruitful way despite his not being on.....
16:41:12 [WileyS]
Ed, the proposed steps I'm referencing are technical in nature (secret hash of IDs, replacing IP Address, cleansing URLs, removing side-data facts). I apologize if I'm missing what you're asking for.
16:41:19 [npdoty]
Topic: Issue Cleanup
16:41:34 [paulohm]
Shane, just curious: Is a URL "side data" to be scrubbed?
16:41:35 [rvaneijk]
can someone paste the link to jonathan's email please?
16:41:39 [Chris_IAB]
Oxymoron?
16:41:50 [WileyS]
Paul, yes, the URL must be scrubbed.
16:41:56 [susanisrael]
.....we have proposed set of issues that yianni and nick sent to group and one set of comments/concerns came from jonathan.....so thanks to yianni for writing this up while i teach in the summer......legal ethics of washington lawyering....
16:42:00 [moneill2]
moneill2 has joined #dnt
16:42:02 [paulohm]
Shane, not just "cleansed" but deleted altogether?
16:42:16 [dwainberg]
q+
16:42:18 [dan_auerbach]
q+
16:42:33 [Zakim]
+[IPcaller]
16:42:37 [WileyS]
Paul, no - cleansing finds the middle ground of removing re-identification risk and maintain utlitiy in remaining data.
16:42:40 [npdoty]
email from jmayer on issue cleanup: http://lists.w3.org/Archives/Public/public-tracking/2013May/0092.html
16:42:44 [moneill2]
zakim, [IPCaller] is me
16:42:44 [Zakim]
+moneill2; got it
16:42:53 [peterswire]
q+
16:43:01 [npdoty]
ack dan_auerbach
16:43:04 [susanisrael]
....first item was fraud prevention, item 24.......mozilla/eff proposal had more detail re: fraud prevention but we haven't had formal reaching of consensus on different approaches, and we have 2 diff ideas, could put it into pending review
16:43:36 [WileyS]
Paul and Dan, I concede that deleting all data is the safest approach to de-identification. Can we please stop repeating that mantra?
16:43:41 [paulohm]
Shane, because doesn't any user who knows a single URL they've visited + date + time become an adversary who can then reID all of their rows in the data?
16:43:42 [jchester2]
I agree with Dan. No pending review now.
16:43:44 [susanisrael]
dan auerbach: just wanted to follow up on security cleanup, i agree with jonathan that this should not go to pending reivew yet. think we need to agree on how narrow this should be....
16:44:04 [npdoty]
yes, I think both security and fraud are covered by 24 right now
16:44:09 [tlr]
issue-24?
16:44:09 [trackbot]
ISSUE-24 -- Possible exemption for fraud detection and defense -- open
16:44:09 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/24
16:44:21 [Chris_IAB]
q+
16:44:25 [susanisrael]
peterswire, this strengthens my recollection that security and fraud are under the same issue. Right? so i think there are at least 2 proposals
16:44:56 [susanisrael]
davidwainberg: i thought we had consensus at some point that we should not use term fraud bc of the way the term is used in ad industry
16:45:11 [tlr]
q+
16:45:14 [npdoty]
does someone want to take an action item if you don't want to move to pending review?
16:45:16 [WileyS]
Paul, if I know my browsing history (I'm the only one who knows those details) and I view a de-identified record set to the point I'm able to recognize my own browsing history - no new knowledge has been gained. What privacy harm has occured in that outcome?
16:45:17 [tlr]
ack dwainb
16:45:19 [susanisrael]
*I remember this same thing as david and think it preceded peter's joining
16:45:20 [Zakim]
-jeffwilson
16:45:31 [fielding]
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#security
16:45:33 [npdoty]
q+
16:45:35 [tlr]
ack thomas
16:45:44 [fielding]
The language is in the editor's draft already
16:45:45 [susanisrael]
dwainberg: nick,and justin and i had thread on this but it dropped?
16:45:52 [Chris_IAB]
dwainberg, "disingenuous traffic" instead of fraud
16:46:23 [npdoty]
current text includes "fraudulent" but also other categories, like "malicious activity"
16:46:25 [susanisrael]
npdoty: i do think david and justin and i had a discussion on list. I had issues with "invalid" but was wordsmithing, but i think text now captures david's intention.......
16:46:31 [peterswire]
q?
16:46:33 [tlr]
q+
16:46:35 [tlr]
ack peter
16:46:37 [npdoty]
q-
16:46:40 [npdoty]
ack Chris_IAB
16:46:41 [susanisrael]
peterswire: david can you review text and report to group....
16:47:35 [dan_auerbach]
q?
16:47:42 [susanisrael]
chris_iab: i remember conversation david refers to and think it was before you joined. at iab we tend to refer to the kind of traffic that may be called fraudulent as "disingenuous"....security and fraud not always related....
16:47:55 [fielding]
we are only talking about data collection permissions, not about all security
16:47:57 [npdoty]
personally, "disingenuous" is a new one for me, but I would prefer it over "invalid" which would seem to encompass a wider range of unintentionally incorrect traffic
16:48:01 [dan_auerbach]
q+
16:48:09 [paulohm]
Shane, I think it can be done with a single URL (+date +time). You don't need a "history." So it's something an adversary can know about a lot of people other than just himself or herself. I'm just confused about why you think the risk of ReID is so low.
16:48:13 [tlr]
+1 to Nick
16:48:14 [susanisrael]
peterswire: when john callas first addressed group he thought security terms made sense, does that part of it work
16:48:42 [peterswire]
q?
16:48:46 [dan_auerbach]
Chris, that'd be fantastic!
16:49:02 [susanisrael]
chris_iab: with respect to john callas, he may not have protected a publisher, we do that and though it's hard maybe i can bring in a speaker....
16:49:02 [WileyS]
Paul, please explain how knowing your own records in a data set helps you re-identify other records in the same dataset?
16:49:05 [npdoty]
ack dan_auerbach
16:49:13 [CraigSpiezle]
Chris - happy to help on the security side vs fraud
16:49:31 [susanisrael]
dan auerbach: i think it would be fantastic chris if you could wrangle a speaker to discuss details
16:49:49 [peterswire]
q?
16:50:10 [susanisrael]
chris_iab: they don't usually discuss details, but can look at definitions, and talk at a macro level, won't open kimono on everything they do at major publishers.....
16:50:50 [paulohm]
Shane, I'm assuming you want to keep a pseudonym that relates rows in the table as belonging to the same person. If you're throwing all such pseudonyms away, that's really great, and I am closer to agreeing with your claim.
16:51:13 [susanisrael]
dan auerbach: having worked in industry and been on front lines, i think that if opening kimono completely might be off table, they might be able to give some detail, and we could also tighten those defs and get language tighter, separate security and fraud......
16:51:53 [susanisrael]
peterswire: heard helpful raising of hands from david wainberg, chris mejia, dan so i would be inclined to give david the pen. would that take week or 2 weeks david?
16:51:54 [vinay]
vinay has joined #dnt
16:52:03 [susanisrael]
dwainberg: should be quick, can do next week
16:52:12 [npdoty]
action: wainberg to review security/fraud text (with chris mejia and dan auerbach)
16:52:13 [trackbot]
Created ACTION-408 - Review security/fraud text (with chris mejia and dan auerbach) [on David Wainberg - due 2013-05-29].
16:52:18 [fielding]
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#security
16:52:19 [susanisrael]
peterswire: can also look at separating security/fraud words
16:52:50 [npdoty]
action-408: related to issue-24
16:52:50 [trackbot]
Notes added to ACTION-408 Review security/fraud text (with chris mejia and dan auerbach).
16:53:12 [fielding]
which action was that?
16:53:28 [fielding]
… the action that tlr is talking about?
16:53:28 [susanisrael]
tlr: a few ancient action items pending review dealing with graduated response. were on ian fette, [? someone else?] and maybe shane. Does anyone know if this is still a live topic? should we start from clean slate or use text from last october or nov.....
16:53:30 [npdoty]
http://www.w3.org/2011/tracking-protection/track/actions/279
16:53:34 [npdoty]
... among others
16:53:40 [susanisrael]
....if clean slate, let's close action items....
16:53:53 [sidstamm]
apologies, all, I have to leave early for another commitment.
16:53:57 [Zakim]
-[Mozilla]
16:54:05 [susanisrael]
tlr: my preference is to close. can look at same substance in new way.....
16:54:05 [fielding]
+1 to deleting the sentence on graduated response.
16:54:24 [npdoty]
I would be happy to ask the editors to integrate proposed text (a definition from Ian) as they find helpful
16:54:46 [peterswire]
q?
16:54:47 [dan_auerbach]
I need a chance to look
16:54:49 [fielding]
Ian's text is at http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0506.html
16:54:51 [dan_auerbach]
before coming to an opinion
16:54:53 [susanisrael]
peterswire: maybe nick and yianni and i can pull together and ask people on list what their view is. ok? that way not prejudging......
16:55:21 [npdoty]
action: doty to circulate (with yianni, tlr, peter) regarding "graduated response" and old actions
16:55:21 [trackbot]
Created ACTION-409 - Circulate (with yianni, tlr, peter) regarding "graduated response" and old actions [on Nick Doty - due 2013-05-29].
16:55:25 [tlr]
trackbot, link action-408 to issue-24
16:55:25 [trackbot]
ACTION-408 (Review security/fraud text (with chris mejia and dan auerbach)) associated with ISSUE-24.
16:55:25 [WileyS]
Paul, records would maintain a persistent identifier for a period of time in the de-identified state. Those identifiers don't represent anything in the real-world so I'm still struggling with how that helps you re-identify a record outside of those that you have detailed copy of the fact in a raw form through some other source. Is that what you're suggesting here? Could you please provide a
16:55:26 [WileyS]
real-world example of how this would occur? Thank you.
16:55:49 [fielding]
+1 also to adopting Ian's text on graduated response
16:55:57 [Zakim]
-Thomas
16:56:03 [susanisrael]
peterswire: next on jmayer email had to do with issues 191 and 188 re: normative and nonnormative language re: de-identification.....had concerns re merging....staff thought we could work on both together. dan do you have aview?
16:56:10 [WileyS]
I don't believe graduated response works in the real-world
16:56:22 [paulohm]
Shane, since we're talking about something the call moved off 20 minutes ago, should we maybe take it offline? I'm happy to have a quick call about this later today. I think it can be a very quick call.
16:56:29 [WileyS]
We already debunked the idea of adding new cookies during the Security discussion at the F2F
16:56:32 [efelten]
Shane, as one example, the AOL data set contained user identifiers that were completely dissociated from any real-world identifier.
16:56:36 [efelten]
Same with the Netflix dataset.
16:56:41 [efelten]
Among others.
16:56:45 [susanisrael]
dan auerbach: no strong view but might have to look back at text, but suggest we heed jonathan's request not to merge if he had a concern....
16:56:47 [WileyS]
Ed, the search terms were not cleansed. Next...
16:57:30 [npdoty]
q+
16:57:43 [susanisrael]
peterswire: next a whole bunch of issues that go to user consent. Some had no action items and no texts, if there is a way to flag dependencies that might be helpful.....
16:57:48 [Chris_IAB]
combining issues, to narrow our work scope, seems like a good idea
16:57:57 [Chris_IAB]
gotta start working to an end, right?
16:58:02 [WileyS]
Ed and Paul, happy to take you through each of the public examples and point out how simple fact cleansing would have removed the risk.
16:58:08 [Zakim]
-dwainberg
16:58:09 [peterswire]
q?
16:58:14 [npdoty]
q-
16:58:14 [npdoty]
q- Thomas
16:58:19 [susanisrael]
npdoty: issue tracker does not have formal note for dependencies, but can add links back to others, narrowing down issues and flagging interdependencies......
16:58:33 [efelten]
Shane, agree that experience shows it is easy to think your data is safe to release when it's not.
16:58:45 [npdoty]
from peter, regarding 132, narrow those down, and just make sure we have links back to the "super issue"
16:58:49 [efelten]
Question is what rationale you have for thinking that your method leaves data safe to release.
16:58:55 [peterswire]
q?
16:59:03 [Chris_IAB]
npdoty, can you post the current issue being discussed?
16:59:09 [susanisrael]
peterswire: issue 184 re: 1st and 3rd parties.......whether website can condition access to website on consent to tracking. This issue has not come up since i have been chair though i am familiar with it in other settings.
16:59:16 [npdoty]
issue-184?
16:59:16 [trackbot]
ISSUE-184 -- 3rd party dependencies in 1st party content -- raised
16:59:16 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/184
16:59:34 [peterswire]
q?
16:59:41 [npdoty]
does anyone want to take an action?
16:59:43 [jchester2]
We need to hear from Walter. q
16:59:48 [jchester2]
unmute me
16:59:55 [jchester2]
zakim, unmute me
16:59:55 [Zakim]
jchester2 should no longer be muted
17:00:03 [peterswire]
q?
17:00:09 [susanisrael]
....is this issue live? i think people are looking at it right now. I am not seeing anyone asking to take an action item or go live, so i suggest moving it to pending review and putting it on list with note that we did not get any live proposals
17:00:14 [WileyS]
Ed, it depends on the details of the record set in question. If I send you a list of anonymized IDs and cleansed URLs with a noisy date/time stamp. Do you feel you can reverse engineer that to real people? Would love to understand how you think that is possible.
17:00:15 [Zakim]
+dwainberg
17:00:22 [Zakim]
-vincent
17:00:30 [dwainber_]
dwainber_ has joined #dnt
17:00:34 [peterswire]
q?
17:00:36 [jchester2]
zakim, mute me
17:00:36 [Zakim]
jchester2 should now be muted
17:00:41 [susanisrael]
jeffchester: i think we need to check with Walter first, it was his proposal
17:00:42 [paulohm]
Shane: (1) any first party with an apache access.log will know URLs (+date + time) for users; (2) any person who shares a computer with somebody else can extract URLs (+date + time) for other users; (3) any FBI agent who seizes a computer or an access.log file can do the same; (4) any person sitting in a cafe using unsecured wifi and a packet sniffer can get URLs. Given the low entropy of date/time, all of these people can probably match even against scrubbe[CUT]
17:00:44 [npdoty]
we gave an alert when we announced issue reviews on the call last week, and an email with issue resolutions a week ago
17:00:49 [dan_auerbach]
As a general procedural point, the process of moving things forward shouldn't require sustained objections
17:00:55 [susanisrael]
peterswire: fine. will do that before moving to pending review
17:00:58 [dan_auerbach]
that puts undue burden on participants with fewer resources
17:01:17 [peterswire]
q?
17:01:18 [efelten]
URL histories also tend to have high entropy, even if scrubbed.
17:01:20 [npdoty]
action: peter to review issue-184 with Walter and Rob before merging/pending review
17:01:20 [trackbot]
'peter' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., pkosmala, peterswire).
17:01:29 [susanisrael]
peterswire: issue 16, collection: has to do with transient retention, has to do with a permitted use for short term collection
17:01:30 [npdoty]
action: swire to review issue-184 with Walter and Rob before merging/pending review
17:01:30 [trackbot]
Created ACTION-410 - Review issue-184 with Walter and Rob before merging/pending review [on Peter Swire - due 2013-05-29].
17:01:32 [Chris_IAB]
npdoty, can you post the link to issue 16 please, being discussed now?
17:01:42 [tlr]
trackbot, associate acton-410 with issue-184
17:01:42 [trackbot]
Sorry, tlr, I don't understand 'trackbot, associate acton-410 with issue-184'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.
17:01:44 [npdoty]
issue-16?
17:01:44 [trackbot]
ISSUE-16 -- What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) -- open
17:01:44 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/16
17:01:46 [ninjamarnau]
ninjamarnau has joined #dnt
17:01:46 [susanisrael]
q+
17:01:52 [tlr]
trackbot, link action-410 to issue-184
17:01:52 [trackbot]
ACTION-410 (Review issue-184 with Walter and Rob before merging/pending review) associated with ISSUE-184.
17:02:10 [Chris_IAB]
q+
17:02:16 [npdoty]
issue-134?
17:02:16 [trackbot]
ISSUE-134 -- Would we additionally permit logs that are retained for a short enough period? -- open
17:02:16 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/134
17:03:11 [npdoty]
ack susanisrael
17:03:13 [npdoty]
ack Chris_IAB
17:03:43 [susanisrael]
chris_iab: looks like what we were trying to do is create a use for transient data.....I have heard people say we should not collect data. this is impossible, since we need data to respond to request, but you can limit retention period......
17:03:44 [rvaneijk]
issue-184?
17:03:44 [trackbot]
ISSUE-184 -- 3rd party dependencies in 1st party content -- raised
17:03:44 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/184
17:03:55 [peterswire]
q?
17:03:59 [susanisrael]
.....however this may go away if we go down de-identification path
17:04:12 [dan_auerbach]
q+
17:04:17 [susanisrael]
peterswire: so maybe put this into Thomas's data retention discussion
17:04:21 [WileyS]
Paul, agreed that external attacks need to occur to gain access to non-de-identified data that may be used to help reverse engineer a separate entities de-identified data. The approach is not without risk. Do you have an example of where this is occured with a dataset that was not shared publically? How real is this risk in the broader spectrum? We're debating absolute positions - when I fully
17:04:21 [WileyS]
concede this approach comes with some risk and needs to be bolstered by operational and administrative controls. Happy to state DNT:1 de-identified records are not allowed to be shared publically.
17:04:25 [npdoty]
ack dan_auerbach
17:04:28 [WileyS]
Ed, disagree - depends on the cleansing approach taken.
17:04:36 [susanisrael]
dan auerbach: but not moving to pending review, right?
17:04:38 [Chapell]
Chapell has joined #DNT
17:04:41 [Zakim]
-[FTC]
17:04:52 [susanisrael]
peterswire: correct, part of ongoing discussions on data retention
17:05:14 [npdoty]
peter: leave issue 16 open while discussions continue regarding data retention (which might address the "transient" part, which seemed the remaining open part of definitions)
17:05:20 [jchester2]
I agree with Jonathan
17:05:41 [paulohm]
Shane: Thanks for the concession. I didn't mean to be taking a vote in the "technical" versus "administrative" deidentification debate. I was just responding to your strong claims of confidence about surviving public release. If you're retracting that, I'm backing off too.
17:05:43 [WileyS]
+q
17:05:44 [Chris_IAB]
can someone please post what JM wrote?
17:05:51 [Chris_IAB]
post here, I mean
17:05:51 [rvaneijk]
WileyS, the linkability aspect can not be overlooked, it is not just about external risk for reverse engineering a hash
17:05:59 [susanisrael]
peterswire: issue 10: has to do with issue of first party definition. jonathan says there was supposed to be a trade that never happened. what do people remember?
17:06:07 [npdoty]
jmayer's email: http://lists.w3.org/Archives/Public/public-tracking/2013May/0092.html
17:06:16 [jchester2]
+q
17:06:17 [Chris_IAB]
npdoty, thanks :)
17:06:23 [jchester2]
zakim, unmute me
17:06:23 [Zakim]
jchester2 should no longer be muted
17:06:30 [npdoty]
ack WileyS
17:06:54 [susanisrael]
wileys: jonathan's memory accurate. talked about strict defs of first party originally then moved to similar url, then to daa def of affiliated websites...and this was part of proposal concession process......
17:07:34 [susanisrael]
.....the advocate proposal conceded this as part of a trade but they reserved right to pull back if they didn't get other concessions across the board.....
17:07:50 [npdoty]
if we want to avoid closing the issue until we have that agreement, that sounds fine (and compatible with the proposed pending review status)
17:08:00 [peterswire]
q?
17:08:07 [susanisrael]
jeffchester: think wileys described this accurately. I think this was wrapping up when this was happening.....
17:08:14 [dan_auerbach]
I know the history: Shane is right on point
17:08:22 [npdoty]
ack jchester
17:08:38 [WileyS]
Rob, disagree - we've already reached the EU Legal bar of "likely reasonable" for non-re-identification.
17:08:40 [efelten]
Shane, here is some data on entropy of URL histories: http://petsymposium.org/2012/papers/hotpets12-4-johnny.pdf
17:08:40 [npdoty]
q+
17:08:44 [fielding]
And I should point out that I disagree with both sides regarding what should be defined as party, first party, and third party, since the way they are defined has nothing to do with reality of user expectations regarding intentional use of websites.
17:08:45 [WileyS]
+q
17:08:47 [jchester2]
zakim, mute me
17:08:47 [Zakim]
jchester2 should now be muted
17:08:50 [susanisrael]
....were willing to discuss responsibility of first parties in context of broader dnt standard and i have not conceded that first parties are exempt from dnt......
17:09:16 [dan_auerbach]
q+
17:09:22 [jchester2]
I move we keep it open for now, so the advocates can discuss how to address
17:09:25 [npdoty]
ack npdoty
17:09:26 [jchester2]
+q
17:09:26 [npdoty]
ack WileyS
17:09:44 [susanisrael]
npdoty: i think i understand shane's and jeff's views but suggest moving to pending review, which is intended for situation where we have text but have not reached consensus.....
17:09:55 [jchester2]
zakim, unmute me
17:09:55 [Zakim]
jchester2 should no longer be muted
17:10:31 [npdoty]
ack dan_auerbach
17:10:33 [dwainber_]
q+
17:10:33 [susanisrael]
wileys: i think we did agree that first and third parties would be treated differently because people understand they are interacting with a first party. scope of definition then became the issue
17:10:50 [npdoty]
Zakim, who is making noise?
17:10:53 [WileyS]
Ed, thank you for the link - I'll definitely read this.
17:11:00 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: dwainberg (12%), jchester2 (30%)
17:11:23 [susanisrael]
dan auerbach: my understanding of pending review was like the new "closed" so i feel strongly that if there is an objection it should not get steamrolled...so I am hesitant to move these things to pending review......
17:11:26 [ChrisPedigoOPA]
q+
17:11:47 [dwainberg]
q-
17:11:54 [npdoty]
q- dwain
17:11:55 [susanisrael]
....ok if there will be an opportunity to object to things in pending review
17:12:04 [kulick]
kulick has left #dnt
17:12:09 [kulick]
kulick has joined #dnt
17:12:23 [peterswire]
q?
17:12:26 [npdoty]
dan wants to make it clear that issues can be objected to before we move to closed, without any prejudice
17:12:32 [susanisrael]
peterswire: one reason we are not using closed is that i realized how hard it is to get to agreement on these issues
17:12:32 [npdoty]
(which I'm fine with)
17:13:07 [susanisrael]
jeffchester: shouldn't move things to pending review before we (advocates?) move things to pending review.....
17:13:21 [susanisrael]
....i will convene call with colleagues.....
17:13:42 [jchester2]
zakim, mute me
17:13:42 [Zakim]
jchester2 should now be muted
17:14:26 [susanisrael]
chris pedigo: want to echo what shane said. Group really has agreed that first parties should be treated differently from third parties......re: affiliates I understand Jeff's perspective that this may be open
17:14:54 [peterswire]
q?
17:15:05 [jchester2]
-q
17:15:10 [susanisrael]
......but this has been unchanged for a long time, and we need to move things to the parking lot now
17:15:15 [npdoty]
ack ChrisPedigoOPA
17:15:47 [jchester2]
at least we will have another lawyer in the room by next week!
17:15:47 [susanisrael]
peterswire: i have heard request from jeff to wait a week. Hearing stability but one week delay requested, I'm willing to wait a week.....
17:15:52 [npdoty]
action: chester to review action-10 on first party text before moving to pending review
17:15:52 [trackbot]
Created ACTION-411 - Review action-10 on first party text before moving to pending review [on Jeffrey Chester - due 2013-05-29].
17:16:23 [susanisrael]
peterswire: that completes list of issues jonathan sent in about issue mergers etc. In agenda there are proposed closed and narrowed issues at bottom. .....
17:16:39 [npdoty]
I would ask that we not only discuss this on the calls, or we can extend out a week continuously
17:17:01 [Zakim]
-Peder_Magee
17:17:08 [peterswire]
q?
17:17:22 [susanisrael]
first is issue 60, will a recipient know if 1st or 3d party, 102, short names and specs, 157 charter. I propose to send these to list with request for objections to closing.....
17:17:22 [npdoty]
any objection to closing the very few issues to close?
17:17:46 [npdoty]
issue 60, 157, 102
17:17:56 [susanisrael]
there is also a proposed narrowed issue on minimization. If this was in Jonathan's email i did not skip it in person.......
17:17:58 [npdoty]
peter will send one final email about closing those issues
17:18:44 [susanisrael]
one issue addressed in sunnyvale was (in addition to disclosure of retention periods per tlr group) also should there be firm retention limits......
17:18:53 [fielding]
issue-31?
17:18:53 [trackbot]
ISSUE-31 -- Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions) -- open
17:18:53 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/31
17:19:23 [peterswire]
q?
17:19:32 [dan_auerbach]
q+
17:19:34 [adrianba]
how many of the proposed issue closing mails have been sent to public-tracking-announce?
17:19:40 [susanisrael]
the language in janathan's email did not, I think, neutrally capture this, but I think the general minimization principle could go into pending review and i am inclined to open new issue on whether there should be firm retention limits.
17:20:26 [susanisrael]
dan auerbach: in jonathan's email he said "how stringent is global standard" so please wait a week for me to review....
17:20:33 [npdoty]
dan or others, is there anything we can do to provide additional confidence that pending review is not closed?
17:20:39 [npdoty]
ack dan_auerbach
17:20:51 [rvaneijk]
Their should be firm requirement for transparency on data retention per permitted use
17:21:03 [susanisrael]
peterswire: we are attempting to clarify where things are rather than surprising people, but we'll wait a week on issue 31 and create a new retention issue as discussed in f2f.......
17:21:07 [peterswire]
q?
17:21:10 [WileyS]
+ to Rob - we've already agreed to that
17:21:11 [dan_auerbach]
Nick, I think more clarity around the process of how to get to last call given areas of disagreement would go a long way
17:21:13 [Zakim]
-samsilberman
17:21:14 [npdoty]
wait a week before moving on issue-31, and create new issue regarding minimization or heightened transparency regarding going beyond certain retention limits
17:21:17 [fielding]
If we are going to continue with this level of pushback, then I will ask the chairs to abandon this notion of STABLE and just formally close all issues according to normal W3C process. We do not need consensus to close.
17:21:46 [Zakim]
-mecallahan
17:21:47 [npdoty]
dan_auerbach, I will do anything I can to do that
17:21:48 [Zakim]
-Chris_Pedigo
17:21:49 [Zakim]
-peterswire
17:21:50 [Zakim]
-ninjamarnau
17:21:50 [Zakim]
-RichardWeaver
17:21:51 [Zakim]
-kulick
17:21:51 [Zakim]
-Wendy
17:21:52 [Zakim]
-moneill2
17:21:54 [Zakim]
-dwainberg
17:21:54 [Zakim]
-paulohm
17:21:55 [Zakim]
-hefferjr
17:21:55 [Zakim]
-Yianni
17:21:56 [Zakim]
-efelten
17:21:57 [Zakim]
-schunter
17:21:58 [Zakim]
-hwest
17:21:58 [Zakim]
-WaltMichel_Comcast
17:22:00 [kulick]
kulick has left #dnt
17:22:00 [Zakim]
-jchester2
17:22:00 [Zakim]
-dan_auerbach
17:22:01 [Zakim]
-Craig_Spiezle
17:22:01 [Zakim]
-Mike_Zaneis
17:22:03 [Zakim]
-adrianba
17:22:04 [susanisrael]
....there were no other comments on issue clarification. any other comments? [none] Goal was to get clarity and narrow the list of things that should get our attention......
17:22:04 [Zakim]
-Fielding
17:22:06 [phildpearce]
On the AVG user-expression override example... AVG also overrides the document.referral from google.com/?q=keyword to avg.com/?q=keyword when a user comes from organic search (in addition to inserting DNT=1) meaning that two changes are exposed in the DOM, increasing the chance that a server might use these 2 elements to differentiate tracking behaviour for AVG users vs other DNT=1 users.
17:22:06 [npdoty]
... spending several weeks on moving issues to pending review is not a path to anything, certainly not to Last Call
17:22:15 [phildpearce]
Invalid click Expert suggestion: Dr Alexander Tuzhilin. http://www.businesswire.com/news/home/20090909005127/en/Search-Advertising-Fraud-Prevention-Expert-Joins-Click
17:22:21 [Zakim]
-[Microsoft]
17:22:23 [phildpearce]
On the user-education piece here is a collection of useful videos: http://www.youtube.com/watch?v=A6fV2v7LLPo&list=PL45AABD8BB96D3785&index=4
17:22:30 [Zakim]
-BerinSzoka
17:22:38 [Zakim]
-Chris_IAB
17:22:39 [npdoty]
Zakim, list attendees
17:22:39 [Zakim]
As of this point the attendees have been schunter, efelten, npdoty, Thomas, Yianni, Chris_IAB, RichardWeaver, kulick, Fielding, jchester2, phildpearce, Peder_Magee,
17:22:39 [Zakim]
... +1.415.436.aaaa, +1.781.482.aabb, Chris_Pedigo, +1.212.231.aacc, paulohm, +1.301.365.aadd, Craig_Spiezle, +49.431.98.aaee, ninjamarnau, vinay, peterswire, samsilberman,
17:22:42 [Zakim]
... sidstamm, hefferjr, vincent, WileyS, +1.202.787.aaff, BerinSzoka, +1.202.344.aagg, [Microsoft], Lmastria_DAA, Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast,
17:22:42 [Zakim]
... jeffwilson, dwainberg, Mike_Zaneis, hwest, dan_auerbach, moneill2, +1.202.787.aahh
17:22:45 [Zakim]
-npdoty
17:22:49 [npdoty]
rrsagent, please draft the minutes
17:22:49 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/05/22-dnt-minutes.html npdoty
17:25:30 [Zakim]
-phildpearce
17:27:30 [npdoty]
dan_auerbach, can I give you an action to do the reviews you wanted one more week to do on issue-31 / minimization?
17:27:40 [npdoty]
Zakim, bye
17:27:40 [Zakim]
leaving. As of this point the attendees were schunter, efelten, npdoty, Thomas, Yianni, Chris_IAB, RichardWeaver, kulick, Fielding, jchester2, phildpearce, Peder_Magee,
17:27:40 [Zakim]
Zakim has left #dnt
17:27:42 [npdoty]
rrsagent, bye
17:27:42 [RRSAgent]
I see 8 open action items saved in http://www.w3.org/2013/05/22-dnt-actions.rdf :
17:27:42 [RRSAgent]
ACTION: van eijk to propose a new set of names around red-yellow-green de-identification [1]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-36-57
17:27:42 [RRSAgent]
ACTION: rvaneijk to porpose a new set of names around yellow state [2]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-37-31
17:27:42 [RRSAgent]
ACTION: Mejia (with Alan Chapell) to draft text regarding browser education as discussed in Sunnyvale (Item 6 in Draft Framework, also in consensus action summary) [3]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-40-43
17:27:42 [RRSAgent]
ACTION: wainberg to review security/fraud text (with chris mejia and dan auerbach) [4]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-52-12
17:27:42 [RRSAgent]
ACTION: doty to circulate (with yianni, tlr, peter) regarding "graduated response" and old actions [5]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-55-21
17:27:42 [RRSAgent]
ACTION: peter to review issue-184 with Walter and Rob before merging/pending review [6]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T17-01-20
17:27:42 [RRSAgent]
ACTION: swire to review issue-184 with Walter and Rob before merging/pending review [7]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T17-01-30
17:27:42 [RRSAgent]
ACTION: chester to review action-10 on first party text before moving to pending review [8]
17:27:42 [RRSAgent]
recorded in http://www.w3.org/2013/05/22-dnt-irc#T17-15-52
17:27:43 [Zakim]
... +1.415.436.aaaa, +1.781.482.aabb, Chris_Pedigo, +1.212.231.aacc, paulohm, +1.301.365.aadd, Craig_Spiezle, +49.431.98.aaee, ninjamarnau, vinay, peterswire, samsilberman,
17:27:43 [Zakim]
... sidstamm, hefferjr, vincent, WileyS, +1.202.787.aaff, BerinSzoka, +1.202.344.aagg, [Microsoft], Lmastria_DAA, Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast,
17:27:43 [Zakim]
... jeffwilson, dwainberg, Mike_Zaneis, hwest, dan_auerbach, moneill2, +1.202.787.aahh